I have had the pleasure of working on several SIEM/SEM implementations throughout the year(s). One of the main issues I face is that a big majority of the analysts that will be monitoring the system on a day to day basis come from a different BU or IT group within the company.

Virtualization in all of its forms (whether you are thinking of data centers or Windows 2008 or in the future with virtualized desktops) looks like it is going to be a success.  However, there appears to be different deployment visions for leveraging the power of virtualization.  Many people jump at the idea of dynamic environments where server resources are leveraged for different applications, on the fly, instantaneously being deployed to meet a jump in demand.  Unfortunately, for the moment, this idyllic vision cannot really be leveraged for most situations.  Yes, there will be examples where companies dynamically bring online and reconfigure their IT infrastructure to reflect seasonal or event driven demand where planning the actual demands is difficult.  But for the moment, I am going to focus on the security operations aspects of a planned virtualization scenario for this series of articles.

The United States Air Force Cyber Command publicizes it Mission…. I LOVE IT!