4 Main Problems with Application-Layer Detection Rules
Too Long; Didn't ReadRules as we know them today are a static solution to a dynamic problem, which makes them ineffective. Each application can be highly dynamic. The flood of false positives overwhelms security analysts, waste their time, increase burnout, and leads to alert fatigue. We need to increase automation with unsupervised machine learning based on how people properly and improperly USE applications.