Many organizations have started to consider and implement security analytics to help bolster their detective capabilities.
Those beginning their exploration of security analytics and log collection technologies often think they will be able to detect breaches by simply sending logs to a central server for analysis. It’s true that logs are required, but it takes a lot more effort to make sense of them than most people realize.
This document describes how security analytics can overcome these pitfalls to reduce false positives, accelerate investigations, and stop more attacks more quickly.