In security, rules and thresholds create an excess of security alerts. This slows down security teams, and buries real threats to the enterprise. Analytics, in contrast, will take billions of events and distill them into a handful of true threat leads. This presentation explains—through case studies—how to use statistical methods to validate threats and reduce false positives.