Verizon mentions that log analysis only accounted for 1% of breach detections.
http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Therefore, does an organization need a SIEM solution? Yes, but it is one prong of a multi-prong approach to threat analysis and detection.
That is why organizations engage in MSSPs or SOCs, due to the need to incorporate defense-in-depth capabilities.
No comments:
Post a Comment