Data is the lifeblood of security because it provides context from a wide range of internal and external sources
Previously, I discussed the concept of the SOC of the future, with a mission to be a detection and response organization. Entirely new solution categories have emerged to support this mission, including Security Orchestration, Automation and Response (SOAR) and, more recently, Extended Detection and Response (XDR). Thousands of reports, articles and research papers have been written on each.
As a security professional it’s important to remain informed about security innovations and update your tools and technologies. But you risk limiting the value you can derive from your next security investment without first thinking about your top use cases and the capabilities needed to address them. Threat detection and monitoring, investigation, incident response and hunting are all use cases aimed at detection and response. And the starting point for each of these use cases is to focus on data.