Typically, when someone says “security is a big data problem” they’re referring to the overwhelming amount of internal threat and event data produced from sources like your SIEM, logs, ticketing and case management systems. The volume of alerts these sources generate cause many security professionals to suffer from “alert fatigue.” Compounding the fatigue are the millions of external threat datapoint analysts are bombarded with every day from the multiple sources they subscribe to – commercial, open source, government, industry, existing security vendors – as well as frameworks like MITRE ATT&CK.
