In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?
A.
Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)
B.
Intrusion Detection System (IDS), firewall, switch, syslog
Security Information and Event Management (SIEM): Centralized view of logs and real-time analytics.
Intrusion Detection System (IDS): Identifies malicious activity and alerts the SOC.
Firewall: Monitors and controls incoming and outgoing network traffic.
Vulnerability Management System (VMS): Continuously scans and assesses vulnerabilities.
Why This Combination Works Best:
SIEM provides a comprehensive real-time overview of security events.
IDS detects potential threats.
Firewalls act as a perimeter defense.
VMS ensures proactive identification and mitigation of vulnerabilities.
Why Not Other Options:
Option A: Missing key security tools like IDS and SIEM.
Option B: Limited functionality for enterprise-wide situational awareness.
Option C: Lacks VMS for proactive vulnerability management.
EC-Council CISO Guidance:
This selection ensures a holistic approach to threat detection, prevention, and remediation across the enterprise.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit