Blog Posts Tagged with "Log Management"

959779642e6e758563e80b5d83150a9f

Log Management: Debugging Security

February 18, 2012 Added by:Danny Lieberman

Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Dangers of Non-Contextual Pattern Matching

February 15, 2012 Added by:Rafal Los

Even a system inconsistency such as an abnormal page transition velocity on your flagship web application can be overlooked - until you put all those together and realize you're being SQL Injected and someone is stealing your multi-terabyte database out from under you...

Comments  (0)

F1161c69043d967cbd5b2a0fb8d0f6d4

ACL Complexity and Unknown Vulnerabilities

November 21, 2011 Added by:Brett Scott

If the only way to tell if the ACLs are properly configured is to use another detection mechanism that is capable of identifying improper traffic and nobody had anything like that on their networks, then how many networks are completely vulnerable and do not know it?

Comments  (1)

D8853ae281be8cfdfa18ab73608e8c3f

MSFConsole Prompt Fiddling

November 17, 2011 Added by:Rob Fuller

In my presentation at DerbyCon 2011 we talked about using SCREEN and SCRIPT to keep connections live / use them across SSH sessions, and log everything. What we didn't cover is the fact that there isn't a time stamp for those logs. Now, Metasploit has multiple ways of creating logs...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Why Less Log Data is Better

October 05, 2011 Added by:Danny Lieberman

One of the crucial phases in estimating operational risk is data collection: understanding what threats, vulnerabilities you have and understanding not only what assets you have (digital, human, physical, reputational) but also how much they’re worth in dollars...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Got A Pile of Logs from an Incident: What to Do?

September 01, 2011 Added by:Anton Chuvakin

If you received any hints with the log pile, then you can search for this and then branch out to co-occurring and related issues and drill-down as needed, but then your investigation will suffer from “tunnel vision” of only seeing this initially reported issue and that is, obviously, a bad idea...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On Broken SIEM Deployments

August 02, 2011 Added by:Anton Chuvakin

In this post, I want to address one common #FAIL scenario: a SIEM that is failing because it was deployed with a goal of real-time security monitoring, all the while the company was nowhere near ready (not mature enough) to have any monitoring process and operations criteria for it...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Log Management at Zero Cost and One Hour per Week?

August 01, 2011 Added by:Anton Chuvakin

CAN one REALLY do a decent job with log management (including log review) if their budget is $0 AND their time budget is 1 hour/week? I got asked that when I was teaching my SANS SEC434 class a few months ago and the idea stuck in my head. The only plausible way that I came up with is...

Comments  (3)

F520f65cba281c31e29c857faa651872

Understanding the Customer is the Key to Success

July 27, 2011 Added by:Rahul Neel Mani

ArcSight which was acquired by HP last year was started when the Dot Com bubble had burst. CTO Forum talks to Hugh Njemanze, ArcSight Founder and VP & CTO, HP Security Solutions about the company’s journey so far and how the company has been able to sustain a robust growth...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

The NIST EMAP is Out

June 11, 2011 Added by:Anton Chuvakin

The Event Management Automation Protocol (EMAP) is a suite of interoperable specifications designed to standardize the communication of event management data. EMAP is an emerging protocol within the NIST Security Automation Program, and is a peer to similar automation protocols...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

How to Replace an Enterprise SIEM

May 18, 2011 Added by:Anton Chuvakin

Be prepared to keep the old SIEM running - without paying for the support contract, of course - or at least keep the old data backups – this becomes important if complete data migration is impossible due to architecture differences between the new and old SIEMs...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance

April 14, 2011 Added by:Anton Chuvakin

FISMA emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to secure the information systems that support its operations and assets. Here is what is likely needed for a successful FISMA-driven log management implementation...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Open Source Log Management Tools List

April 08, 2011 Added by:Anton Chuvakin

This page lists a few popular free open-source log management and log analysis tools. The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident. It can also be used for routine periodic log review...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Log Forensics and “Original” Events

April 03, 2011 Added by:Anton Chuvakin

Since the early days of my involvement in SIEM and log management, this question generated a lot of delusions and just sheer idiocy. A lot of people spout stuff like “you need original logs in court” without having any knowledge about forensics in general. So, what is an “original” event?

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Defense in Depth is Necessary, But Not Sufficient

March 28, 2011 Added by:Robb Reck

Cyber warfare raises the possibility that weapons may not fire when we count on them, or healthcare systems may not function properly when lives are at stake. The appropriate level of acceptable risk in these areas is extremely small and requires the very best security measures we can implement...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »