They say if you can’t measure it, don’t do it. I like to quantify investments, money spent and what is my investment's return? A SIEM (Security Information and Event Management) solution is a significant investment for any company,
You may be wondering what on earth a Cyber Kill Chain is? After all, it sounds very a military term with little application in a business sphere, well I will connect the dots for you.
The Cyber Kill Chain is
Enhanced logging is taking detailed information about events happening on a system to determine if there any suspicious events occurring such as Word downloading a file from the internet.
Windows systems by default are not configured for enhanced logging, in
A SIEM solution accepts logs from a wide variety of log sources including network security appliances, Linux systems and often windows domain joined systems to name a few. SIEM solutions are designed to analyse these logs and look for patterns