McAfee Is Identifying Various Insights That Lead To Decisions


A couple of weeks ago we discussed the process several security operations teams go through to ultimately separate the network signal from the noise. We reviewed the steps that McAfee technologies have undertaken in designing its Fusion Centers of Security to identify the network signals in our own operating environment. Getting right the basics of security operations, understanding our security architecture, and carefully assessing many priorities and risk are all vital to honing in on the network signals.
But what if even the network signals can overwhelm? How do we get security operations out of the slow lane? How do we generally get to the intelligence — the insights — that lead to final decisions?
A study of 500 CISOs from large enterprises across the UK, USA, and Germany, published by Bromium in the month of February, found that the average security operations center (SOC) that are enterprise-sized, receives 4,146 alerts, each and every single day. Now more than 70 percent of those – about 2,900 – are actually false positives. But that actually leaves more than 1,200 alerts to investigate on a regular basis. Additionally, from our internal view, we believe that 95% of network signals are false positives.
What is required is a way to narrow the lens focus and aperture on the critical data set that generates accurate network signals that are demanding various decisions now. As we seem to do quite repeatedly, the industry of cybersecurity takes its cue from the military, which has tackled this issue before.
This particular chart, published by the U.S. Joint Chiefs of Staff in the year of 2013, describes the entire process by which data is collected from the operating environment and is then distributed and processed in a consumable manner as data and information. That data and information are then analyzed in the context of other potentially related information and presented as intelligence. Intelligence, by design, is actually an insight that may be acted upon.
In the field of cybersecurity, the processing and collection actions are typically automated through several tools like SIEM correlation engines, event receivers, and endpoint detection and various response (EDR) systems. The analysis phase, however, has been nearly exclusively the expert domain of human analysts, because data is often lacking or incomplete context.
How to get these partial data and information sets to paint the full picture is the trick. We are often dealing with data that is quite dirty. Complexity is compounded when partial data sets are used to make decisions of a complex security. Doing the data wrangling to tell a story that predicts or estimates an outcome has been, until very recently, too much complex for machines to manage.
Complexity is generally simplified when the complete picture and data set are being captured. This is the toughest task in machine learning as we often capture data that cannot be used, data that is quite valuable but not used, and data that is used just partially.
Painting the entire picture by identifying relevant clues and patterns from previous analysis is a complex process which consists of a reinforcing loop of information and education. Learning to spot the most relevant signal needs a teacher and an apt pupil. We will have a look at that team in our next blog or article.
McAfee technologies benefits and features depend on system configuration and may need enabled software, hardware, or service activation. You can learn more at McAfee.com/Activate. No computer system can be absolutely safe and secure.
Robert Williams is a self-professed security expert; he has been making the people aware of the security threats. His passion is to write about Cybersecurity, malware, social engineering, Games,internet and new media. He writes for mcafee products at mcafee.com/activate or  www.mcafee.com/activate

Comments

Post a Comment

Popular posts from this blog

Easy Ways to Resolve the Microsoft Office Error Code 30182-39

Image
Microsoft office is a versatile software that provides solutions for computing tasks. It includes a variety of packages, including excel PowerPoint and word, to name a few. This software allows one to make a presentation, sort data out and create useful reports and blogs. Microsoft  office.com/setup  is used by several companies of all sizes across the globe and also used by countless personal users for accomplishing the tasks in a fast and swift manner. There are a few issues that occur related to the functioning of the software package such as the office error code 30182-39 that can be fixed by following the guidelines below. Updating the windows Non-installation of the latest updates can impact your system’s functioning and result in slow performance or sluggish interface. You must make sure you have downloaded fresh updates related to windows and install them. This way, you can minimize the chances of windows related errors that can cause interference in the functioning of t
Read more

Easy Ways to Fix the Error Code 51.10 of HP LaserJet P3015

HP is known for manufacturing the best printers in the world. Their printer units give a phenomenal image output, and scanners provide detailed resolutions. They have a broad customer base; however, the users sometimes face errors related to HP printers. One of these errors includes the HP LaserJet P3015 Error code 51.10. The company facilitates excellent  HP printer support  for users who face technical difficulties related to HP the printers and scanners.  You can follow the below-mentioned guidelines for troubleshooting this error code 51.10 effectively Begin with navigating to the menu of diagnostics. From there, you will require running the component test related to the motor of scanner/laser. You will need to inspect if you can hear the sound of rotation of the motor. If you can hear the sound, then the motor is working, but if you are unable to hear the sound of the motor, then you will require verifying that the connector named J1702 and also 1505 are in sync or connecte
Read more

Simple Methods For Resolving The Microsoft Office Error Code 30033-4

Image
Microsoft office is a praiseworthy software that allows the users to create detailed reports and analysis, not only that one can make amazing presentations using the powerpoint software that comes in the  office.com/setup  program. Some instances occur related to the errors while operating the Microsoft office. One of them is the error code 30033-4, which can be rectified easily by following the necessary steps. Restricting The Firewall For Some Time The firewall can interfere with the installation of new software, which can result in the   error code 30033-4 . It is best to limit the firewall functioning for some time to see if this is the reason why you see the error 30033-4. You can go to the start tab and then navigate to the section of systems and security after this; you can click on the firewall tab. This will open up the settings related to the firewall and here you can click on the option that says turn off the firewall. You should take note that this needs to be tur
Read more