Connect with us

Hi, what are you looking for?


Threat Intelligence

Protection is No Longer Straightforward – Why More Cybersecurity Solutions Must Incorporate Context

Context helps complete the picture and results in actionable intelligence that security teams can use to make informed decisions more quickly.

It is well known that when it comes to cybersecurity, today’s modern network demands solutions that go beyond simple one-size-fits-all approaches. Traditional methods of protection have proven inadequate against evolving threats and modern cybersecurity solutions often integrate multiple security tools and technologies.

These considerations combined with the increasing volume of data generated from various sources makes context essential for filtering and prioritizing security alerts. As such, context-aware – and more importantly, context-inclusive – cybersecurity solutions have emerged as a crucial approach to tackle these challenges effectively.

Incorporating context into a threat investigation goes well beyond simply looking at an IP address. And while knowing the IP address is an important piece of information, it is really just the beginning. Analysts must look further for other key pieces of information such as:

  • Who owns the IP address? 
  • What environment does it reside in?
  • What applications is the IP communicating with?
  • Perhaps even, what operating system is on the host?

Because there is no one-size-fits-all approach to security, teams often have to consider a device’s details to determine if anomalous behavior is just new or malicious. Additional context helps complete the picture and results in actionable intelligence that security teams can use to make informed decisions more quickly. Gathering this information manually or pulling it from various point solutions is cumbersome and can take considerable time. Security teams require a solution that can compile all of this information to avoid delays in investigation.

Think of it like making a trip to the Emergency Room. The admitting ER physician is not likely to make a diagnosis and prescribe treatment based solely on the symptoms presented by the patient. Doing so could lead to complications or further injury.

Instead, the physician must also consider additional context, such as past illnesses, medications, allergies, surgeries, and other relevant information. In many cases, it would be life-threatening if the physician had to take the time to make calls to previous doctors, pharmacies, etc., to gather this information.

Rather, the physician can find all of this context in the patient’s medical record and quickly apply it to the patient’s current health condition and symptoms. Critical conditions demand real-time decision-making based on a person’s medical history and current symptoms to administer the most appropriate treatment.

Similarly, pairing real-time data, such as network flow metrics and security event logs, with up-to-date contextual information is crucial for optimizing time to resolution in cyber incidents. Real-time data provides live insights into ongoing network activities and potential security breaches, allowing security teams to swiftly detect and respond to threats.

Advertisement. Scroll to continue reading.

By analyzing context – such as historical attack patterns, user behavior, system and network configurations, device status and current threat intelligence – alongside real-time data, cybersecurity teams gain a comprehensive understanding of the attack landscape, which can aid in the identification of sophisticated threats and help to discern genuine threats from false positives.

Without the synergy of real-time data and up-to-date context, security teams risk overlooking critical indicators, delaying detection, and impeding timely incident response. The combination of both aspects empowers cybersecurity teams to make informed decisions promptly, rapidly contain and mitigate attacks, minimize the damage caused, and safeguard sensitive data. This ensures the integrity of the organization’s cybersecurity posture.

Much like the medical professionals in the ER, context also enables security professionals to tailor their security measures to suit the specific needs and constraints of the situation. This real-time analysis enables a proactive defense strategy that can respond in a more targeted and effective manner and also plan ahead for future protection.

In addition to security considerations, context can help network operations teams to ensure compliance with regulations or other standards that are often mandated in different countries or industry verticals. Without having a full understanding of the context around network data, an organization might misinterpret or overlook compliance obligations, leading to legal and financial repercussions. Much like the vital role a patient’s medical record can play in decision-making, personalization, and long-term health insights, context-inclusive cybersecurity solutions can better uncover anomalous or suspicious activity, speed investigations and improve outcomes without adding to security team workloads.

Related: Tackling the Challenge of Actionable Intelligence Through Context

Related: Not All Context in Threat Intelligence is Created Equal

Written By

Matt Wilson is the Vice President of Product Management at Netography. Over his 25+ year career, Matt has held senior technology leadership positions across numerous industries including Neustar, Verisign, and Prolexic Technologies. With a rich background in innovation and go-to-market strategies, Matt has been a critical leader in helping many companies conceptualize solutions from the customer lens and drive them to market with significant impact.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...


Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Threat Intelligence

Enhancing cybersecurity and compliance programs with actionable intelligence that adds insight can easily justify the investment and growth of threat intelligence programs.