Sterile, brightly lit rooms of computer screens. All showing spreadsheets or charts or static maps of the world. I yawn even thinking of it.
And yet the men and women working this environment 24/7 are responsible for detecting that one little anomaly or sorting out the REAL bad traffic patterns from among the thousands of False Positive bad traffic patterns that show up on their screens hourly.
Little wonder the poor Security Analysts over at Target missed the evidence in front of them. The sheer enormity and chaos of data that assaults them in the course of their workday is stressful and overwhelming. All the screens look the same, tables and columns, and rows of information about network and security events collected and forwarded by every device on the network. Then hundred or thousands of rules process them to try to find deviations from "normal traffic". Like any network has "normal traffic". Right...
I know. I've worked in or around these systems for the past two decades. I've seen the tools appear, mature, merge, morph, and become "fairly" useable. But the false positives are still rampant, and low and slow "Advanced Persistent Threats" are under the radar and typically don't show up here.
So when an upstart Security Analytics company called me late in 2013 to show me what they've been working on, well... I could care less. Really... They tried hard to influence me with their Pedigree: Harking from the minds