Security information and event management systems (SIEM, or sometimes SEIM) are intended to be the glue between an organization’s various security tools. Security and other event log sources export their alarms to a remote collection system like a SIEM, or display them locally for direct access and processing. It’s up to the SIEM to collect, sort, process, prioritize, store, and report the alarms to the analyst. It’s this last piece that is the key to an effective SIEM deployment, and of course the most challenging part. In the intro to this blog series I mentioned how we intend to describe our development of a new incident response playbook. A big first step in modernizing our playbook was a technology overhaul, from an outdated and inflexible technology to a modern and highly efficient one. In this two-part post, I’ll describe the pros and cons of running a SIEM, and most importantly provide details on why we believe a log management system is the superior choice.
Deploying a SIEM is a project. You can’t just rack a new box of packet-eating hardware and expect it to work. It’s important to understand and develop all the proper deployment planning steps. Things like scope, business requirements, and engineering specifications are all factors in determining the success of the SIEM project. Event and alarm volume in terms of disk usage, and retention requirements must be understood. There’s also the issue of how to reliably retrieve remote logs from a diverse group of networked devices without compatibility issues. You must be able to answer questions like: Read More »
Tags: CSIRT, csirt-playbook, incident response, infosec, logging, logs, NCSAM, ncsam-2013
As we pass the halfway point of National Cyber Security Awareness Month (NCSAM), I wanted to call attention to some of our colleagues over on the Cisco Government Blog. Patrick Finn and Peter Romness have been busy this month espousing the need for security and we thought it would be beneficial to expose our readers to their thoughts on security that have been published on the Cisco Government Blog space. Read More »
Tags: government, NCSAM, ncsam-2013, security
As our team has prepared for Educause 2013 this week, we have been talking a lot about technology in higher education and how it’s impacting colleges, universities, students and staff. Of course, robot soccer was not the first thing that came to mind, but it’s a great example of how different technologies are changing education forever.
Bowdoin College, which you may remember from last year’s #1 Most Connected College, is one of my favorite case studies because it points out that people have to TRUST technology for it to really be effective. Trust is a big word, really – I know I’m not the only person who is a little gun shy when I think about updating my phone to a new software version. So, when a professor has a class full of students and says “let’s all stream this video right now”, it’s important that it actually works – or professors risk losing student attention, losing time and facing maximum frustration levels.
Read More »
Tags: byod, campus network, cleanair, cloud, edu13, educause, ISE, NCSAM, robocup, secure access, security, wireless
More and more we are seeing the education landscape change to include more technology for collaboration and mobile learning. Colleges and universities are enabling secure networks for staff and students to access resources on-campus and off. With October being National Cybersecurity Awareness Month (NCSAM) and Educause next week, we are hearing a lot of talk about the importance of campus network security and threats. Read More »
Tags: Cisco, collaboration, cybersecurity, edu13, education, educause, mobile learning, national cybersecurity awareness month, NCSAM, netflow, secure mobility, security
This month, we are marking the tenth anniversary of National Cyber Security Awareness Month (NCSAM). The goal is to raise awareness and educate Americans about the importance of cyber security. Agencies and organizations are holding events and driving initiatives to engage Americans in a discussion about how to establish safer practices.
NCSAM sheds light on the most pressing topics in security, including mobility, education, cyber crime and critical infrastructure. In alignment with NCSAM’s mission, we are sharing our own cyber security best practices, advice and resources.
Read More »
Tags: cybersecurity, government, mobility, national cybersecurity awareness month, NCSAM, security