From: DarkReading
New category of technology promises to aggregate all threat intelligence feeds and help security teams find the attacks that could cause the most damage
At the headquarters of a major bank in New York, a team of IT security specialists is poring over reams of data. They’ve just received word that there’s a new online banking exploit in the wild, and they’re working against the clock to figure out what the attack looks like – and whether it has breached their defenses. At this moment, though, their enemy isn’t a hacker. It’s the dozens of disparate, uncoordinated data feeds that might contain information about the new threat – but can only be scanned manually.
Every day, security operations center (SOC) staffs in all types of industries and geographies are faced with scenarios similar to this one. They’ve subscribed to many different threat intelligence feeds that promise insight on the latest attacks — but now they’ve got so much data that identifying and correlating information about a single attack is like finding a needle in a haystack. And if they don’t find the key threat data they need, they could leave their organizations open to a damaging attack.
Leave a Reply