Advanced threats have permanently changed how organizations think about cybersecurity. It’s no longer enough to monitor for known threats or to just rely on security point products that provide a narrow view. Security teams need an infrastructurewide view of activities in order to identify, understand and stop attackers. There are four classes of data that security teams need to leverage for a complete view: log data, binary data (flow and PCAP), threat intelligence data and contextual data. If any of these data types are missing, there’s a higher risk that an attack will go unnoticed. These data types are the building blocks for knowing what’s normal and what’s not in your environment. This single question lies at the intersection of both system availability (IT operations and application) and security use cases.
