Other PrODuctS 235
like Network Time Protocol is required) across the whole network
(or at least most of it)—what is the point of a SIEM solution if some
parts of the network are o-limits to log capture? e idea is that if an
attack is under way, the organization can detect it and potentially even
avert some of the impact of the incident. If some parts of the network
are blind to the SIEM, the chances of enabling an eective incident
response strategy are reduced. If log capture is only enabled for the
top 10% most critical devices, the chances of being able to respond in
a timely manner are dramatically reduced.
What does network-wide capture of log messages entail? It entails
network logging to be enabled on all networked devices that ...