One of the pain points in cybersecurity is the protections are always choosing the “best of breed” technology. This is fine except each technology has its own protection management tool, GUI, dashboard.
As as result, SOC or IR personnel will need to dive into each cyber protection solution and analyze time of sequence event.
Orchestration technology is available to consolidate logs from various log sources to make life easier.
However, cautions must be exercised:
- Are extra investment or recurring operating costs properly funded and ready?
- The ROI might result into workforce reduction to justify the deployment. That means some one might lose the job.
- How are the integration done? Will this breach network zoning?
- Last but not the least, how to validate the solution is successfully deployed as a means of acceptance criteria.