Source |
Network World |
Identifiant |
295418 |
Date de publication |
2017-01-19 09:24:00 (vue: 2017-01-19 09:24:00) |
Titre |
Secdo automates alert investigation with preemptive incident response  |
Texte |
This column is available in a weekly newsletter called IT Best Practices. Â Click here to subscribe. Â
“We don't receive enough alerts in our security operations center,†said no security analyst ever. The fact is, most SOC teams are overwhelmed with security alerts and they must prioritize which ones to investigate. Many alerts are simply ignored for lack of resources, yet quite often after a data breach it turns out there was an alert pointing at the breach early on.
In the case of one prominent breach at a major retailer a few years ago, many sources report that a FireEye tool generated an alert confirming that malicious software showed up on a company system. Because so many of those particular alerts were false positives, it was ignored, which subsequently led to one of the largest and most costly retail data breaches in history.To read this article in full or to leave a comment, please click here |
Envoyé |
Oui |
Condensat |
after ago alert alerts analyst are article automates available because best breach breaches called case center click column comment company confirming costly data don early enough ever fact false fireeye full generated here history ignored incident investigate investigation lack largest leave led major malicious many most must newsletter often one ones operations out overwhelmed particular please pointing positives practices preemptive prioritize prominent quite read receive report resources response retail retailer said secdo security showed simply soc software sources subscribe subsequently system teams those tool turns weekly which years yet â click †“we |
Tags |
|
Stories |
|
Notes |
|
Move |
|