Information overload, SIEM version
It’s been over a year since I last wrote about my security information and event management (SIEM) platform — and a lot has happened since then. Back then, I wrote, “Now that my SIEM has been in operation for several months, I’ve become completely dependent on it, not only for security monitoring, but also for overall awareness of my network.”
Since that time, I’ve only become more dependent on my SIEM for keeping track of all the alerts being generated by my various security information, alert and log sources. At last count, I had 21 different systems feeding data into my SIEM, including intrusion-detection sensors on the network, malware detection on the network and individual computers, firewall logs, network device logs and flow data, and server logs. All this information has given me unprecedented visibility into threats on my network — and now is the right time to have that visibility.