Limited and isolated access to endpoint data, event logs and network traffic must be a relic of the past:
Data Fusion is a first-class citizen
Security operations must have flexible access to the full range of enterprise data to keep pace with the increasing number of “unagentable” and other operational enterprise devices, and emerging needs for data contextualization.
Attackers use plenty of evasion methods to make their activities look benign. Without taken a wide range of business data, not known to cyber criminals, as additional context into account, it is almost impossible to reveal masked activities.
Having this in mind, recent concepts of security data lakes have to be extended to the entire lake of enterprise data with all its feature drifts and changes of data.
SOC visibility triad must be extended
Instead of correlating the SOC visibility triad of agent events, logs and network traffic with threat intelligence feeds, it is about comparing and contrasting anomalies within flexible combinations of enterprise data with malicious “in-the-wild” activities.
Overcome myopic data lenses
Without a flexible data fusion layer, capable to connect & aggregate data of the full range of enterprise data with ease, security operations remain restricted to myopic data lenses.
PredictiveWorks. augments security operations and many other business operations with declarative AI solutions that can be built on demand without writing a single line of code.
Its solid foundation is a flexible point-and-click data fusion layer, based on Google’s CDAP.
PredictiveWorks. offers a data-centric and proactive approach to cyber defense that integrates into every data environment.
It is a code-free swiss knife to detect and identify malicious activities and signals in any combination of enterprise data.
Originally published by Dr. Stefan Krusche