infosec
Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy
7 min read
CSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our malware and hacking problem under control. If you’ve been a security engineer for more than a few years, no doubt you’ve received a directive […]
To SIEM or Not to SIEM? Part II
10 min read
The Great Correlate Debate SIEMs have been pitched in the past as "correlation engines" and their special algorithms can take in volumes of logs and filter everything down to just...
To SIEM or Not to SIEM? Part I
7 min read
Security information and event management systems (SIEM, or sometimes SEIM) are intended to be the glue between an organization's various security tools. Security and other event log sources export their...
Big Security—Mining Mountains of Log Data to Find Bad Stuff
4 min read
Your network, servers, and a horde of laptops have been hacked. You might suspect it, or you might think it’s not possible, but it’s happened already. What’s your next move? The dilemma of the “next move” is that you can only discover an attack either as it’s happening, or after it’s already happened. In most […]
2