Joseph Blankenship, vice president, research director, security and risk at Forrester, shares best practices. He says security analysts need to use security analytics and other tools to assess threats. SIEM tools provide analysts with limited contextualized data as well as a disproportionate amount of false positives, he says. He advises clients to liken security automation to an architecture and engineering exercise. In a video interview with Information Security Media Group, Blankenship discusses how to gain value from analytics and automation.”]
Source: https://www.cuinfosecurity.com/how-to-make-most-automation-in-soc-a-15972