Useful Threat Detection Program Measurements

In this article we’ll discuss using some machine learning concepts/scoring to determine the efficacy or effectiveness of threat detection content. An example of threat detection content (TDC) is (not limited to) custom or vendor provided signatures. We’ll generate a series of scores to measure the efficacy, effectiveness, precision, and recall.

Efficacy

Efficacy is “the ability to produce a desired or intended result”. When it comes to TDC the desired efficacy score would be high; that is, we want our detections to detect…