My Kinda SOC

A Security Operations Center(SOC) helps enterprises detect,respond and investigate security incidents. As breaches continue to grow, more enterprises are looking for building or outsourcing their SOC. This blog lists some of the capabilities that today’s SOC should have. This, of course, is my own view and I welcome you to send any comments via Twitter – follow…

Read More

The Malicious Insider: Hiding in Plain Sight

Insider attacks are different from external attacks because insiders already have a foothold in the organization.  As defined by  CERT, “a malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or…

Read More

A Use Case for Success

RSA’s Advanced Cyber Defense Practice routinely works with customers on optimizing their detection and response capabilities. Often times we observe a wide-ranging array of alerts and reports generating hundreds, if not thousands, of tickets in the incident management system. When that occurs, it’s essential to reflect on the true value of injecting those alerts and reports.…

Read More

The Evolution is Here: Moving Beyond Log Centric SIEM

Evolution is a powerful thing. Change in our external surroundings affects our genetic makeup over time. Humans have adapted over millions of years by dropping our tails, standing upright and acquiring language. Nature’s way of making sure only the strongest traits, functions and cells survive dictate how we interact and sustain ourselves every single day.…

Read More

Snow Blind: Visibility in the Whitespace

Boston is just beginning to recover from the snowiest winter on record.  The snowman my son and I made in December was completely covered by the second blizzard in January.  Just last weekend we found his hat, scarf, nose (carrot) and buttons (pebbles) all piled on the front yard.  The poor guy had a hard…

Read More

The Big Data Security Analytics Era Is Here

My blog today reflects on newly published research from Jon Olstik at ESG (from whom I borrowed the title of this blog), which covers the collision of advanced threats, security monitoring, SIEM, big data technologies and techniques, and organizational security maturity. In the paper Jon clearly brings forward his argument – with which I completely agree – that security threats have changed and thus the tools used and approaches for defense need to change significantly. I recognize this sounds a bit clichéd, but read the paper and you will see that there is a clear argument and evidence to back up this claim. One very obvious technical trend is that the flood of security data that is required to provide the visibility that is necessary to improve the organization’s defenses, have gone up — way, way up.

Read More