I published the following diary on isc.sans.edu: “Security Monitoring: At Network or Host Level?“:
Today, to reach a decent security maturity, the keyword remains “visibility”. There is nothing more frustrating than being blind about what’s happening on a network or starting an investigation without any data (logs, events) to process. The question is: how to efficiently keep an eye on what’s happening on your network? There are three key locations to collect data… [Read more]