To properly identify and manage security incidents, organizations need to collect data in real time, analyze the data in real time, and store that data so it can be used later to correlate against more real-time data as it arrives on the scene.
The challenge is, storing data costs money – plus the management and usage of the data for security management purposes can be a real problem as well. As you collect more data and try to make sense of it, the complexity increases. As time passes, the context of the data erodes and the context of new data captured is difficult to apply to the old data. To succeed, the right data captures are needed and the right tools and analysis must be applied.
Read the full article to view Travis' presentation (video).