Successful cyber security environments are based upon several key strategic objectives, including:
1. Continuous improvement of the methods that determine what is being attacked and how to stop an attack, as quickly as possible.
2. Increased efficiencies to address the constant growth of IT environments, as well as the dramatic increase in the number of threats and attacks. The goals are to streamline security solutions while reducing operational costs and staffing requirements.
3. Audit reports that substantiate where and how security controls are implemented, generally for legal and corporate governance purposes, but also to provide assurances to security teams and executives.
SECURITY TEAMS IN NON-SIEM ENVIRONMENTS: ISSUES AND CHALLENGES
Cyber security teams (a) assess logs and events to determine if cyber threats exist, (b) identify the sources and nature of cyber threats and, (c) attempt to rectify problems as soon as possible. Security teams monitor firewalls, IP addresses, network traffic, operating systems, databases, system configurations, applications, user activity, and so forth. Whenever possible, automated alerts are programmed into monitoring systems. This enables security teams to reduce (potentially) millions of events into manageable sets of anomalies that require further investigation. Security analysts tend to discover threats based on their ability to recognize irregularities in what they perceive as the norm.