This session discusses how the enrichment of network flow data can improve threat identification scoring to reduce false positive and the investigative fatigue associated with them. Network data is only one component in threat scoring, yet advanced processing techniques enable additional Indicators of Compromise strengthening threat detection for both clear and encrypted traffic. The discussion will also highlight potential strategies that leverage enriched flow data using rules based and machine learning to optimize the overall tool chain.
We provide professional, scalable network visibility solutions for both cyber intelligence and network security applications for service providers, large enterprisesand government agencies.