Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
Thursday, December 5, 2019
What About Automation?
Better analysts or better automation? Which way is the path forward? Have we really reached a point where human analysis is no longer viable or scalable? If so, why do automated tools continue to fail? Behavioral analysis and network threat hunting, as being forwarded by folks like John Strand has a better chance of allowing us to close the breach detection gap and keep bad actors out to begin with. Given the massive investments in each years next big thing, the overlap in tools with companies paying two or three times for the same functionality which vendors market as integration, and our continuing inability to prevent breaches and compromises, I think it's time for companies to start investing more money on training new talent and less on yet another tool to add to the "tool belt", that still has no one to interpret or respond to. Opinions are my own and do not reflect the views of my employer. Thoughts?
Labels:
analysis,
automation,
blue team,
defender,
threat hunting
Subscribe to:
Posts (Atom)