The time it takes to read through and analyze the vast amount of transaction logs that can be produced will make security professionals spend too much time on unimportant events and not enough time responding to significant security threats. This process of addressing this issue is known as security information management and is the reason security event consolidationand correlation systems have become vital to the successful identification and handling of security incidents. Event consolidation brings together events from disparate systems into a central repository and event correlation monitors the various security events to determine which events are significant and which one relates to a particular attack.
đang được dịch, vui lòng đợi..