When I speak with prospects and customers about incident detection and response
(IDR) [https://www.rapid7.com/solutions/incident-detection/], I'm almost always
discussing the technical pros and cons. Companies look to Rapid7 to combine
behavior analytics (UBA)
[https://www.rapid7.com/solutions/user-behavior-analytics/] with endpoint
detection and log search to spot malicious behavior in their environment. It's
an effective approach: an analytics engine that triggers based on known attack
I've been in love with the idea of a SIEM
[https://www.rapid7.com/fundamentals/siem/] since I was a system administrator.
My first Real Job™ was helping run a Linux-based network for a public
university. We were open source nuts, and this network was our playground.
Things did not always work as intended. Servers crashed, performance was
occasionally iffy on the fileserver and the network, and we were often
responding to outages.
Of course, we had tools to alert us when outages were going on. I