Blog Posts Tagged with "SIEM"


When You Are Overwhelmed With Alerts, it is Time to Automate.

January 07, 2015 Added by:Michael Leland

Your security team is getting alerts from internal sensors, threat intelligence from multiple sources, and potential indicators of attack or compromise from your SIEM. Relying on these human filters to decode, deduce, and decide what is relevant takes valuable time and can result in long delays between attack, detection, and containment.

Comments  (2)


Transforming SIEM - Gain Actionable Intelligence for Securing Information Assets (Webcast)

July 23, 2013 Added by:InfosecIsland News

In this webcast, our guest, John Kindervag, Principal Analyst, Security and Risk Management at Forrester Research, will describe a data security and control framework for collecting and analyzing new types of IT data to transform SIEM into a security and IT analytics tool.

Comments  (0)


The Search for Infosec Minds

November 01, 2012 Added by:Ian Tibble

Since the early 2000s, I have commented in different forms on the state of play, with a large degree of cynicism, which was greeted with cold reservation, smirks, grunts, and various other types of un-voiced displeasure, up to around 2009 or so. But since at least 2010, how things have changed...

Comments  (0)


Real World Information Security

September 05, 2012 Added by:Tripwire Inc

Alex uncovered a poorly designed web page and convinced it to give up its secrets. What followed was a quick RDP war trying to plant our backdoor. I found myself with root level access having blasted away at it using Metasploit and uncovered several Easter eggs instructors had planted...

Comments  (0)


Is Packet Capture Critical? Heck Yes...

September 04, 2012 Added by:Richard Stiennon

Beaconing detection is a feature in the fastest growing security solutions in the market. I am tracking most of these vendors at 100% annual growth rates, a sure sign of a trend. Intelligent packet capture is a must-have technology in every cyber defense armament...

Comments  (1)


Detecting Unknown Application Vulnerabilities "In Flight"

July 10, 2012 Added by:Rafal Los

While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....

Comments  (0)


Logging: Opening Pandora's Box - Part 3 - Paralysis

May 17, 2012 Added by:Rafal Los

Paralysis can come from over-dependence on analysis. You've heard the term "analysis paralysis" where someone spends so much time trying to make the perfect decision while factors change that ultimately no decision is made before the deadline passes or some event happens...

Comments  (0)


Logging: Opening Pandora's Box - Part 2 - Elation

May 10, 2012 Added by:Rafal Los

Once you get over the anxiety of logging, a wave of elation generally hits. Whether you're getting excited about being able to catch evil-doers in the act, or the capability to notice system failures before they happen logging can save your skin more than you'd think...

Comments  (0)


Logging: Opening Pandora's Box - Part 1 - Anxiety

May 09, 2012 Added by:Rafal Los

You're probably worried that log analysis is going to consume all of your time, or you'll find out that your organization has been pwn3d for years and all your data has been exfiltrated in real-time and your latest database is being copied off to China... aren't you?

Comments  (0)


Smart Grid Security, Challenges and Change

May 08, 2012 Added by:Larry Karisny

The cost and time of trying to become compliant with guidelines and standards will put smart-grid security years off before it can achieve any security solutions. There must be a way out of what people in the security business are now calling the "smart grid security circus"...

Comments  (0)


ICS-CERT: Planning for a Cyber Incident?

May 08, 2012 Added by:Infosec Island Admin

Organizations without an existing incident response capability should consider establishing one. To aid control systems owners and operators, the CSSP has prepared a Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability...

Comments  (0)


Outsourcing SIEM and Log Analysis

April 29, 2012 Added by:Marc Quibell

What are the risks of MSSPs managing the detection and analysis of network activity data for your company? There are some events that, if detected early, may avert lawsuits, data breaches and other embarrassing or career-ending moments for a company...

Comments  (4)


Wait, What? Someone Has to Look at Those Logs?

April 26, 2012 Added by:Jack Daniel

Monitoring the performance of your MSSP is cheap insurance- the last thing you want to face is a failure of your service and the need to rebuild an in-house program. You thought getting all that data pushed out to the MSSP was a pain- just imagine trying to get it back...

Comments  (1)


A Tribute to Our Oldest and Dearest Friend - The Firewall

April 22, 2012 Added by:Ian Tibble

We have a lot of bleeding edge software and hardware products in security backed by fierce marketing engines which set unrealistic expectations. Out of all these products, the oldest carries the highest bang for our bucks - the firewall...

Comments  (0)


Protecting Your Enterprise by Breaking It

April 20, 2012 Added by:Rafal Los

In a nutshell, if you (in information security) haven't broken things in your organization's networks, you're likely terribly unprepared for when things to wrong and thus are doing it wrong. Now, before you come all unhinged, read the rest of this post...

Comments  (0)


Webinar: Reducing Visibility Costs with Unified Security Management

April 17, 2012 Added by:Infosec Island Admin

Webinar: Thursday, April 19, 2012 12:00 PM - 1:00 PM EST - Beyond improving your basic defenses, understand how unifying security management can maintain compliance and provide visibility into your infrastructure at a lower cost than traditional approaches...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »