Light Dark
April 26, 2019 By Bart Lenaerts 2 min read
Intelligence & Analytics
Endpoint
Network

Effective threat management requires security teams to combine security analytics with the abundance of machine-generated data that is prevalent in most enterprise environments. Tools such as network traffic analysis, endpoint detection, security information and event management (SIEM), and user behavior analytics (UBA) harvest this data and reveal who is doing what in the IT environment and when and how they’re doing it. This mix of data can help uncover unknown threats, but it can also confuse some security operations professionals who are not familiar with it when the data is only partially displayed.

For instance, a network link analysis diagram — or, more simply, a list of network connections — can be very informative because it shows critical data sources, but it can also be overwhelming with its thousands of raw connections and IP addresses. Let’s take a look at some common data sources and explore why security teams really need to combine them all to generate a complete picture for detection, investigation and response.

5 Criteria for Advanced Threat Detection

Security analytics sources and methods can be split into three essential security views: who, where and what.

  • Data related to the “who,” often labeled as user and access analytics, provides insights into various identities, related activity, and accessed data or applications. Recently, behavioral monitoring was added to this group to help surface insider threats.
  • The second group, “where,” is best derived from endpoint-based analytics. This data reveals activity and changes on a specific system (client, server, virtual machine, etc.).
  • You can understand the “what” by using network analytics to monitor which applications, machines and users are active on the network and what data they are accessing where.

Register for the Webinar to Learn More About Network Traffic Analytics

Each of these methods offers some advantages from a security operations perspective. Let’s take a deeper look by evaluating five common security operations criteria: deployment, data management, detection, security intelligence for investigation and response.

 |  |  |  |  |  |  | 
Bart Lenaerts
IBM Product Marketing

More from Intelligence & Analytics
February 6, 2025

Hacking the mind: Why psychology matters to cybersecurity

4 min read - In cybersecurity, too often, the emphasis is placed on advanced technology meant to shield digital infrastructure from external threats. Yet, an equally crucial — and underestimated — factor lies at the heart of all digital interactions: the human mind. Behind every breach is a calculated manipulation, and behind every defense, a strategic response. The psychology of cyber crime, the resilience of security professionals and the behaviors of everyday users combine to form the human element of cybersecurity. Arguably, it's the…

November 27, 2024

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

September 5, 2024

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature