If you are not monitoring network activity, you will not detect an attack when it happens. Without the ability to detect threats within your environment, adversaries will go unnoticed. According to numerous findings by CISA during its cybersecurity assessments, while most organizations enable logging, many fail to aggregate relevant logs to a centralized log management system or SIEM (security information and event management) for correlation and analysis. Furthermore, even after collecting logs into SIEMs, many organizations neglect to regularly review logs for unusual and suspicious activity. In What is a SIEM and How Does it Enhance Threat Detection, experts at IBM’s SecurityIntelligence review the benefits of a SIEM and how it helps organizations detect threats via fine-grained, real-time visibility into on-premises and cloud-based activity. The post further explores how SIEMs empower the security operation center (SOC) to detect both known and unknown threats and respond to incidents quickly and effectively. The SOC could be in-house or a contracted managed security service; but somebody’s primary responsibility needs to be monitoring and investigating suspicious activity. You do not want to hear about an attack against your organization for the first time when the FBI comes knocking... or worse, read it in the headlines. Read the post at SecurityIntelligence
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!