In: Computer Science
Following the merger of two large companies, the newly combined security team is overwhelmed by the volume of logs flowing from the IT system; the company's data retention schedule is complicated by requiring detailed logs to be collected for months. Which of the following designs best meet the company's security and retention requirements?
Forward logs to both as I am and a cheaper, long-term storage, and then delete logs from the Siem after 14 days
reduce the volume by disabling logging of routine maintenance activities or failed authentication attempts
send logs to a Siem that correlates security data, and store only the alerts and relevant data arising from the system
maintain both companies logging in Siem Solutions separately, but merge the resulting alerts and reports
Sol:
The correct option is :
(4) :maintain both companies logging in Siem Solutions separately, but merge the resulting alerts and reports
why because , Since two companies are merging together , There will be very much loggin data also available .We can not simply eliminate ones data. Hence we should maintain both companies logging in Security information and event management (SIEM) software . After that we can merge the overall alert and report as together.
The other options are wrong becuse ,
(1) Forward logs to both as I am and a cheaper, long-term storage, and then delete logs from the Siem after 14 days : This method is less efficient and benefit to the scenario. Hence we can neglect this approach
(2) reduce the volume by disabling logging of routine maintenance activities or failed authentication attempts : This activity may lead further complications in system working and security . Also we can not reduce the volume effortlessly.
(3) send logs to a Siem that correlates security data, and store only the alerts and relevant data arising from the system : This method is good , but it does not give an idea about the merging of companies . In other words since we have two companies data , we need to consider about both of it . Hence this option is less suitable.