The type of Enterprise Inspector user

There are three types of Enterprise Inspector user that we think of:

Security Operations Center (SOC)—is recommended to the center with its own staff, usually at least five to ten people, consisting of Security Engineers or Analysts. They can work with large amounts of data and analyze it continuously daily. They want to have maximum visibility and don’t mind spending some additional effort to get it. They also have the skills to effectively and efficiently analyze detections and other data on the network. We’re configuring the product to provide as much information as possible.

Security-focused IT—usually have several IT Administrators, of which some can focus on IT Security. Typically found in Enterprises before the organization establishes its own SOC. They can dedicate time or even people to security but not as much as an entire SOC. We’re limiting information not directly related to threats to prevent an overload of information.

IT Administrators—work alone or with only a few others and have generalist roles, without time to dedicate to security. They deal with IT Security as one of many topics and may not have time for it at all during a given week. We limit the amount of information to the most severe issues to prevent an overload of information.