In these mixed environments, logging standards cannot possibly be sustained as vast amounts of “machine generated data” is created and fields within the data are labeled differently. Even if you haven’t lived through it yourself, you’ll understand that even today, over 50% of the largest companies manage their network security manually and individually through each vendor’s console. As security practitioners, we’ve learned long ago that the speed and convenience of centralized management far outweighs the benefits of reducing exposure using the aforementioned technique. Whether it is from an old defense in depth strategy or multiple corporate mergers, multi-vendor environments continue to introduce risk. Theoretically, this leaves you less exposed. For example, at any given moment in time, one vendor’s firewall may have exploitable vulnerabilities whereas another’s may not. Part of the practice of making it difficult for someone with malicious intent includes using multiple vendors at certain layers. The concept includes creating multiple barriers the “hacker” must cross before penetrating an environment. “ Defense in depth” is an older methodology used for perimeter security. I chose coalesce because it does not come up often. The challenge is to see who could blog about some of the least used Splunk search commands. This blog post is part of a challenge or a “blog-a-thon” in my group of Sales Engineers.
0 kommentar(er)
