2. Security Information Management, Log Analysis
The annual Verizon Data Breach Investigations Report, which analyzes more than 600 data breaches, has consistently advocated for companies to not only deploy security information event management (SIEM) systems, but proactively monitor them. The firm's research analysts say that proactive monitoring of system logs could have recognized a vast majority of the threats behind breaches, helping incident responders contain threats before data is stolen.
SIEM systems are no magic bullet but, if proactively monitored, they can spot problems much more quickly than relying on a single appliance to spot an intrusion, say solution providers. SIEM systems are designed to pull in log data from a variety of network devices and security software. Some systems combine threat intelligence data with the analytics engine to help spot suspicious activity. A SIEM system also can identify vulnerabilities and configuration weaknesses that are often the target of attackers.