TABLE OF CONTENTS One of the first complaints heard in most security shops is, there is too much data to look at, and finding out what all the different security widgets mean can be very confusing. For example, with reports coming from firewalls, IDS/IPS, AV, policy, and other sources, finding the information pertinent to your network health and wellness is a challenge to say the least. For the technical members of a security staff who live and breathe in the trenches, this is part of your daily battle assessment. As the technical eyes and ears of an organization, you need to be able to communicate useful and meaningful data up the chain to your management and to their management. However, as most management staffs are not network/security engineers/analysts, the technical details of daily operations are beyond the realm of their need to know. The security team provides reliable evidence of threats and attacks to management so they can make educated decisions on network issues. Finally, if security teams can present a balanced and flexible view into network events and changes, they can help save budgets and provide a useful and continuous return on investment (ROI) for the tools and hardware needed to do their jobs.
The biggest issues we hear about security groups within organizations include:
The security budget for tools and hardware is shrinking or nonexistent.
Upper management is bombarded with vendors trying to sell another security widget that can replace...
