Maintaining IT Security Threat Monitors

A few years ago the majority of our work focused on pen tests, security assessments and compliance audits. Most of our clients didn’t have giant networks but they were still of a respectable size, most between two and ten thousand network nodes. At the time, few if any of these businesses were using any method of collecting and reviewing their network logs let alone any type of log aggregation or robust threat monitoring. At the end of the consulting engagement, reports typically contained a paragraph or so, telling them that they needed to review their logs and for a . . .