Blog Posts Tagged with "SIEM"

Ebb72d4bfba370aecb29bc7519c9dac2

Bottom Eleven Log Management Worst Practices

February 08, 2011 Added by:Anton Chuvakin

Many organizations talk about “best practices”. The definition is often fuzzy but can be loosely related to the practices that generally lead to great results. Following the same model, here are the “worst practices” in the area of SIEM and log management that I have observed over the years:..

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Security Information and Event Management Implementation

January 25, 2011 Added by:Anton Chuvakin

The book has unfortunate signs of being written by a team of others who didn’t talk to each other. Despite the promises of implementation guidance, it leaves some of the very complex SIEM issues untouched – and even unmentioned. Also, it is much stronger on the “what” then on “how"...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Ten Things Log Management Vendors Won't Tell You

January 20, 2011 Added by:Anton Chuvakin

While many people have seen 10 things that your chef, real-estate agent, wedding planner or pilot won’t tell you, the world has not yet seen Top 10 things your log management vendor won't tell you. Finally, this gap is now closed...

Comments  (0)

0c4ca84ec3f3f2d57194f8e0cbd5ba85

Companies Catching Up in the Corporate Security Race

January 17, 2011 Added by:Lindsay Walker

It seems to me that corporate security is some sort of race, with companies constantly chasing after hackers for first place. With hackers continually on to the next scheme before companies even detect something's wrong, will companies ever be able to catch up?

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

False Positives: The Best Way to Kill a Good Initiative

January 05, 2011 Added by:Robb Reck

The more we raise alerts about issues that either don't exist, or aren't worth the attention we give them, the less interested people are in hearing what we have to say. If we do it too much, eventually when we scream that the wolf is at the door, we will be ignored, and see our data get eaten up...

Comments  (0)

1961d93172f8088a077c52e638e31f41

Gartner Report: Critical Capabilities for SIEM

January 02, 2011 Added by:Heather Howland

This research will help project managers, who are responsible for selecting a security information and event management (SIEM) solution, evaluate products from 12 of the major vendors in the segment...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

Addressing the Post-Stuxnet Landscape

December 16, 2010 Added by:Chris Blask

In the shadow of Stuxnet it is no longer diligent for Control System operators to put off addressing the issue of computer-based attacks on their systems. Neither is it realistic to expect Control System operators to introduce the level of uncertainty intrinsic in securing the Controllers..

Comments  (3)

850c7a8a30fa40cf01a9db756b49155a

If Woody Had Gone to the Police...

December 14, 2010 Added by:J. Oquendo

The entire situation could have been avoided by implementing defense in depth. Had the United States military implemented something as simple as Data Loss Protection (DLP) combined with an SIEM, those cables might not have made it to WikiLeaks...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 2

December 09, 2010 Added by:Anton Chuvakin

It is important to note that such a list has its roots in IT governance “best practices,” which prescribe monitoring access, authentication, authorization change management, system availability, and suspicious activity...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 1

December 06, 2010 Added by:Anton Chuvakin

This is a complete and self-contained guidance document that can be provided to people NOT yet skilled in the sublime art of logging and log analysis, in order to enable them to do the job and then grow their skills. This is the first post in the long, long series..

Comments  (3)

Ebb72d4bfba370aecb29bc7519c9dac2

Project Honeynet Log Mysteries Challenge Lessons

November 23, 2010 Added by:Anton Chuvakin

We just finished grading the results of Project Honeynet Log Mysteries” Challenge, and there are some useful lessons for BOTH future challenge respondents and to log analysts and incident investigators everywhere. If you look at the challenge at high level, things seem straight forward...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

What Should I Want? Or How NOT to Pick an SIEM

November 12, 2010 Added by:Anton Chuvakin

The allure of asking that question is truly irresistible when dealing with somebody who – presumably – knows more than you do about a particular subject. I am not shocked when a SIEM prospect asks that question of a vendor sales guy or – slightly better – a field engineer...

Comments  (0)

1961d93172f8088a077c52e638e31f41

The Business Case for a Next-Generation SIEM

October 31, 2010 Added by:Heather Howland

In the current economic climate, organizations face the difficult task of prioritizing where to spend their limited budgets so that they emerge from these uncertain times as viable companies. Feeling this pain most acutely are those who deliver critical network services and applications...

Comments  (0)

7477d0986a135e5e948d70e9995a609c

Log Consolidation, SIEM or Both?

October 17, 2010 Added by:John Verry

In the old days there was a fundamental decision to make when implementing log management technology. It boiled down to whether or not you needed the increased capabilities of SIEM such as real-time correlation and advanced integration with other core systems...

Comments  (5)

C787d4daae33f0e155e00c614f07b0ee

Coping with the Inevitability of a Data Breach

October 13, 2010 Added by:Robb Reck

While an attacker will eventually figure out a way around your firewall, as soon as they do a good SIEM can alert the NOC and send technicians rushing to respond. In a perfect world, we will keep attackers, both external and internal, from having the opportunity to exploit our systems. But the reality is that breaches do occur...

Comments  (0)

1961d93172f8088a077c52e638e31f41

Real Time Social Media Monitoring and Correlation

September 29, 2010 Added by:Heather Howland

The Internet has revolutionized how individuals and corporations interface with the each other, and now social networks are revolutionizing how we interface with the Internet. Unfortunately, these innovations have come at a tremendous cost to enterprise security efforts...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »