Posted: Mon, 11/28/2022 - 6:31pm
Most organizations have the tools in place to receive notification of attacks or suspicious events. But taking the information gleaned from cybersecurity tools is only step one in handling a security threat.
“The goal of a security practitioner is to link those data sets together and do something with the information,” says Mat Gangwer, VP of managed detection and response at Sophos. “The threat notification is just the beginning.”
It’s a common misconception that a tool has effectively blocked or remediated an issue simply because the IT or security team have received a notification of malicious activity.