• Security efficacy has diminishing value, at some point, as rule quantity grows
  • Rule count is not an absolute measure of successful coverage
  • Coverage is not an absolute measure of security
  • Alert count has an inverse relationship with their manageability
  • Threats are not static
  • Security posture is temporal and so only instantaneously representative