Security Operations Centers

Security Operations Teams are overwhelmed with the never-ending flood of events and with context they need to gather from too many places.

To reduce the time analysts spend looking up contextual information, attempts are made to integrate it directly into the SIEM.  This becomes another never-ending problem of not enough development cycles and not enough screen real estate.  The last thing analysts want is another place to search or another dashboard to open—they already have 20+ browser tabs open and too many plugins.

Successful teams find the balance of integrating the critical context and relying on analyst intuition to decide the right rabbit holes to dive down.  The 86 billion neurons that support human intuition are not bad, but far from perfect.