When I speak with prospects and customers about incident detection and response
(IDR) [https://www.rapid7.com/solutions/incident-detection/], I'm almost always
discussing the technical pros and cons. Companies look to Rapid7 to combine
behavior analytics (UBA)
[https://www.rapid7.com/solutions/user-behavior-analytics/] with endpoint
detection and log search to spot malicious behavior in their environment. It's
an effective approach: an analytics engine that triggers based on known attack
I've been in love with the idea of a SIEM since I was a system administrator. My
first Real Job™ was helping run a Linux-based network for a public university.
We were open source nuts, and this network was our playground. Things did not
always work as intended. Servers crashed, performance was occasionally iffy on
the fileserver and the network, and we were often responding to outages.
Of course, we had tools to alert us when outages were going on. I learned to
browse the logs and the system m