This blog was originally published May 6, 2021 on humio.com. Humio is a CrowdStrike Company.

For this episode of The Hoot, we were joined by Simon Phillips, a security operations expert and distinguished Humio customer.

Simon discusses the importance of data, including data at the edge for effective incident prevention and investigation. Security is driven by data, it’s the heart of your IT systems. The more data you have access to, the more insights your SOC analysts have to help them quickly determine where to start their investigations.

As an industry veteran, Simon recalls the pain points around using index-based databases and having to predetermine what data you might or might not need due to storage and search constraints. Being able to search and correlate data across different departments and sources is critical for security operations.

The speed and scalability of a modern log management platform are some of the big differentiators. In particular, the speed of data ingestion and the ability to quickly search a lot of data over a long period of time are key for his team.

Simon speaks to the importance of his team’s process and having an attack-driven defense mindset. The intelligence gathered from the data helps them to see what happens when simulating an attack so they can work to keep hardening their defenses against cyberthreats.

Moving away from separate silos between departments, having streamlined practices, and visibility across all systems is key to continue to make improvements around threat prevention and detection.

Listen to the podcast to hear:

• Strategies around data collection to ensure your team can quickly get to the root cause of an incident
• Why an attack-driven defense is important for security teams
• How modern log management enables threat prevention and detection
• Thoughts on industry trends and how companies can continue to harder their defenses