Chapter 9. NSM Operations
Analysts need tools to find intruders, but methodology is more important than software. Tools collect and interpret data, but methodology provides the conceptual model. Analysts must understand how to use tools to achieve a particular goal, but itâs important to start with a good operational model, and then select tools to provide data supporting that model.
Too many security organizations put tools before operations. They think âwe need to buy a log management systemâ or âI will assign one analyst to antivirus duty, one to data leakage protection duty,â and so on. A tool-driven team will not be effective as ...
Get The Practice of Network Security Monitoring now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.