IT should have visibility into systems so they can understand if they are under attack. The most effective protection strategies leverage real-time security information management tools that collect, correlate, and store event, vulnerability, and compliance logs and then document response and remediation. These tools collect the diverse data that is generated by an organization's existing security devices and applications in real time. The most advanced tools also combine this data with external intelligence on malicious activities occurring globally, then analyze this data and rank incidents according to their priority.
Organizations that want to take action before an event occurs can also leverage early warning systems that keep them apprised of vulnerabilities that have not yet been exploited. It's critical for companies to have this holistic view across their IT infrastructure to be able to capture the logs across all the different elements of their IT infrastructure, correlate these logs, understand what threats are happening right now, and get a view into whether or not they are under attack.
Francis deSouza is senior vice president of the Enterprise Security Group at Symantec Corp.