Before we begin looking at advanced detection techniques, let’s focus on one question: What does it mean to be enterprise scale? Typically, the words enterprise and scale invoke ideas of a large organization with tens of thousands of assets and massive infrastructure, conjuring up visions of an organization the size of a Google, Apple or Microsoft. We often think, “We’ll never be that big!” When it comes to security, however, we need to have the exact opposite frame of mind to ensure success. 

When you think of enterprise scale from a visibility perspective, don’t think about headcount or the size of your infrastructure. Enterprise scale means encompassing and utilizing all the relevant data points available for detections. Enterprise scale is: 

• Recognizing that threat detection is nearly impossible when looking at only a small part of the organization, regardless of its size

• Making threat detections, customized to your environment, that work for you and your team 

• Authoring detections that can scale with the business and the amount of data analysts are examining