"The more these processes are automated and are performed in real time, the more the alerts will help mitigate attacks before they have done extensive damage."
So are there streams of data that can be safely ignored? Some can, but they are few and far between. The answer actually depends on the organization, as no two are alike.
"While there are very few security events that can be safely ignored, evaluate software that can help you automate the triage to separate opportunistic botnet activity from targeted attack activity. Ensure you can do this in near-real-time as finding this information out a day later exposes you to significant risk," Tavakoli said.
Sign up for Computerworld eNewsletters.