Analyst-centric Security Operations
Let’s face it, cybersecurity is a geeky domain. While much of IT has shifted its focus to things like business processes enablement and digital transformation, infosec pros still spend much of their waking hours in the weeds, looking at things like protocol anomalies, SQL statements, command shells, etc.
This technical purview has been a highlight of security operations products since their inception. In the early days (late 1990s), security analysts’ jobs depended upon technical tools like TCPdump and Ethereal/Wireshark to look for suspicious activities within network packets. The next step was searching for clues through Syslog and then this led to the use of log management tools and then the evolution of SIEM in the 1999-2000 timeframe.
To read the complete article, CLICK HERE