article thumbnail

How to Measure Threat Detection Quality for an Organization?

Anton on Security

but also don’t expect questions… So, in recent weeks, I had a few simultaneous conversations with various people that focused on the quality of threat detection. Here I’m talking about the quality of the entire detection capability of an organization. A macro-level detection quality, if you would. Have fun with it anyhow!

article thumbnail

How to Measure Threat Detection Quality for an Organization?

Security Boulevard

So, in recent weeks, I had a few simultaneous conversations with various people that focused on the quality of threat detection. Here I’m talking about the quality of the entire detection capability of an organization. A macro-level detection quality, if you would. You may have got good coverage and bad detection.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Introducing continuous remote worker visibility and expanded data collection with Secure Network Analytics Release 7.3.2

Cisco Security

User endpoints generate NVM data with rich and granular device context – such as IP addresses, host and user names, machine types and models, which operating systems and versions are running, the processes that launched network connectivity, MAC addresses, hash information, and more – that is all collected and stored in the Data Store.

article thumbnail

GUEST ESSAY: Cisco-Splunk merger will boost Snowflake – here’s how security teams can benefit.

The Last Watchdog

Splunk’s inability to migrate to a modern cloud-native architecture makes it difficult to take advantage of these cost-saving benefits or implement advanced data science use cases critical for threat detection. The Cisco acquisition shall exacerbate these challenges and speed up the adoption of security data lakes.

article thumbnail

Introducing continuous remote worker visibility and expanded data collection with Secure Network Analytics Release 7.3.2

Cisco Security

User endpoints generate NVM data with rich and granular device context – such as IP addresses, host and user names, machine types and models, which operating systems and versions are running, the processes that launched network connectivity, MAC addresses, hash information, and more – that is all collected and stored in the Data Store.

article thumbnail

News Alert: CrowdSec report highlights the rise of IPv6 in cyber criminal activities

The Last Watchdog

However, contrary to popular belief, data collected by the CrowdSec network indicates that VPNs and proxies play a far less significant role in cybercriminal activities. About CrowdSec: CrowdSec is an open source and collaborative cybersecurity company that provides real-time threat detection and response capabilities.

VPN 236
article thumbnail

Left of SIEM? Right of SIEM? Get It Right!

Anton on Security

Mostly data collection. Data collection sounds conceptually simple, but operationally it is still very difficult for many organizations. land of data collection. Just as early SIM/SEM innovators struggled with collection [and then UEBAs did ], innovators in 2022 struggle with it as well. SHIFT LEFT?