www . AmericanSecurityToday . com July 2022 - Edition 62
complexity of tools or solutions impedes the detection and remediation of security threats .
At the same time , 31 % cited a lack of data collection and monitoring as a hindrance to event correlation and threat detection .
The adoption of centralized monitoring technology is critical to accelerating detection and response strategies across today ’ s complex and expanding government networks and is a requirement of the Cybersecurity Executive Order .
An easy first step towards compliance with this stipulation is to use current security information and event management ( SIEM ) tools . A SIEM solution gathers logs from thousands of sources across hybrid environments and watches 24 / 7 for suspicious activity from a centralized location .
Teams can also hasten incident response using automation . For example , SIEM can automatically execute responses when certain correlation rules are triggered , such as blocking IP addresses , changing privileges , disabling accounts , killing applications , and more .
Machine learning and behavioral analysis can also be applied to log data to expose both indicators of malicious activity and anomalies in user behavior , such as a person authenticating from unexpected
locations such as Russia , China ,
34