One of the key components of detecting and preventing a cyber attack is the ability to correlate network and endpoint security events. The ability to see and correlate security-related events gives administrators the visibility they need to stop unknown and evasive threats before the damage is done. Additionally, the ability to correlate events prevents successful attacks from spreading to other computers and other departments.
Correlation allows administrators to:
1. Correlate network and endpoint insight for enterprise-grade threat visibility.
2. Improves security against unknown and new, advanced malware attacks without a known signature.
3. Determine which endpoints are infected.
4. Decreases time to detection and remediation via policy-based automation.
5. Identify threat origin
6. Scores threat indicators and incidences based on severity – helping guide response.