A security team at a large financial institution is facing challenges with incident response. Analysts report that it takes too long to piece together the sequence of events during a security incident because they must manually collect and compare logs from firewalls, servers, and applications. This disjointed process has led to a high Mean Time to Respond (MTTR). Which of the following security architecture components should be implemented to have the GREATEST impact on reducing the MTTR by streamlining log analysis?
A network tap on all major network segments
A centralized logging system
A vulnerability scanner configured for continuous monitoring
An Intrusion Prevention System (IPS) at the network edge
Implementing a centralized logging system, often as part of a Security Information and Event Management (SIEM) solution, addresses the core problem. It aggregates logs from disparate sources into a single, normalized repository. This allows for automated correlation, streamlined searching, and a unified view of events across the infrastructure. By enabling analysts to quickly see the full picture of an incident, centralized logging directly reduces the time needed for investigation and response (MTTR). The other options might provide more data but do not solve the fundamental issue of log correlation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is centralized logging important for abnormal activity detection?
Open an interactive chat with Bash
What tools are commonly used for centralized log collection?
Open an interactive chat with Bash
What challenges do organizations face with decentralized logging?