An organization has many endpoints operating in separate network segments. Administrators want the best measure to unite and correlate logs from various systems for effective analysis of unusual activities. Which approach is the BEST?
Adopt advanced encryption for data flows to lessen the chance of infiltration
Collect logs on perimeter devices but remove them after examining the initial intrusion events
Set an output to a central correlation platform with custom rules to monitor combined events from each device
Use multiple repositories for separate departments and ask the team to review them occasionally
Consolidating log data and reviewing it in one location provides consistency and faster identification of unusual patterns. A correlation platform with integrated triggers helps detect risks by examining events across different devices in tandem. The other approaches either fragment the data or fail to keep actionable records, which limits the ability to spot emerging patterns effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a central correlation platform in cybersecurity?
Open an interactive chat with Bash
Why is it better to consolidate logs instead of using multiple repositories?
Open an interactive chat with Bash
How do custom rules improve the effectiveness of a correlation platform?