Mary works in the Security Operations Center at a large retailer. Her job is to collect and analyze intelligence about cybercriminal activity that poses a risk to her organization. Using cyber intelligence, she scans and performs data analysis to look for patterns of activity in logs, network communications and critical systems that appear similar to what she has learned about how various cybercriminals operate.
When Mary identifies a suspicious communications channel on her network, she investigates further and discovers an unauthorized remote access tool used by an advanced cybercriminal seen commonly in retail breaches. She has found an intrusion into her company’s network that all other security processes and systems failed to detect and begins to take steps to eradicate the threat from her network.