Keith
@kwm
Throwing endpoint telemetry at your SOC is going to require much more than new SIEM fields and correlation rules.
7/31/2015, 7:13:33 AM
Favs: 0
Retweets: 0
link← @kwm Twitter archive
Keith
@kwm
Throwing endpoint telemetry at your SOC is going to require much more than new SIEM fields and correlation rules.
7/31/2015, 7:13:33 AM
Favs: 0
Retweets: 0
linkKeith
@kwm
Even verbose log sources send a low pct of raw events. Endpoint telemetry flips this model, sending a high pct of all activity.
7/31/2015, 7:19:01 AM
Favs: 0
Retweets: 0
linkKeith
@kwm
Analysts need more than new data models to handle endpoint telemetry. New approach to contextualization, reimagined feedback mechanisms.
7/31/2015, 7:50:56 AM
Favs: 0
Retweets: 0
link