With various security domains in place, an organization will ultimately need to have an overview of the entire IT set up, as well as the ability to differentiate individual domains, resources, with actionable items. Gone are the days where flooding of firewall and IPS logs equals to security operations. Today’s security operation covers a wide spectrum of security devices and incidents, as well as complying with compliance requirements specific to organizations.
- Security Incident and Event Management (SIEM) is the go-to technology that will be the over-arching solution that sits on top of other solutions. Together with: People, Policy, Procedure – SIEM will serve as a baseline and the platform for organizations to have a clear visibility and generate compliance reports.
- The next step after SIEM, is the visibility to the vast amount of information a.k.a. Big Data and the ability to map the various relationships among events or incidents. Organizations need to address Big Data issues because SIEM is not designed to handle Big Data.