Welcome to Memo 22
Protective Monitoring is, simply put, using the log, alert and audit data (let's call it event data) from systems to determine if a security event has occurred so that it can be identified before serious harm can result.
However, collecting terabytes of event data is not the end of objective; protective monitoring seeks to make sense of that data and provide meaningful insight to the security of the network. Making sense out of all that event data normally takes some special sauce! In protective monitoring terms this is usually some kind of intelligent monitoring software and Memo 22 is here to provide an independent view on all forms of Security Information and Event Management.
Like any branch of information security it requires in-depth knowledge in a wide range of topics.
This site is for you if you are interested in:
- Identifying and analyse a variety of log and audit data
- Understanding the value & cost of event data
- Make better decisions on what to log and how much to keep and for how long
- Define Security use cases for event data
- Combining event intelligence across a variety of systems and networks to
- identify real threats
- Defining Reports & Dashboards that providing valuable information for all
- levels of an organisation
- Configuring Rules an Alerts that identify real threats
- Continuous Improvement and tuning of log and audit data
- Discover different ways of visualising event data
- Forensic Readiness
- A framework for Protective Monitoring
- Governance & Policy for Protective Monitoring
- Compliance with PCI DSS, SoX, HIPAA and many others
- Security Metrics