A Security Information and Event Management (SIEM) system is the most effective measure because it serves as the central nervous system for a Security Operations Center (SOC). It aggregates, normalizes, and correlates log data from a wide array of disparate sources across the organization, including network devices, servers, applications, and endpoints. This centralized visibility allows analysts to detect complex threats that span multiple systems, which would be missed by monitoring individual components in isolation. By providing a unified platform for analysis and alerting, a SIEM directly enhances an organization's ability to detect and respond to security incidents in a comprehensive and timely manner.

A. Deploying endpoint detection and response (EDR) tools to all devices.

EDR provides critical endpoint visibility but lacks the holistic network-wide context from firewalls, proxies, and other infrastructure that a SIEM provides by design.

C. Increasing the frequency of network scans to detect potential vulnerabilities.

This is a proactive vulnerability management activity, not a real-time threat detection and visibility tool. It identifies potential weaknesses, not active attacks.

D. Relying solely on application logs for monitoring.

This approach creates massive blind spots by ignoring essential data from operating systems, network devices, and endpoints, making comprehensive threat detection impossible.

---

1. National Institute of Standards and Technology (NIST). (2006). Special Publication 800-92, Guide to Computer Security Log Management.

Section 3.1, "Log Management Infrastructures," Page 3-1: States, "By centralizing the collection and storage of log data, organizations can gain a more complete picture of the activity on their networks and systems... Centralized logging also supports the correlation of log data from multiple sources." This directly supports the function of a SIEM as the most effective tool for comprehensive visibility.

2. Zajac, K. (2021). Lecture 18: Intrusion Detection. In CS 161: Computer Security. University of California, Berkeley.

Slide 43, "Security Information and Event Management (SIEM)": The lecture notes describe SIEMs as systems that "Collect logs from many sources... Correlate events from different sources" to provide a unified view for security monitoring, highlighting their central role in a SOC.

3. Tounsi, W., & Rais, H. (2018). A survey on technical threat intelligence in the age of big data. Computers & Security, 72, 212-233.

Section 4.1, "Security Information and Event Management (SIEM)": The paper describes SIEM as a "main component in a Security Operation Center (SOC)" that provides "real-time analysis of security alerts generated by network hardware and applications," reinforcing its primary role in enhancing visibility for threat detection. DOI: https://doi.org/10.1016/j.cose.2017.09.001