|
Most online users have experienced it. You do an online search for healthcare purposes, travel information, or something to buy and soon you're being bombarded with emails and targeted online ads for everything related to your search. That's because browser cookies were tracking you as you performed your searches; they identified you and your activity.
Over the past few years, the online advertising industry has been undergoing a sea change as regulators restricted how cookies can be used and browser providers moved away from their use in response to consumer outcries over privacy.
"They often feel surveilled; some even find it ‘creepy' that a website can show them ads related to their behavior elsewhere," according to a recent study by the HEC Paris Business School.
To read this article in full, please click here
|
|
It's been 17 years and counting since Nemertes first wrote about the logic of integrating event response in the enterprise: bringing together the security operations center (SOC) and network operations center (NOC) at the organizational, operational, and technological levels. Needless to say, this has not happened at most organizations, although there has been a promising trend toward convergence in the monitoring and data management side of things. It's worth revisiting the issue.
Why converge?
The arguments for convergence remain pretty compelling:
Both the NOC and SOC are focused on keeping an eye on the systems and services comprising the IT environment; spotting and understanding anomalies; and spotting and responding to events and incidents that could affect or are affecting services to the business.
Both are focused on minimizing the effects of events and incidents on the business.
The streams of data they watch overlap hugely.
They often use the same systems (e.g. Splunk) in managing and exploring that data.
Both are focused on root-cause analysis based on those data streams.
Both adopt a tiered response approach, with first-line responders for "business as usual" operations and occurrences, and anywhere from one to three tiers of escalation to more senior engineers, architects, and analysts.
Most crucially: When something unusual happens in or to the environment (that router is acting funny), it can be very hard to know up front whether it is fundamentally a network issue (that router is acting funny - it has been misconfigured) or a security issue (that router is acting funny - it has been compromised) or both (that router is acting funny - it has been misconfigured and is now a serious vulnerability). Having fully separate NOC and SOC can mean duplicative work as both teams pick something up and examine it. It can mean ping-ponging inciden
|
|
