In many SOCs, log and device-based events are used to detect security threats. It has been shown for years that the accuracy of this information is often insufficient. The sheer quantity and the quality of the events make it difficult to focus on the really important/dangerous things. Appropriate visibility into the network provides additional context with which to enrich and optimize such information to make security analysts more effective. Our presentation would like to show which components are important and what results you can expect from them.
