Extending observability with the Cisco Observability Platform
There’s long been a need for better visibility and correlated insights across applications, cloud environments, and user experiences. And the need has only intensified with: Applications becoming increasingly virtualized, cloud-native, and distributed Data availability and security becoming more paramount User experiences increasingly tied to business productivity and success Having a comprehensive visibility solution that pieces […]
How to easily collect Cisco MDS 9000 log files
Troubleshooting MDS 9000 fabrics starts from collecting tech-support files and contacting the Cisco TAC. What is the suggested approach for doing so?
Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy
CSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our malware and hacking problem under control. If you’ve been a security engineer for more than a few years, no doubt you’ve received a directive […]
To SIEM or Not to SIEM? Part II
The Great Correlate Debate SIEMs have been pitched in the past as "correlation engines" and their special algorithms can take in volumes of logs and filter everything down to just...
To SIEM or Not to SIEM? Part I
Security information and event management systems (SIEM, or sometimes SEIM) are intended to be the glue between an organization's various security tools. Security and other event log sources export their...
Getting a Handle on Your Data
When your incident response team gets access to a new log data source, chances are that the events may not only contain an entirely different type of data, but may also be formatted differently than any log data source you already have. Having a data collection and organization standard will ease management and analysis of […]
Making Boring Logs Interesting
This post centers around the practice of logging data - data from applications, devices, and networks - and how the components of data logging can help in the identification and remediation of network events.
Big Security—Mining Mountains of Log Data to Find Bad Stuff
Your network, servers, and a horde of laptops have been hacked. You might suspect it, or you might think it’s not possible, but it’s happened already. What’s your next move? The dilemma of the “next move” is that you can only discover an attack either as it’s happening, or after it’s already happened. In most […]