SIEM
Giving SecOps a New Weapon with Security Group Access Control Lists
Segmenting networks using Security Group Access Control Lists (SGACL) reduces the threat surface by limiting the reach of attacks in east-west traffic to within segments. By sending the permit and deny logs generated by the SGACLs to SIEM applications, SecOps can analyze and correlate them with indicators of compromise generated by other security appliances.
“Are we affected?” – A simple question, but quite hard to answer
Who doesn’t remember the simple questions you had as a kid, or you now get as an adult from your children: “Why is the banana crooked?” “Why is the sky blue” “Why do people get sick?” That last question is especially relevant today with the current situation – we deal daily with the question “Am […]
Getting to Know Tom Powledge, Vice President of Cisco Managed Security Services
After several months leading the managed security services portfolio at Cisco, I sat down with the social media team to discuss my path to Cisco, the evolution of the security market, and the future of security. [Note: This is an abridged version of the full interview.] Q: After nearly 20 years at Symantec, why did […]
The Continuum Approach for Secure Mobility
A couple weeks ago, we spoke about the mobility journey and the phases that organizations take as they embrace the widely accepted mode of mobility—Beyond BYOD to Workspace Mobility (device-focus, application-focus and experience-focus). Whatever phase your organization is in, security is a top priority. These phases can help determine your secure mobility approach but your […]
Security Realities of IoT (Internet of Things)
Are you a security professional or IT professional just resolving the security issues with BYOD (bring-your-own-device)? Watch out, BYOD was a precursor or warm up exercise to the tsunami just hitting your shores now. The SANS Institute just completed a survey on the security viewpoints on IoT, predominantly with security and IT professionals. 78% of […]
Beware: Insider Threats Getting Worse
Most recently ESG/Vormetric came out with a threat report that highlighted the increase in insider threats & the significance to augment perimeter and host-based security. The rationale behind the increase was that more people are accessing the network, increase cloud and network traffic are making it difficult to isolate the problem. Almost 50% of the […]
Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy
CSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our malware and hacking problem under control. If you’ve been a security engineer for more than a few years, no doubt you’ve received a directive […]
To SIEM or Not to SIEM? Part II
The Great Correlate Debate SIEMs have been pitched in the past as "correlation engines" and their special algorithms can take in volumes of logs and filter everything down to just...
Getting a Handle on Your Data
When your incident response team gets access to a new log data source, chances are that the events may not only contain an entirely different type of data, but may also be formatted differently than any log data source you already have. Having a data collection and organization standard will ease management and analysis of […]
2