For cybersecurity success, double-down on developing better detectors

The basis of threat detection in security operations centres over the past decade has predominantly relied on rules, commonly defined by SIEM vendors. These “rules” (also called alarms, alerts or use cases depending on the SIEM vendor, or as we prefer to call them “detectors”) then generate alerts that tell analysts that there is a potential threat and helps to produce data that can unearth trends in what types of attacks are common at any given…