Information overload is a symptom of the problem of too many disparate point solutions that are not integrated and correlated, explained Adrian Sanabria (@sawaba), senior security analyst, 451 Research, in our conversation at the 2015 Black Hat Conference in Las Vegas.
“When we have all these point products that don’t talk to each other, all the information is isolated. If correlation isn’t automated we have to do that manually,” added Sanabria. “Everybody’s got an API now, but not everybody has security developers to connect all these applications … This is key to killing the problem of information overload. It makes it much easier to filter out the noise when you can pull in your indicators from all your disparate products, network, endpoints, all over the place, and do detection.”
None of that can happen until you have visibility.
“Customers aren’t going to be comfortable taking any automated action or automating security until they have visibility,” said Sanabria. “Visibility has to come first.”
Endpoints can now be correlated to something that happens in the email system and also a SaaS application in the cloud. You can now watch a single employee as they travel from application to application, or from device to device, explained Sanabria.
When you take a holistic approach to security, “it really gives you the level of visibility necessary to make decisions about your policy, what you’re going to allow employees to do, and actually detect and respond to anomalies and issues and threats,” said Sanabria.