Below are show notes for an episode of the 7 Minute Security podcast, a weekly podcast I publish that focuses on topics such as penetration testing, network configuration, blue-teaming and career advice. I welcome you to subscribe in your favorite podcast app so you don't miss an episode!
Today's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription.
This week I sat down with Lane Roush of Arctic Wolf to discuss the big hairy beast that is...(insert dramatic music here) logging and alerting! I work with a lot of clients (and you probably do too) who want answers to these questions:
- What in the world is going on in my network?
- How will I know if bad stuff is happening?
- If I do identify the bad stuff and attempt to eradicate it, how will I know if I've exorcised all the demons?
So Lane and I sat down to discuss this conundrum, and explore answers to other burning questions like:
- Why is it so hard to separate the signal from noise when trying to figure out what's happening in the bowels of your network?
- Should logging/alerting be a full-time job for one or more people?
- When does it make sense to outsource these responsibilities?