An organization has many endpoints operating in separate network segments. Administrators want the best measure to unite and correlate logs from various systems for effective analysis of unusual activities. Which approach is the BEST?
Set an output to a central correlation platform with custom rules to monitor combined events from each device
Use multiple repositories for separate departments and ask the team to review them occasionally
Collect logs on perimeter devices but remove them after examining the initial intrusion events
Adopt advanced encryption for data flows to lessen the chance of infiltration
Consolidating log data and reviewing it in one location provides consistency and faster identification of unusual patterns. A correlation platform with integrated triggers helps detect risks by examining events across different devices in tandem. The other approaches either fragment the data or fail to keep actionable records, which limits the ability to spot emerging patterns effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a correlation platform in the context of cybersecurity?
Open an interactive chat with Bash
Why are custom rules important in a correlation platform for detecting unusual activities?
Open an interactive chat with Bash
How does consolidating logs improve threat detection compared to fragmented data repositories?