You are viewing 'SIEM'
Joseph (J.B.) Blankenship | February 07, 2013
Over the last few months I’ve become a huge fan of the FX show, “American Horror Story.” My girlfriend is also a fan and introduced me to the series in the middle of season two. Since I am new to the series, we are now watching episodes from season one that we recorded on the DVR (I love my DVR).
Season one is absolutely outstanding, and although my girlfriend knows every plot twist and surprise that’s coming, she’s not giving anything away. Aside from the captivating story, I noticed something from season one that’s a little weird (well, actually the entire plot of the show is weird, but I digress).
The weird thing I’m referring to is the security guard the Harmon family (the family at the center of American Horror Story season one) hired when they had their new alarm system installed. Most alarm systems nowadays are monitored by a monitoring center. When the... read more >
Tags: security, it security, MSSP, false positives, intruder, monitoring, network, security monitoring, SIEM
Court Little | September 04, 2012
Recently, I was interviewed for an article on the 10 ways companies tend to fail PCI audits (shameless plug:http://www.darkreading.com/security/news/240004877/10-ways-to-fail-a-pci-audit.html). This prompted me to think about PCI from another perspective: What are the hardest PCI requirements to fulfill?
‘Hardest’ can be measured many ways. Some will measure by capital cost necessary to meet a requirement; others will measure by the operational daily cost (fancy way to say manpower) to maintain and perform a certain function. Others will measure ‘hard’ by a mix of the two and may add complexities like training to get people qualified to perform some requisite PCI function (i.e., getting proper Secure Application Coding training etc.). In large part, I would argue that the hardest (note that I am not saying ‘most... read more >
Tags: log monitoring, managed security service provider, MSSP, PCI, PCI Compliance, SIEM
Joseph (J.B.) Blankenship | July 20, 2011
Recently, a friend of mine posted on his Facebook wall that he had been the victim of a “smash and grab” robbery and that the local 911 center was completely useless when he called. In fact, they didn’t even bother to send the police out to investigate the incident. The victim then had to make an appointment later in the week to meet with an officer and fill out a report to satisfy the insurance. This response is a far cry from Law and Order or CSI where a full forensics team shows up on the scene moments after the incident occurs.Pay to Play
Police departments around the country are also either refusing to respond to automatic alarms, deprioritizing the response or passing the cost along to the homeowners or businesses when they respond to false alarms. Seattle redefined their False Alarm Program for 2011,... read more >
Tags: security, ActiveGuard, data breach, information security, Managed Security Services, SIEM
Joseph (J.B.) Blankenship | January 28, 2011
Years ago, during the summer just after receiving my undergraduate degree, I had a lot of time on my hands. To thwart boredom, I decided to try doing something “constructive” — building a model. Being a bit of a Star Wars geek, I purchased a model of the Millennium Falcon. The box containing the model was huge and promised to yield a scaled-down version of Han Solo’s trusty starship that was no less than 18 inches in length. When I opened the box, I was a bit surprised to find that it contained approximately two billion plastic pieces and some instructions that appeared to be written in Sanskrit.
Undeterred, I went to the local hobby store and purchased supplies like glue, paint and paintbrushes. Now, I had invested heavily in this project (remember, I just graduated from college and was still working for minimum wage at the time). I sat down and attempted to decipher what the instructions wanted me to do. I struggled mightily to make sense of... read more >
Tags: log management, log monitoring, Managed Security Services, MSSP, SIEM, Solutionary
Doug Picotte | May 12, 2010
Hello music and security lovers. I recently sat through an information security webinar, in which the speaker said that security event log correlation is the "mothers' milk" of Security Information and Event Management.
Specifically, he was emphasizing how important this is (or SHOULD be) for a Managed Security Service Provider (MSSP). The distinguished speaker went on to say that some MSSPs demonstrate their correlation capabilities through animation or by "cartoon", as he described it. As I sat through the webinar, I wondered what questions our customers would have regarding the incredible buzzword of correlation.
1. As a customer, why should I care about correlating security event logs?
2. What value does correlation provide, and how does it benefit my business?
So, a "low tech" attacker goes to the hardware store and purchases a ski mask, duct tape, crow bar and a... read more >
Tags: security, Managed Security Services, MSSP, SIEM