Mark May of Virtual Storage Zone comments:
One of the biggest gaps I see is that audit logging is more about information and a lot less about how that information is presented. Let’s take a look at the simple example of creating a user inside of active directory. That single user creation will actually trigger nearly half a dozen individual events including events for the actual creation, enabling, password reset, and change of said account. This generates, literally, pages of data about the events. This can be a huge problem for creating accurate reports that reflect the change, especially if your target audience is a non-technical auditor.
IT operations staff have to spend time not only creating the report but also explaining what it actually is. Even with a renewed focus on security, this inefficient user of resources hampers the ability to actually perform work. This problem is very common with traditional SIEM implementations, as it often seems presenting information is an afterthought.
Security is often at odds with the rest of the network. Perhaps getting rid of the walls is a good thing.
Read more at: Breaking down silos between security and operations
- Kasten Brings Enterprise Storage Features to Cloud-Native Applications - March 23, 2018
- Router vs. Switch - March 22, 2018
- Technology is Not Platonic - February 19, 2018
- Cloudian Announces HyperStore 7 – Gets Super Cloudy - January 25, 2018
- Runecast Analyzer 1.6.5 detects MeltDown and Spectre chip issues - January 12, 2018
- A Docker and Iperf3 Tutorial - January 4, 2018
- Licensing – It never gets better, it just gets more awkward - December 15, 2017
- Commvault GO 2017 Keynote Live Blog! - November 7, 2017
- The History of Email - October 9, 2017
- HyTrust wings in to scoop up a fatally wounded Data Gravity - July 14, 2017