Communication between Security and Infrastructure Teams is CRITICAL!

No matter how big or small your enterprise is, or how talented your security team is, communication between the Infrastructure and Security teams is critical.  Let me explain.

Even with a mature change management program, I am always amazed at how complex technology really is.  If a security team has email alerts setup for SIEM and other logging systems, and the Infrastructure team makes an otherwise “unknown” change to lock down mail relay, all of a sudden security alerts are no longer being sent.  And you don’t receive an alert that the alerts aren’t working.  Thankfully, if you have a baseline set of alerts that your analysts expect to receive each day and they don’t receive them, it should trigger someone on the team to question what’s wrong.

A security team with all the fancy tools, DLP, IDS, SIEM, etc are only as good as the analysts watching them!