Blog Posts Tagged with "SIEM"

39728eff8ac87a48cfb050f0df29ceaa

From Russia with Malice? The REAL Issue Behind the Illinois 'Attack'

November 30, 2011 Added by:John Linkous

It’s an all too familiar story; something doesn’t feel right, but confirming whether something has happened, if it is something you should be concerned about, what the vector of the potential attack might be, and what you can do to mitigate the damage is very difficult to pinpoint...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

ICS Cybersecurity: Water, Water Everywhere

November 21, 2011 Added by:Chris Blask

Monitoring of water treatment networks using common SIEM or log management tools offers the kind of capability that can address the need for visibility into control system behavior. The ICS networks found in water facilities are deterministic systems with highly predictable behavior...

Comments  (4)

0a8cae998f9c51e3b3c0ccbaddf521aa

Enterprise Security: Over Budget, Over Extended, Under Prepared

November 11, 2011 Added by:Rafal Los

When your organization's house is on fire, the pressure's on to put it out immediately rather than worry about long-term sustainability. The best time to formulate a strategy is pre-breach. Unfortunately, this is often the time when you probably won't have the funds... details, details...

Comments  (1)

69850a58aa122f9d42c80b2d502dec6a

Small Goals Lead to Bigger Results

November 01, 2011 Added by:Joshua Lochner

Based on application flows and the importance placed on a web presence, the goal is to configure notification level alerts to be sent to the System Administrators for security related events from the three servers in the front-end web server cluster, and configure emergency alerts...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Why Less Log Data is Better

October 05, 2011 Added by:Danny Lieberman

One of the crucial phases in estimating operational risk is data collection: understanding what threats, vulnerabilities you have and understanding not only what assets you have (digital, human, physical, reputational) but also how much they’re worth in dollars...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Webinar: Cybersecurity for Electrical Cooperatives

September 21, 2011 Added by:Infosec Island Admin

Free Webinar: NESCO is charged by the DoE with providing information on collaboration, tactical awareness, rapid notification, forensics and applied research. Steve Parker, NESCO Lead, will be hosting the session along with AlienVault's Chris Blask and Trusted Metrics' Michael Menefee...

Comments  (0)

39728eff8ac87a48cfb050f0df29ceaa

SIEM: An Epitaph Blog Post

September 14, 2011 Added by:John Linkous

It is with sadness that today we announce the death of SIEM. Born to a fanfare of promises at the dawn of the information economy as we know it, SIEM was lauded as a tool that would protect an increasing volume of data from prying eyes and ne'er-do-wells - on the inside and the outside...

Comments  (5)

7fef78c47060974e0b8392e305f0daf0

Cybersecurity for Electrical Cooperatives - A Webinar

September 12, 2011 Added by:Infosec Island Admin

Free Webinar: NESCO is charged by the DoE with providing information on collaboration, tactical awareness, rapid notification, forensics and applied research. Steve Parker, NESCO Lead, will be hosting the session along with AlienVault's Chris Blask and Trusted Metrics' Michael Menefee...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

Paper Frames Debate on Big Brother in Critical Infrastructure

September 08, 2011 Added by:Chris Blask

The three scenarios exercise the legal issues of government access to information of increasing depth. The first two speak to capabilities that should be further developed -honeynets and continuous monitoring - while the third scenario in part touches on workforce development...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Got A Pile of Logs from an Incident: What to Do?

September 01, 2011 Added by:Anton Chuvakin

If you received any hints with the log pile, then you can search for this and then branch out to co-occurring and related issues and drill-down as needed, but then your investigation will suffer from “tunnel vision” of only seeing this initially reported issue and that is, obviously, a bad idea...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

The Unfinished State of our National ICS Reporting System

August 23, 2011 Added by:Chris Blask

The rather petulant tone of the advisory indicates problems with the way our system is setup as well as insufficient process and staffing being applied to outbound communications. Certainly, advisories with content and tone like this one are not a step in the right direction...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Webinar: Cybersecurity for Electrical Cooperatives

August 22, 2011 Added by:Infosec Island Admin

Free Webinar: NESCO is charged by the DoE with providing information on collaboration, tactical awareness, rapid notification, forensics and applied research. Steve Parker, NESCO Lead, will be hosting the session along with AlienVault's Chris Blask and Trusted Metrics' Michael Menefee...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Top Ten Criteria for an SIEM

August 15, 2011 Added by:Anton Chuvakin

I spent years whining about how use cases and your requirements should be driving your SIEM purchase. And suddenly Anton shows up with a simple Top 10 list. This list was built with some underlying assumptions which I am not at liberty to disclose. Think large, maybe think SOC, think complex environment...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On SIEM Services

August 06, 2011 Added by:Anton Chuvakin

When a SIEM vendor tries to sell you services, it is NOT vendor greed – but simply common sense. And if you say “no”, it is not “saving money” – but being stupid. SIEM success out-of-the-box, while real in some cases, is a pale shadow of what a well-thought through deployment looks like...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On Broken SIEM Deployments

August 02, 2011 Added by:Anton Chuvakin

In this post, I want to address one common #FAIL scenario: a SIEM that is failing because it was deployed with a goal of real-time security monitoring, all the while the company was nowhere near ready (not mature enough) to have any monitoring process and operations criteria for it...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Practical Packet Analysis Using Wireshark

July 24, 2011 Added by:J. Oquendo

I am not trying to write a scathing review, I am basing my review on experience.. I have used Wireshark since it was created in 1998 when it was called Ethereal. I have used both Wireshark and Omnipeek every single day for over a decade...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »