Personam.AI  |  Our Blog

Chuck Faughnan
CEO, Strategic Advisor, & Investor @ Personam.ai | Cybersecurity

November 8, 2024

The pendulum has swung — again.  Way back in the ‘90s, the promise of threat detection was in network traffic analysis. The modern computing method of the time was anomaly detection, and it purported to catch all breaches.  And… it kind of did that!

The problem, however, is that, by the strictest of definitions, everything is an anomaly.  Did you check www.askjeeves.com every day at 12:05pm? Well, that one day you checked it at 12:10pm is an anomaly! That one day you opted for altavista.com? Anomaly! Analysts got bogged down with intense alerting volumes. So, yes, while evidence of an attacker’s tracks were likely caught, you’re still looking for a needle in a haystack.

Enter: log file analytics. This approach became the industry standard. They worked well when networks were simpler and attacks were less sophisticated. Looking at logs provided a relatively effective way to detect and respond to security incidents. However, as networks have grown more complex and cyber threats have evolved, the limitations of log-based security are increasingly apparent. Legacy log-based systems often struggle with scalability, cost, and the ability to detect advanced threats.

It’s time to embrace a more powerful, efficient, cost-effective approach: network traffic analysis!

Limitations of Log-Based Security

Log-based solutions, such as Splunk or QRadar, often have high licensing costs that are variable, and pegged to data storage. As logging utilization increases, so does cost. So there’s that consideration. But what do you do if […]