Modern security teams are not unlike the tenacious forensic investigators featured on many popular network television shows. In order to determine ‘who done it’ they must piece together small and seemingly unrelated strains of evidence.
However, unlike a TV investigator, the vast majority of security teams today are often unaware that a malicious incident has even occurred - which is why according to IBM, it takes the average enterprise almost 200 days to even recognize the fact that they’ve been breached in the first place.