Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
Incident Management is a broadly used term but in our world of network security, it is inherently defined as the process an organization uses to identify, investigate and remediate a potential or real threat to their network resources and users.
More and more organizations are deciding to “go virtual.” And why not? The benefits are numerous–optimized resources, increased efficiency and a more dynamic infrastructure, among other things. IT departments around the world are collectively champing at the bit to deliver a centralized, optimally partitioned, easily scaled (yet physically small) data center. Shutter those football-field-sized data centers and open the door to a minimalist IT operations center. Sounds perfect right?
Any discipline when sufficiently advanced will exhibit many of the same traits, building as Art Coviello mentioned on Tuesday in his keynote, on the shoulders of giants. The painful work of building wisdom, learning to work together and establishing procedures for what once seemed impossible can eventually make miracles commonplace.
In any system, the feedback loop is essential to governing the process, whether that’s done through manual inspection or automated feeds. In security, the SIEM performs this essential role of collecting and correlating information on what is happening across the security controls. Building out the set of collection points and strengthening the correlation across those elements to deliver real intelligence about the system is key to an effective SIEM in particular and to security management in general.
