No matter how big or small your enterprise is, or how talented your security team is, communication between the Infrastructure and Security teams is critical.  Let me explain.

Even with a mature change management program, I am always amazed at how complex technology really is.  If a security team has email alerts setup for SIEM and other logging systems, and the Infrastructure team makes an otherwise “unknown” change to lock down mail relay, all of a sudden security alerts are no longer being sent.  And you don’t receive an alert that the alerts aren’t working.  Thankfully, if you have a baseline set of alerts that your analysts expect to receive each day and they don’t receive them, it should trigger someone on the team to question what’s wrong.

A security team with all the fancy tools, DLP, IDS, SIEM, etc are only as good as the analysts watching them!