Blog Posts Tagged with "SIEM"

A966b1b38ca147f3e9a60890030926c9

Webinar: Industrial Control Systems SIEM

July 13, 2011 Added by:Chris Blask

Physical security and industrial process data is correlated with real time situational awareness of cyber assets to produce constant visibility. Join this free webinar to explore the efficiency and ease of use of AlienVault ICS SIEM...

Comments  (2)

Ebb72d4bfba370aecb29bc7519c9dac2

Algorithmic SIEM “Correlation” Is Back?

June 18, 2011 Added by:Anton Chuvakin

One of the ways out of ill-fitting default rules is in use of event scoring algorithms and other ruleless methods. While not without known limitations, can be extremely useful in environments where correlation rule tuning is not likely to happen, no matter how many times we say it should...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

The NIST EMAP is Out

June 11, 2011 Added by:Anton Chuvakin

The Event Management Automation Protocol (EMAP) is a suite of interoperable specifications designed to standardize the communication of event management data. EMAP is an emerging protocol within the NIST Security Automation Program, and is a peer to similar automation protocols...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

Flying Blind in Critical Infrastructure

June 07, 2011 Added by:Chris Blask

Once you get your head around the idea that you cannot trust your cyber devices you find it fits with existing industrial ideology quite well. The answer is to do your best to build a reliable cyber system - just as you do with the physical assets - then monitor it like a convicted criminal...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Impending Doom and IT Security's Downward Spiral

June 06, 2011 Added by:Rafal Los

If you've been in Information Security for any meaningful period of time you can surely side with the frustration and disappointment many of the long-time residents of Infosec-ville are feeling as breach after breach piles on in the news. The result of all of this is a downward spiral...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

AlienVault Releases SCADA SIEM for Critical Infrastructure

May 31, 2011 Added by:Headlines

"We have a solution that can address the security and compliance needs of customers in process control industries including electric power utilities, public works and oil & gas. You just cannot get that level of capability, reliability and integration with legacy IT or ICS solutions..."

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On Gartner's SIEM Magic Quadrant 2011

May 29, 2011 Added by:Anton Chuvakin

I think the concept of Magic Quadrant is brilliant. However, many wrong SIEM purchase decisions I’ve seen made usually stem from the decision maker’s own ignorance and not from whatever document or market visualization he has in his possession. Keep this in mind…

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

How to Replace an Enterprise SIEM

May 18, 2011 Added by:Anton Chuvakin

Be prepared to keep the old SIEM running - without paying for the support contract, of course - or at least keep the old data backups – this becomes important if complete data migration is impossible due to architecture differences between the new and old SIEMs...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Advanced Persistent Threats - Blame It On REO

April 10, 2011 Added by:J. Oquendo

We can never stop an attacker from trying to compromise us, it is out of our control. This does not mean that we cannot stop connections from leaving that machine. After all, controlling what leaves a machine will always be more important than what is coming INTO a machine...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Open Source Log Management Tools List

April 08, 2011 Added by:Anton Chuvakin

This page lists a few popular free open-source log management and log analysis tools. The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident. It can also be used for routine periodic log review...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Log Forensics and “Original” Events

April 03, 2011 Added by:Anton Chuvakin

Since the early days of my involvement in SIEM and log management, this question generated a lot of delusions and just sheer idiocy. A lot of people spout stuff like “you need original logs in court” without having any knowledge about forensics in general. So, what is an “original” event?

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Why Defense in Depth Will Never Be Sufficient

March 30, 2011 Added by:J. Oquendo

Defense in depth is a great approach at defending from the outside in, but far too many professionals are entrenched in getting this right while attackers are increasingly “punching holes” on their way out. Defense in Depth is not going to solve the "advanced persistent” issue...

Comments  (5)

Ebb72d4bfba370aecb29bc7519c9dac2

SIEM Resourcing and Calculating the Associated Costs

March 14, 2011 Added by:Anton Chuvakin

That SIEM appliance might set us back $75,000 in hard earned security budget dollars, but how much more will we have to spend in the next 3 years deploying, integrating, using, tuning, cursing, expanding the thing? How much manpower will the new operational procedures cost us?

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Learn a Scripting Language to Make Security Work Easier

March 07, 2011 Added by:Brent Huston

Understanding programming logic basics is a huge plus for security folks who might have a more network/systems-centric background. It will help you understand a lot more about how applications work in your environment and how to best interact with them in ways to protect them...

Comments  (6)

3e35900ae6facc6c146a85c435c71d82

Security Information and Event Management (SIEM) Implementation

February 24, 2011 Added by:Ben Rothke

Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Security Predictions for 2011

February 16, 2011 Added by:Anton Chuvakin

My past experience predicting shows that I am a cowardly, extrapolating predictor – and can get a lot of easy, obvious stuff right. I will do some of it now as well since there is nothing wrong with “Feynman prediction methodology”: predicting that whatever is there now will stay the same in the future...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »