If you know what data is critical to your organization and what activities are abnormal, data loss prevention and security information event management work pretty well. But that’s not usually the case.
I work with organizations each and every day, building out their cybersecurity programs. During my many conversations with security teams struggling with data loss prevention (DLP) and security information event management (SIEM) — and the security vendors that support them — I have noticed a surprising trend. Each time either DLP or SIEM is mentioned, they are described as products– a DLP Product or an SIEM Product.
Butthe reality of the matter is that the products are not the problem. The central issue is a misunderstanding of what SIEM and DLP truly are: a process, not a product.
To read the entire article, please click here.