Enabling the analysis of network activity to detect, respond to and recover from cyber-attacks rapidly; and helping organisations prepare for incidents and understand what actions to take when they occur.
This theme applies to organisations of all sizes. Examples include (but are not limited to):
- efficient, compliant ways to stream, store, mine and visualise heterogenous network data;
- software agents that monitor networks and make use of enterprise audit and monitoring to identify anomalies;
- solutions that make threat intelligence actionable in an automated way;
- techniques for anticipating the early stages of a cyber attack, or that enable action to be taken on real-time threat and vulnerability information;
- cross-domain solutions that achieve segregations of devices to contain infections;
- ways of testing cyber incident preparations.