Reverse Engineering the Analyst: Building Machine Learning Models for
Many cyber incidents can be traced back to an original alert that was
either missed or ignored by the Security Operations Center (SOC) or
Incident Response (IR) team. While most analysts and SOCs are vigilant
and responsive, the fact is they are often overwhelmed with alerts. If
a SOC is unable to review all the alerts it generates, then sooner or
later, something important will slip through the cracks.
The core issue here is scalability. It is far easier to create more
alerts than to create more analysts, and the cyber security industry
is far better at alert generation than re...