Joe Partlow, ReliaQuest CTO
April 11, 2019
Like a triage nurse, security professionals have to prioritize the data that will help them best identify problems and keep the organization, its data, and devices safe from intruders and cyber attacks.
However, logging and monitoring all relevant events from across the IT environment can be challenging. For instance, some common log sources, such as servers, firewalls, Active Directory, intrusion detection systems, and endpoint tools, are fairly easy to ingest and parse. But other log sources that are particularly valuable for incident response (IR) are difficult to manage at scale and rarely ingested because of the effort it takes.
Read the full article on Dark Reading.