-
Operational Security Intelligence
SecuritySecurity intelligence, threat intelligence, cyber threat intelligence, or “intel” for short is a popular topic these days in the Infosec world. It seems everyone has a feed of “bad” IP
Read More -
Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy
SecurityCSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our
Read More -
To SIEM or Not to SIEM? Part II
SecurityThe Great Correlate Debate SIEMs have been pitched in the past as “correlation engines” and their special algorithms can take in volumes of logs and filter everything down to just
Read More -
To SIEM or Not to SIEM? Part I
SecuritySecurity information and event management systems (SIEM, or sometimes SEIM) are intended to be the glue between an organization’s various security tools. Security and other event log sources export their
Read More -
Getting a Handle on Your Data
SecurityWhen your incident response team gets access to a new log data source, chances are that the events may not only contain an entirely different type of data, but may
Read More -
Making Boring Logs Interesting
SecurityThis post centers around the practice of logging data – data from applications, devices, and networks – and how the components of data logging can help in the identification and
Read More -
Big Security—Mining Mountains of Log Data to Find Bad Stuff
SecurityYour network, servers, and a horde of laptops have been hacked. You might suspect it, or you might think it’s not possible, but it’s happened already. What’s your next move?
Read More