Security Intelligence and the Critical Security Controls v6

by G. W. Ray Davidson, PhD
Sept. 1, 2017 1 comment SANS Institute Detection & Response critical controls

Security data is everywhere—in our logs, feeds from security devices (IDS/IPS/ rewalls, whitelists, etc.), network and endpoint systems, anomaly reports, access records, network tra c data, security incident and event monitoring (SIEM) systems, and even in applications hosted in the cloud. All of this data—and the processes that use them— combine to form an organization’s security intelligence ecosystem. The major challenge of managing this ecosystem of security data is tying all these bits of data together and automating their correlation and use, with the goal of faster detection, prevention, continued security improvement and ultimately, reduced risk.1 The key to success is through automation and integration, according to the CIS Critical Security Controls, which is now in version 6.

ariadnalunguco 7 months ago

These tips on the automation and integration of data is important to know and to handle. I really liked this presentation which pointed out some things I wouldn't have thought of.