SIEM

Good Insight from Gartner on How to Do SIEM Right: Part 1

In a recently released report from Gartner titled, SIEM Technology, Market and Vendor Assessment, (Gartner.com client access needed to get the full report), Gartner analysts Anton Chuvakin and Augusto Barros gave their latest take on the SIEM market, as well as provided eight specific recommendations for organizations that are looking to acquire a solution.  While…

Reducing The Noise

Today, enterprise infrastructures are borderless and are generating more data than ever. Coupled with the fact that more and more breaches are happening every year, it’s not a matter of “if we get breached”, it’s “when we get breached.” Organizations not only require a team of skilled security professionals, but also advanced security controls to detect and respond…

The CISO White Elephant Party

The holiday season is the storm before the calm. Available time is occupied with getting ready for end-of-quarter / end-of-year, squeezing in meetings before folks depart, shopping, and of course attending white elephant gift exchange parties. These parties are notorious for exchanging absurd gifts that are burdensome, possibly expensive, and serve little purpose. If you’re…

What Would You Call the Market for Today’s Threat Detection and Response Solutions?

What would you call the market for security monitoring solutions that help organizations better detect investigate, and respond to advanced security threats? Five or ten years ago you could certainly be excused if you referred to this market as “SIEM”.  However, today what the right answer is is not clear, other than it certainly isn’t…

My Kinda SOC

A Security Operations Center(SOC) helps enterprises detect,respond and investigate security incidents. As breaches continue to grow, more enterprises are looking for building or outsourcing their SOC. This blog lists some of the capabilities that today’s SOC should have. This, of course, is my own view and I welcome you to send any comments via Twitter – follow…

The Malicious Insider: Hiding in Plain Sight

Insider attacks are different from external attacks because insiders already have a foothold in the organization.  As defined by  CERT, “a malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or…

A Use Case for Success

RSA’s Advanced Cyber Defense Practice routinely works with customers on optimizing their detection and response capabilities. Often times we observe a wide-ranging array of alerts and reports generating hundreds, if not thousands, of tickets in the incident management system. When that occurs, it’s essential to reflect on the true value of injecting those alerts and reports.…

The Evolution is Here: Moving Beyond Log Centric SIEM

Evolution is a powerful thing. Change in our external surroundings affects our genetic makeup over time. Humans have adapted over millions of years by dropping our tails, standing upright and acquiring language. Nature’s way of making sure only the strongest traits, functions and cells survive dictate how we interact and sustain ourselves every single day.…

Snow Blind: Visibility in the Whitespace

Boston is just beginning to recover from the snowiest winter on record.  The snowman my son and I made in December was completely covered by the second blizzard in January.  Just last weekend we found his hat, scarf, nose (carrot) and buttons (pebbles) all piled on the front yard.  The poor guy had a hard…

The Big Data Security Analytics Era Is Here

By Matthew Gardiner, Senior Manager, RSA Security Management & Compliance My blog today reflects on newly published research from Jon Olstik at ESG (from whom I borrowed the title of this blog), which covers the collision of advanced threats, security monitoring, SIEM, big data technologies and techniques, and organizational security maturity.  In the paper Jon…