Cloud, appliance, software? If you were planning on developing a security monitoring platform, which architecture would you use?

Do we need logging standards, or should we just follow the leaders to help direct our logging efforts?

At what point does turning a blind eye to the loss of revenue spark the inevitable conversation: 'Maybe we should be monitoring this infrastructure more closely?'

Is the often-pitched 'single pane of glass' a benefit to security monitoring tools or yet another point of contention?

If you attended the 2012 RSA Security Conference, BSides San Francisco, or the America’s Growth Capital Summit, you no doubt noticed claims of SIEM vendors jumping on the 'big data security' bandwagon

Heading to San Francisco for RSA, BSides and AGC? Make sure you know how to navigate the vendor gauntlet

Your product's user interface may not be as appealing as you might think -- and it might just be jeopardizing its adoption

Why haven't user interfaces for security products taken advantage of human movement technologies?

To the operationally minded, the loss of security monitoring capabilities will almost always play second fiddle.

A national monitoring infrastructure is theoretically possible, but who could orchestrate such a huge collaborative endeavor?

No sign of the two technologies combining into one, so where does that leave the buyer?

Many vendors claim to be entrenched within NERC and FERC regulated critical infrastructure clients but few understand where the real goldmine of data resides.

It is fairly common to see router, firewall, and intrusion-detection system logs in addition to server, workstation, and application logs consolidated within an enterprise security information management (ESIM) system. Logs generated from network-based devices are generally responsible for the bulk of logs monitored by an ESIM, with the remainder consisting of logs from the various endpoints and software deployed throughout the infrastructure. Perhaps one of the most overlooked sources of data to monitor, however, is that of the physical security controls deployed within an enterprise organization.

A network flow is a data entity that contains information related to a unidirectional sequence of packets on an IP network. Comprised of source and destination port and IP address information as well as IP protocol, ingress interface, and type of service (ToS) entries, the data (organized as flow records) serves to provide high-level insight into what is happening on the network. Every major routing and switching infrastructure vendor supports the generation of network flows in some iteration.

Today Dark Reading launches a new feature: the Security Monitoring Tech Center, a subsite of Dark Reading devoted to bringing you news, insight, and in-depth reporting on the topic of security data monitoring and analysis.