Monitoring
Secure coding extends its role to detection and response through enhanced monitoring. Using logging and alerting systems, systems responsible for monitoring can detect threats and malicious activity. Enhanced monitoring enables security analysts to act swiftly on the detailed information provided. Commercial applications such as SolarWinds Security Event Manager and Splunk offer robust monitoring and alerting solutions for businesses to help them detect and respond to potential security threats. They use methods such as data collection, real-time analysis, and alerts.
Splunk, in particular, performs several key tasks as part of this solution. These are described in Table 14.1:
Step |
Description |
Data Collection |
Gather data from various IT sources (logs, network, etc.) |
Data Aggregation |
... |