Gaining data is the easy bit of cybersecurity. Even once data is normalized, sorted, and categorized, there is still a requirement to analyze, interpret, and draw conclusions from it. Spotting the patterns and drawing conclusions from the data is one of the primary reasons that human operators are still required for cybersecurity operations. While this is only 10-12% of 210-255, it is the greatest cybersecurity skill.
The following topics will be covered in this chapter:
- Finding a threat actor
- Deterministic and probabilistic analysis
- Distinguishing and prioritizing significant alerts