Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Information overload, SIEM version

J.F. Rice | March 6, 2015
At last count, I had 21 different systems feeding data into my SIEM, and all this information has given me unprecedented visibility into threats on my network — and now is the right time to have that visibility.

What I'm planning to do about this situation is to offload some of the traffic from the routers and switches onto a specialized data delivery device. The device I'm looking at is designed to sit on the network and mirror the network traffic to my SIEM, so the routers and switches don't have to. It can also take log and alert data from some of my other sources and carry them directly to my SIEM, cutting down on network bandwidth.

So while I now have too much of a good thing, fortunately the state of security technology has caught up to the problem. If all goes as planned, I can simply drop in the new device and hook it up to my SIEM without any trouble. Then I can add even more data to what I'm already monitoring.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.