Surviving the Mythos Era: Richard Bejtlich on the Case for NDR

Security operations teams often have difficulty answering fundamental questions during incident investigations, such as what occurred and what evidence is available. Despite having access to a large amount of telemetry data, teams struggle to understand the full context of an incident. To address this, teams need to look beyond initial alerts that typically trigger the investigation process. Incident investigations require a more comprehensive approach to gather and analyze relevant information. The goal is to gain a complete understanding of what happened and what evidence is available to support the investigation's findings. Effective incident investigation outcomes depend on this thorough approach.