The Top Five Capabilities Siems Should Have For Accurate Threat Detection [q&a]

Security Information and Event Management (SIEM) platforms are the centerpiece of many organization’s security controls, but if not configured correctly, they can produce too many false positives and make overall threat detection worse. We spoke to Sanjay Raja from security analytics company Gurucul to discuss how SIEMs can be configured to offer accurate detection. Raja identified five security trends affecting SOC teams, and outlined three capabilities that SIEMs should possess for accurate threat detection: the ability to easily ingest data from new applications, systems or devices; threat detection based on advanced, trained machine learning; and the ability to monitor unrestricted telemetry.