Every computer attack is a battle between the owners of a computational infrastructure and adversaries bent on using these resources for their own purposes. The owners may span multiple organizations that have limited trust between them. Meanwhile, human adversaries are adaptively hostile, employing open-ended strategies and anti-forensic techniques. The problem of securing complex infrastructures in a dynamic hostile environment with changing adversaries cannot be solved with static defenses or uncoordinated unilateral measures. In today’s large infrastructures comprised of many collaborating organizations, the way we typically monitor cyber defense is to gather all the cyber data from across the enterprise to a single point and analyze it centrally. While this gives excellent scope of information, this approach scales poorly. Read more here