THREAT DETECTION
A quick threat identification in due time is the key step within the security life cycle, especially taking into account the fact that actors learn how to attack organisations with an alarming speed. However, the complexity of multi-stage hidden attacks can hinder the detection. Advanced solutions for threat detections usually use the rules of correlation, context enrichment, entity analytics and other types of detection content in order to detect exploitation.
Main challenges:
1. False positive results
SOC analysts consider their profession difficult due to constant warnings and time wasted while investigating false positive results and high stakes circumstances, as well as low recovery rates.
2. Infinite adjustments
The detection rules are adapted for the network, the systems and the users and can require a significant amount of time necessary for creation, surveillance and filtering of warning definitions.
3. Lack of context
Detections can be accurate only if they are based on a relevant threat, network and data context, but a lot of the tools cannot be adapted to this level of correlation.
