As the world becomes more digitized and interconnected, the door to emerging security leaks has opened wider. Today, there are billions of RFID tags for items including products, passports, buildings and animals. With more than two billion Internet users and cellular phone subscriptions now exceeding five billion, nearly one in three people worldwide surfs the Internet.1 The amount of information created and replicated—the digital universe—is more than doubling every two years.

Like so many other things in today’s world, cyber attacks— along with those who perpetrate them—are becoming more sophisticated every year. At the same time, IT resources are moving outside the firewall and enterprises are distributing their applications and data across multiple devices. It’s now clear that simply protecting an organization’s perimeter is not enough. These sophisticated attacks—which include advanced persistent threats, or APTs—are bypassing traditional defenses. We know all too well how major security incidents can affect a company’s data, networks and corporate brand. We also know that sophisticated attacks, designed to gain continuous access to critical information or to cause damage in critical infrastructure, are becoming more severe, more frequent and more costly.

“Security intelligence” is a term that is commonly used within the information security community, but one that often lacks clarity and definition. Closely aligned with security incident and event management (SIEM), security intelligence is best defined as: “Security intelligence (SI) is the real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise. The goal of Security intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.” First generation security intelligence and SIEM products have promised much to a security industry weighed down by a growing list of responsibilities and held back by stagnant budgets. Having implemented previous “panacea” products, such as intrusion detection (IDS) and intrusion prevention systems (IPS), security and risk professionals know that some of these tools bring burdens that may match or even outweigh their benefits, commonly in the form of considerable resources required to manage the solution. In the current economic environment, additional resources are a luxury only a few can contemplate.

Global organizations are increasingly emphasizing business resilience, that is, the ability to adapt rapidly to a continuously changing business environment. This movement has led to important changes in the roles of IT professionals as they become progressively more engaged in managing all types of risk confronting the organization.

Almost from the beginning of widespread adoption of computers, organizations realized that disaster recovery was a necessary component of their information technology (IT) plans. Business data had to be backed up, and key processes like order entry, billing, payroll and procurement needed to continue even if an organization’s data center was disabled due to a disaster. Over time, two distinct disaster recovery models emerged: dedicated and shared. Although both of these approaches were effective, they often forced organizations to choose between cost and speed.