Incident response was tough enough when the challenge was getting to the bottom of what happened. For most organizations, when an incident is detected or suspected, gathering enough data to piece together what happened requires several hours of work piecing the logs together. The reason is simple: The majority of security appliances report what happened, but not who was behind the activity, historical information about that system or similar events.

But today, regulatory compliance requirements are built on a strong security rationale for tying identity to activity. The reality is that