Even well protected environments will be targeted by Determined Adversaries who are technology agnostic and undeterred by traditional defenses . However, the deployment of intrusion detection and advanced analytics solutions that observes the real-time health of networks involves more than traditional network monitoring. In addition to security data from intrusion detection systems, organizations can also use information provided by IT assets such as routers, hosts, and proxy servers to evaluate operational and security status. The large amounts of monitoring and audit data generated by these solutions must ultimately be turned into insights that can be used to inform more effective cyber security responses. Such responses may be operational, as discussed later in this section, or they can be more strategic and involve changes in policies, controls, and oversight measures. They can also result in combinations of both, with operational incidents informing longer-term decisions.
Regardless, for this to happen, organizations must have the right data, and analyze that data in context for that data to drive action. Fusing together disparate data from a variety of organizations and systems to create a common operational picture is challenging. And building the analytic capabilities (for example, correlation) to derive valuable insights is even more difficult and is as dependent upon the application of human skills as it is on technology. These skills still scarce and the recruitment of suitably skilled individuals is a significant challenge.