← @kwm Twitter archive

Keith

@kwm

Throwing endpoint telemetry at your SOC is going to require much more than new SIEM fields and correlation rules.

7/31/2015, 8:13:33 AM

Favs: 0

Retweets: 0

Keith

@kwm

Even verbose log sources send a low pct of raw events. Endpoint telemetry flips this model, sending a high pct of all activity.

7/31/2015, 8:19:01 AM

Favs: 0

Retweets: 0

Keith

@kwm

Analysts need more than new data models to handle endpoint telemetry. New approach to contextualization, reimagined feedback mechanisms.

7/31/2015, 8:50:56 AM

Favs: 0

Retweets: 0