Setting up the requirements for integrated security
Before a company gets into buying licenses for all sorts of security tools, security architects will need to gather requirements. That is done in the following four stages that a security team needs to cover:
- Detect: Most security tools focus on detecting vulnerabilities and actual attacks or attempts to breach systems. Some examples are endpoint protection, such as virus scanners and malware detection, and Network Traffic Analyzers (NTAs). In multi-cloud, architects need to make sure that detection systems can operate on all platforms and preferably send information to one integrated dashboard.
- Analyze: This is the next phase. Detection systems will send a lot of data, including false positives. Ideally, security monitoring does a first analysis of events, checking them against known patterns and behavior of systems and users. This is the first filter. The second phase in the analysis is prioritization, which is...