美國(guó)時(shí)間2012年5月29日，McAfee發(fā)布了《2012年風(fēng)險(xiǎn)與合規(guī)展望》調(diào)查報(bào)告。這里有中文報(bào)道。這份調(diào)研報(bào)告McAfee雇傭了專門(mén)的調(diào)查公司，訪談了438名來(lái)自全球多個(gè)國(guó)家的IT中高層人士。

對(duì)于這份報(bào)告，我比較關(guān)注其中對(duì)SIEM的調(diào)查部分。也許這也可以看作是McAfee收購(gòu)NitroSecurity的動(dòng)因，或者是收購(gòu)之后對(duì)SIEM市場(chǎng)的特別關(guān)注吧。

調(diào)查報(bào)告顯示，大約60%的受訪組織把SIEM看作是實(shí)現(xiàn)全網(wǎng)的應(yīng)用、數(shù)據(jù)庫(kù)、系統(tǒng)性能和事件的實(shí)時(shí)可視性的重要手段。而獲得對(duì)IT安全的可視性是IT風(fēng)險(xiǎn)管理的關(guān)鍵要素，超過(guò)81%的受訪者都認(rèn)同可視性的重要。

調(diào)查顯示，大約有一半的組織每月花費(fèi)6到10小時(shí)用于風(fēng)險(xiǎn)管理的活動(dòng)之上。約40%的企業(yè)正在計(jì)劃實(shí)施或更新SIEM解決方案。

當(dāng)被問(wèn)及SIEM的能力和屬性的時(shí)候，三分二的受訪者表示性能分析、實(shí)時(shí)分析、易管理性、應(yīng)用監(jiān)控、DAM十分重要。

報(bào)告對(duì)SIEM進(jìn)行了一番宣傳：A SIEM enables security/network administrators to collect log data from a wide variety of servers and devices across the whole network to identify security threats and suspicious behavior. This type of tool also facilitates forensic investigations to determine “who did what to what, when, and where,” and to manage the collection, storage and archival of all log data generated by numerous devices over a long period of time.The purpose of a SIEM is not to mitigate network threats by themselves, but to facilitate the timely identification of and alerting to (potential and real) threats. This is done by correlating data from multiple devices and looking for anomalous patterns from hundreds and thousands of devices in near real-time so that appropriate actions can be taken to prevent threats from inflicting further damage.

轉(zhuǎn)載于:https://blog.51cto.com/yepeng/883175

總結(jié)

以上是生活随笔為你收集整理的McAfee：2012年风险与合规展望的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。