All right, now, we've talked about the stages of the data security life cycle. And of course, we have to monitor. We have to monitor for security within all the stages we're watching. We're reviewing logs. We are making sure our logs air properly configured. We look for alerts.
We want to ensure that the alerts that are significant
alert the right people at the right time. You know how quickly
so we think about automating processes for monitor. But we also have to have that human element there for judgment response as well. So when we are auditing, we're looking for compliance. And ultimately,
we are turning this over to the cloud service provider. Right when we're storing our data there, we don't show up with their audit logs.
So determining how the cloud service provider audits what they audit, what they monitor, what's relevant for performance, what's relevant for security? Does it meet what we internally are required to audit or wantto audit would format of their logs in what are their techniques?
All of that should come into
the form of the service left look great, right? All that should be specified. Do they provide us with their audit box. They may. They may not. So we need to make sure, Often a tool that's used very frequently when you have a distributed environment. Something called a security event manager
could also be called security Incident. An event manager. You hear these refer to a SIM Systems?
The purpose of these SIM systems is aggregation,
right? If I'm gonna review logs from 20 different computers or 2000 different computers, I'm certainly not accessing each of those individual systems. So this is a really important tool when it comes to monitoring for events. Because we can pull
those logs from our servers from our intrusion detection prevention systems,
honey pots, firewalls and we can pull all that information aggregated. And then these tools give us the ability to analyze. Try to associate a bigger meeting. You know, the hole is bigger than the sum of its parts. So when we have all of those pieces together,
what can we find out? What can we learn?
Trend analysis. Are we responding quickly? You know, we have these reports If we have the need for forensics, these air a key tool again that help us with collecting information across many sources. So that's the purpose of a SIM system goes hand in hand