Security is defined in multiple ways, but for IT security professionals it's a simple competition against cyber criminals. In this game, the winner owns the network. We cannot protect what we do not understand—it is as simple as that. In this chapter, we discussed how to detect potential security threats before they compromise our network, host infrastructure, and applications. We have also discussed the fact that it is very tough for a human to read all of the logs coming from various devices. Keeping that in mind, we have discussed SIEM tools and its future with automation and automated threat response techniques.
In the next chapter, we will discuss vulnerability assessments and why these are required in every organization for protecting information.