The first in a series of three blogs by Grant and Jason on the process of identifying actionable insights.
A couple of weeks ago we discussed the process security operations teams go through to separate the signal from the noise. We reviewed the steps that McAfee has undertaken in designing its Security Fusion Centers to identify the signals in our own operating environment. Getting the basics of security operations right, understanding our security architecture, and carefully assessing priorities and risk are all vital to honing in on the signals.
But what if even the signals can overwhelm? How do we get security operations out of the slow lane? How do we get to the intelligence — the insights — that lead to decisions?
A study of 500 CISOs from large enterprises across the USA, UK, and Germany, published by Bromium in February, found that the average enterprise-sized security operations center (SOC) receives 4,146 alerts every single day. Now more than 70 percent of those – about 2,900 – are actually false positives. But that still leaves more than 1,200 alerts to investigate on a daily basis. Additionally, from our internal view, we believe that 95% of signals are false positives.
What is needed is a way to narrow the lens aperture and focus on the critical data set that generates accurate signals that are demanding decisions now. As we seem to do repeatedly, the cybersecurity industry takes its cue from the military, which have tackled this problem before.
The post Identifying insights that lead to decisions appeared first on McAfee Blogs.
Article Link: https://securingtomorrow.mcafee.com/business/optimize-operations/identifying-insights-lead-decisions/