Model Talking Points

When we determine a useful set of attributes associated with process, application, system, and/or network state, we can figure out a way to use them to classify the severity of an anomalous event. When we know what component the anomalous event is associated with and the severity of the event, we do a much better job of determining what action should be taken. When we have an arsenal of response actions, there is no reason why an effective automated response policy cannot be deployed.