You work as a cybersecurity consultant for an organization that is building out its cybersecurity infrastructure. You have identified and implemented all critical elements, including firewalls, intrusion prevention systems, and endpoint detection and response systems.
Which tool would you now recommend that will normalize incoming data from various types of flows and logs and will serve as a cornerstone for threat hunting?
- border router with security firewall enabled
- DDoS appliance
- SIEM or SOAR
threat intelligence platform, such as Cisco SecureX with Cisco Talos
| Explanation & Hint:
To serve as a cornerstone for threat hunting and normalize incoming data from various types of flows and logs in a cybersecurity infrastructure that includes firewalls, intrusion prevention systems, and endpoint detection and response systems, I would recommend implementing a SIEM (Security Information and Event Management) or SOAR (Security Orchestration, Automation, and Response) platform. SIEM and SOAR systems are designed to collect, normalize, correlate, and analyze security event data from various sources, including logs and network flows. They provide a centralized platform for threat detection, incident response, and threat hunting. These platforms offer the ability to create custom queries, alerts, and reports for in-depth analysis and proactive threat hunting. They are essential tools for normalizing and aggregating security data from diverse sources, helping security teams identify and respond to threats effectively. While a threat intelligence platform, like Cisco SecureX with Cisco Talos, is valuable for accessing threat intelligence feeds, it may not provide the comprehensive normalization and analysis capabilities required for threat hunting across a variety of data sources. |