Wednesday, January 26, 2011
Making Analysis About Analysis
At FloCon this year, I spoke about pictures. Yes, that's right, pictures. My point was that analysis is too hard -- most analysts spend about 80% of their time munging data and fighting with data and only about 20% of their time actually doing analysis. This is simply something we can't continue if we are too succeed in defending our networks. I tried to communicate my strong belief that analysis should be about analysis, and that we as a community need to both provide and use better tools to make this happen. I think the community will warm to this concept, but it won't happen overnight. I see "empowering the analyst" as a strategic direction that the community will likely be heading in the coming years. Plays nicely with the realization of the larger cyber security community as a whole that the time for analysis has come. We need to know our networks. Analysis has arrived.