i. This is a big data for cyber security issue. It’s difficult to find a managed system that is not able to report on network and OS-level activity (e.g. Syslog, SNMP, etc.). We’re not talking about a log-manager or SIEM but rather the resulting data (structured and unstructured) being transferred securely into a data repository for link analysis, correlated with various sources of threat intelligence and end-point activity. With this approach the network and host OS activity are complimentary and provide insight into users, hosts and applications deep within the network fabric providing accurate situational awareness, telling the user what needs to be investigated. This is not predictive analytics but rather a method for holistic profiling. Imagine visualizing a system escalating privilege and then connecting to another system via link analysis. A mature implementation would have the ability to apply algorithmic rules to trigger alerts or call APIs to mitigate would-be malicious activity in real-time (e.g. call SDN controller to change forwarding path on network).
Idea No. 154