SIEM

Segmenting networks using Security Group Access Control Lists (SGACL) reduces the threat surface by limiting the reach of attacks in east-west traffic to within segments. By sending the permit and deny logs generated by the SGACLs to SIEM applications, SecOps can analyze and correlate them with indicators of compromise generated by other security appliances.

Who doesn’t remember the simple questions you had as a kid, or you now get as an adult from your children: “Why is the banana crooked?” “Why is the sky blue” “Why do people get sick?” That last question is especially relevant today with the current situation – we deal daily with the question “Am […]

After several months leading the managed security services portfolio at Cisco, I sat down with the social media team to discuss my path to Cisco, the evolution of the security market, and the future of security. [Note: This is an abridged version of the full interview.] Q: After nearly 20 years at Symantec, why did […]

A couple weeks ago, we spoke about the mobility journey and the phases that organizations take as they embrace the widely accepted mode of mobility—Beyond BYOD to Workspace Mobility (device-focus, application-focus and experience-focus). Whatever phase your organization is in, security is a top priority. These phases can help determine your secure mobility approach but your […]

Are you a security professional or IT professional just resolving the security issues with BYOD (bring-your-own-device)? Watch out, BYOD was a precursor or warm up exercise to the tsunami just hitting your shores now. The SANS Institute just completed a survey on the security viewpoints on IoT, predominantly with security and IT professionals. 78% of […]

Most recently ESG/Vormetric came out with a threat report that highlighted the increase in insider threats & the significance to augment perimeter and host-based security. The rationale behind the increase was that more people are accessing the network, increase cloud and network traffic are making it difficult to isolate the problem. Almost 50% of the […]

CSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our malware and hacking problem under control.   If you’ve been a security engineer for more than a few years, no doubt you’ve received a directive […]

The Great Correlate Debate SIEMs have been pitched in the past as "correlation engines" and their special algorithms can take in volumes of logs and filter everything down to just...

When your incident response team gets access to a new log data source, chances are that the events may not only contain an entirely different type of data, but may also be formatted differently than any log data source you already have. Having a data collection and organization standard will ease management and analysis of […]