If Paul Newman’s Cool Hand Luke character were to address the security industry, his opening line would likely be: “What we have here is a failure to correlate.” Today, one of the major deficiencies affecting security is not a lack of data or even an aggregation of data, but the central problem is one of correlating data and connecting the dots to find otherwise hidden traces of attack activity.
While many organizations have a SIEM, the role it plays is primarily in collecting data, mostly logs, for application visibility and incident investigation. The SIEM is nearly synonymous with log management and compliance. Some organizations have been successful in aggregating other data sources in a SIEM, but collection is one thing and correlation is another. In fact, ..
Support the originator by clicking the read the rest link below.
