Security professionals now generally recognize that siloed security tools and systems have undercut efforts to find active attacks more quickly and efficiently.
Information security began decades ago with strategies of taking a layered approach and even relying on a heterogeneous mix of vendors. This meant that desktop or endpoint solutions were separate and from different manufacturers than those for gateway or cloud. While the underlying tenets of not relying on a single vendor and taking advantage of best-of-breed expertise for each system or tool is still valid, it has become obvious that data needs to be combined to understand the complete attack surface and progression of the kill chain.
SIEM was created over fifteen years ago to integrate security data for providing real-time analysis of security alerts generated by applications and network hardware. Admittedly, there was too much reliance on log data and ..
Support the originator by clicking the read the rest link below.
