Analysts in security teams make decisions all day in their investigations that impact the security of the entire organization: Where should I look next? What should I do about this alert? Is this even dangerous?
The better we can arm analysts with additional information, context, and situational awareness, the more informed their decision-making will be. But due to the dizzying scales of alerts and associated data occurring in a typical enterprise, decision making needs to scale.
Generally, the faster you are at making decisions and taking action against a threat, the less likely you are to be breached and the more likely you are going to be able to stop merely reacting and move into a proactive approach with your team. Today, teams are automating mass amounts of data, but are not yet able to refine that data into intelligence suitable for decision making.