Blog Posts Tagged with "SIEM"


Learn a Scripting Language to Make Security Work Easier

March 07, 2011 Added by:Brent Huston

Understanding programming logic basics is a huge plus for security folks who might have a more network/systems-centric background. It will help you understand a lot more about how applications work in your environment and how to best interact with them in ways to protect them...

Comments  (6)


Security Information and Event Management (SIEM) Implementation

February 24, 2011 Added by:Ben Rothke

Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details...

Comments  (0)


Security Predictions for 2011

February 16, 2011 Added by:Anton Chuvakin

My past experience predicting shows that I am a cowardly, extrapolating predictor – and can get a lot of easy, obvious stuff right. I will do some of it now as well since there is nothing wrong with “Feynman prediction methodology”: predicting that whatever is there now will stay the same in the future...

Comments  (0)


Bottom Eleven Log Management Worst Practices

February 08, 2011 Added by:Anton Chuvakin

Many organizations talk about “best practices”. The definition is often fuzzy but can be loosely related to the practices that generally lead to great results. Following the same model, here are the “worst practices” in the area of SIEM and log management that I have observed over the years:..

Comments  (0)


Security Information and Event Management Implementation

January 25, 2011 Added by:Anton Chuvakin

The book has unfortunate signs of being written by a team of others who didn’t talk to each other. Despite the promises of implementation guidance, it leaves some of the very complex SIEM issues untouched – and even unmentioned. Also, it is much stronger on the “what” then on “how"...

Comments  (0)


Ten Things Log Management Vendors Won't Tell You

January 20, 2011 Added by:Anton Chuvakin

While many people have seen 10 things that your chef, real-estate agent, wedding planner or pilot won’t tell you, the world has not yet seen Top 10 things your log management vendor won't tell you. Finally, this gap is now closed...

Comments  (0)


Companies Catching Up in the Corporate Security Race

January 17, 2011 Added by:Lindsay Walker

It seems to me that corporate security is some sort of race, with companies constantly chasing after hackers for first place. With hackers continually on to the next scheme before companies even detect something's wrong, will companies ever be able to catch up?

Comments  (0)


False Positives: The Best Way to Kill a Good Initiative

January 05, 2011 Added by:Robb Reck

The more we raise alerts about issues that either don't exist, or aren't worth the attention we give them, the less interested people are in hearing what we have to say. If we do it too much, eventually when we scream that the wolf is at the door, we will be ignored, and see our data get eaten up...

Comments  (0)


Gartner Report: Critical Capabilities for SIEM

January 02, 2011 Added by:Heather Howland

This research will help project managers, who are responsible for selecting a security information and event management (SIEM) solution, evaluate products from 12 of the major vendors in the segment...

Comments  (0)


Addressing the Post-Stuxnet Landscape

December 16, 2010 Added by:Chris Blask

In the shadow of Stuxnet it is no longer diligent for Control System operators to put off addressing the issue of computer-based attacks on their systems. Neither is it realistic to expect Control System operators to introduce the level of uncertainty intrinsic in securing the Controllers..

Comments  (3)


If Woody Had Gone to the Police...

December 14, 2010 Added by:J. Oquendo

The entire situation could have been avoided by implementing defense in depth. Had the United States military implemented something as simple as Data Loss Protection (DLP) combined with an SIEM, those cables might not have made it to WikiLeaks...

Comments  (1)


Complete PCI DSS Log Review Procedures Part 2

December 09, 2010 Added by:Anton Chuvakin

It is important to note that such a list has its roots in IT governance “best practices,” which prescribe monitoring access, authentication, authorization change management, system availability, and suspicious activity...

Comments  (0)


Complete PCI DSS Log Review Procedures Part 1

December 06, 2010 Added by:Anton Chuvakin

This is a complete and self-contained guidance document that can be provided to people NOT yet skilled in the sublime art of logging and log analysis, in order to enable them to do the job and then grow their skills. This is the first post in the long, long series..

Comments  (3)


Project Honeynet Log Mysteries Challenge Lessons

November 23, 2010 Added by:Anton Chuvakin

We just finished grading the results of Project Honeynet Log Mysteries” Challenge, and there are some useful lessons for BOTH future challenge respondents and to log analysts and incident investigators everywhere. If you look at the challenge at high level, things seem straight forward...

Comments  (0)


What Should I Want? Or How NOT to Pick an SIEM

November 12, 2010 Added by:Anton Chuvakin

The allure of asking that question is truly irresistible when dealing with somebody who – presumably – knows more than you do about a particular subject. I am not shocked when a SIEM prospect asks that question of a vendor sales guy or – slightly better – a field engineer...

Comments  (0)


The Business Case for a Next-Generation SIEM

October 31, 2010 Added by:Heather Howland

In the current economic climate, organizations face the difficult task of prioritizing where to spend their limited budgets so that they emerge from these uncertain times as viable companies. Feeling this pain most acutely are those who deliver critical network services and applications...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »