However, we know that the reality is much different and that we need to take some things into account:
- There are different types of firewalls that have their own logs. These logs need to be reviewed for each firewall:
- Network firewalls between network segments
- Each web application firewall log
- There are multiple applications that IT operations need to maintain and manage.
- There are multiple domains that may need to be monitored and managed.
As depicted here, we've only started with two web applications and two domains. We can assume to an untrained eye that the solution may be as simple as ensuring that we have an RASCI set up to manage these items, as depicted in the following figure:
However, this is not the case as one or two people may be responsible for the entire IT continuous monitoring capability.