Should SOCs monitor application or infrastructure logs for suspicious events?

We learned from the previous article that SOCs/Incident Response teams should be looking for threats that represent high-level risks to the normal business activities.

We know the who, but how can we define what needs to be protected?

Assume your company has over a thousand business applications. They are hosted in multiple data centres as well as in the cloud. There are Windows and Linux hosts, and many of these are not patched of course. On top of that, nobody knows who owns them.

The following article cuts through this complexity and explains a simple approach.

The post Should SOCs monitor application or infrastructure logs for suspicious events? appeared first on Rainbow and Unicorn.

This is a Security Bloggers Network syndicated blog post authored by Gabor. Read the original post at: Rainbow and Unicorn