Turbo boost telemetry
Security AI and automation are beginning to demonstrate significant value, especially in minimizing dwell time and accelerating triage and containment processes, says Myke Lyons, CISO at telemetry and observability pipeline software vendor Cribl.
Their success, however, depends heavily on the prioritization and accuracy of the underlying telemetry, Lyons cautions.
“Within my team, we follow a structured approach to data management: High-priority, time-sensitive telemetry — such as identity, authentication, and key application logs — is directed to high-assurance systems for real-time detection,” Lyons explains. “Meanwhile, less critical data is stored in data lakes to optimize costs while retaining forensic value.”