Security incident management is the process of detection and identification of security events and response implementation.
Ethical Security provides multiple solutions and frameworks based on industry best practice to implement security incident management, including:
- Log management solutions to analyse & correlate every event (e.g. login, log off, file access, database query, etc.) that occurs across an organisation in order to deliver accurate prioritisation of security risks and compliance violations
- SIEM solutions to provide an in-depth understanding of users, roles, network activities and flows, and in-turn an overview of who is on the network, what data they are seeing, which actions they are performing with the data, and how that affects business risk
- Data aggregation: SIEM/LM (log management) solutions aggregate data from many sources and applications (e.g. network, security, servers, databases), providing the ability to consolidate monitored data to avoid overlooking crucial events
- Correlation looks for common attributes and links events together into meaningful bundles, providing the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the Security Event Management portion of a full SIEM solution