SIEM

August 3, 2015

SECURITY

Getting to Know Tom Powledge, Vice President of Cisco Managed Security Services

After several months leading the managed security services portfolio at Cisco, I sat down with the social media team to discuss my path to Cisco, the evolution of the security market, and the future of security. [Note: This is an abridged version of the full interview.] Q: After nearly 20 years at Symantec, why did […]

May 5, 2014

SECURITY

The Continuum Approach for Secure Mobility

A couple weeks ago, we spoke about the mobility journey and the phases that organizations take as they embrace the widely accepted mode of mobility—Beyond BYOD to Workspace Mobility (device-focus, application-focus and experience-focus). Whatever phase your organization is in, security is a top priority. These phases can help determine your secure mobility approach but your […]

January 23, 2014

SECURITY

Security Realities of IoT (Internet of Things)

Are you a security professional or IT professional just resolving the security issues with BYOD (bring-your-own-device)? Watch out, BYOD was a precursor or warm up exercise to the tsunami just hitting your shores now. The SANS Institute just completed a survey on the security viewpoints on IoT, predominantly with security and IT professionals. 78% of […]

December 18, 2013

SECURITY

Beware: Insider Threats Getting Worse

Most recently ESG/Vormetric came out with a threat report that highlighted the increase in insider threats & the significance to augment perimeter and host-based security. The rationale behind the increase was that more people are accessing the network, increase cloud and network traffic are making it difficult to isolate the problem. Almost 50% of the […]

November 1, 2013

SECURITY

Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy

CSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our malware and hacking problem under control.   If you’ve been a security engineer for more than a few years, no doubt you’ve received a directive […]

October 24, 2013

SECURITY

To SIEM or Not to SIEM? Part II

The Great Correlate Debate SIEMs have been pitched in the past as "correlation engines" and their special algorithms can take in volumes of logs and filter everything down to just...

October 18, 2013

SECURITY

Getting a Handle on Your Data

When your incident response team gets access to a new log data source, chances are that the events may not only contain an entirely different type of data, but may also be formatted differently than any log data source you already have. Having a data collection and organization standard will ease management and analysis of […]

October 9, 2013

SECURITY

Making Boring Logs Interesting

This post centers around the practice of logging data - data from applications, devices, and networks - and how the components of data logging can help in the identification and remediation of network events.

October 3, 2013

SECURITY

Big Security—Mining Mountains of Log Data to Find Bad Stuff

Your network, servers, and a horde of laptops have been hacked. You might suspect it, or you might think it’s not possible, but it’s happened already. What’s your next move? The dilemma of the “next move” is that you can only discover an attack either as it’s happening, or after it’s already happened. In most […]