A company with multiple locations has taken a cloud-only approach to its infrastructure. The company does not have standard vendors or systems, resulting in a mix of various solutions put in place by each location. The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms. Which of the following best meets this objective?
A Security Information and Event Management (SIEM) system is the best solution to provide comprehensive visibility into all platforms for the internal security team. SIEM solutions collect, aggregate, and analyze log data from various sources in real-time, offering centralized visibility into the security events across different platforms and vendors. This capability is crucial for a company with a mix of various solutions, as it ensures that the security team can monitor and respond to security incidents effectively.
A. Security information and event management (SIEM)Here’s why a SIEM solution is the most appropriate choice:Centralized Visibility: SIEM solutions collect, aggregate, and analyze log data from various sources in real-time, providing a centralized view of security events across different platforms and vendors. This is crucial for a company with a diverse mix of solutions, as it ensures that the security team has comprehensive visibility.Correlation and Analysis.Compliance and Reporting. Alerting and Incident Response.
B. Cloud security posture management Cloud security posture management solutions provide visibility and control over an organization's cloud environment, allowing the internal security team to have insight into all platforms regardless of the mix of solutions in place. This tool can help monitor and assess the security configurations, compliance, and overall security posture of cloud assets, enabling the security team to effectively manage and secure the cloud infrastructure.
CSPM solutions focus on identifying and mitigating risks in cloud configurations and compliance issues. While they are valuable for ensuring cloud security posture, they may not provide the comprehensive visibility across all platforms and systems that a SIEM offers.
A - SIEM: This is the best solution to provide the *internal* security team visibility. CSPM would be helpful but does not meet the requirements.
Going with CSPM as SIEM in this situation could be a complete headache and provide visibility for events.
This site will explain why B. CSPM is the correct answer: https://www.microsoft.com/en-us/security/business/security-101/what-is-cspm#:~:text=%EE%80%80Cloud%20security%20posture?msockid=3aa33e07d74061e422702d22d6c460c3