Next, insert appropriate morbid jokes <here> for "IDS is dead", "NAC is dead", "GRC is dead", everybody is dead... WTF? Are we at the cemetery or what? Is "dead" dead? Yeah, but it came back as a zombie :-) So, "dead" is a "living dead" "dead" now. Ha*3.

Finally, think! Why were you thinking of buying a SIEM? 'Cause the big "G" in the sky said so? And while you are thinking, check these fun points out:

1. Does your SIEM require 17 beefy servers to operate? How many gallons of foreign oil have to go up in smoke to power that mammoth up? And you know what happened to mammoths, don't you?
2. If your "high-performance" SIEM appliance can only run 5 correlation rules at the same time, what "high" do they mean, really? Hold this thought....
3. Is five field engineers, two developers and CTO enough to install it? Who else needs to help? Ah, sorry, I missed the DBA :-)
4. Do you know when "If CustomVariable17 = Value5" condition matches? Will you still remember it in a year?
5. Can you tell "taxonomy" from "ontology"? You can now? Good for you. Are you more secure now? More efficient? Compliant?
6. How many shifts of security analysts do you have watching the shiny consoles 24/7? If zero, then why - oh - why those consoles are running in the first place? "If a tree falls..." - you know how this one ends. Correct! You get hit by the bough.
7. When was the last time you built a custom agent for parsing and normalizing, say, SAP logs? Did it work? What did you do after it didn't? Cried? And did it help? Then a burly vendor SE showed up, charged you $37,600 and left? Happy now?
8. Do you automatically correlate IDS/IPS alerts with vulnerability data ... for client-side attacks? Really? :-)
9. There are dozens of firewall, IDS/IPS, router, etc brands, each with its own log type. This is actually simple! But there are thousands upon thousands of applications in use today. Some have logs. All are different. Care to build rules for that? Now you finally know why SIEM vendors don't parse their own Java logs (no shit!)
10. Do you know what "threat x vulnerability x random()" equals to? Yup, it still equals random(). Automated prioritization, you say?
11. Do you know why some SIEM vendors are migrating to IT GRC now? So they can go and die there ... quietly.

All in all, I have to agree with Raffy to a large extent!  The world has evolved - and SIEM has not. It might not be dead (as old attacks and defenses never really die and large organization still build and man massive SOCs where SIEM is "a must"), but in this age of web application hacking, CSRF and XSS, phishing, PCI DSS, massive bot armies, client-side 0-days, stealth malware, etc, paying $x,000,000 for a pile of ugly Java code is insane ... As a result, SIEM has greatly diminished in importance and has become just one small thing you might do with logs and some other data. What made it so? Mostly implementation complexity - but a slew of other factors mentioned above as well.

So, consider this instead:

• Compliance? "Sorry, buddy, you need this for compliance, not that. "
• Want to simplify your incident response? Get log management and fly through all your logs, not crawl through some of them.
• Have a very real need to dig into your logs for troubleshooting or tracking that pesky user? Log management works.

Now, what if you have a latent and vague desire to "correlate something" and a million nice greenbacks to flush down the drain? OK, go get your SIEM toy for $780,000 + 20% maintenance/year ... a true bargain (price valid today only).

Finally, I would like to end this on an optimistic note. Do we need more intelligence to analyze the log data we have collected? Of course! Do we have a widest set of log use cases from today's security  to tomorrow's regulations? You bet. And, for you Raffy, I'd add "... we also have other data to analyze together with logs." So, can we "reinvent SIEM?" Yes, I think so! It just hasn't been done yet ... For now, just use log management.

O2 will offer iPhone 3G for free along with extensive Wi-Fi coverage: AT&T may still be sorting out how Wi-Fi service will be included in its cell plans, but O2 had already provided free Wi-Fi to supplement scanty EDGE service in the UK. The new iPhone 3G will be offered fully subsidized to subscribers of £45 or higher tariffed services, along with 9,500 hotspots through BT OpenZone and The Cloud.

SanDisk buys MusicGremlin: The innovative Wi-Fi-enabled music player was and remains far in advance of the features found in the iPod touch, iPhone, and Zune, but the company behind the product couldn't get a fire lit under it. Sales figures were never disclosed, but it's never been on the list of top-selling players in the market. SanDisk's acquisition will shut down the product and its music service, but it will absorb the people and technology. I met with the founders of the company many years ago, and were impressed by how far ahead they were of everyone in the industry.

Zyxel introduces VOIP-connected Wi-Fi camera: I think they threw a bunch of buzzwords into a blender, but it's rather clever. The camera connects to a network via Wi-Fi, and has SIP (Session Initiation Protocol) embedded. SIP is used for VoIP and as part of gatewaying Internet telephony. The V750W gets its own phone number, and can be controlled remotely through either a real phone using the public telephone network, or a soft phone using SIP. It's being resold, not sold to consumers directly, as a monitoring tool. It includes two-way audio. The camera can also place a phone call if an intruder monitor is tripped. Why not just give it an IP address like other such cameras? SIP, if implemented correctly, can traverse private networks' NAT (Network Address Translation) gateway limits.

The Eye-Fi Explore product relies on Skyhook Wireless's system of analyzing the signal strength of nearby Wi-Fi networks to extrapolate latitude and longitude. Eye-Fi ties that into their system to stamp images with locations. This deal also ties into Wayport's domestic network of 10,000 hotspots, most of which are McDonald's outlets, allowing free uploading via those systems. The purchase price covers one year of hotspot service. You can upgrade an existing Eye-Fi to the new feature for a fee. All three products work with Mac OS X Tiger and Leopard, and Windows XP/Vista.

Because Skyhook needs a live Web connection to look up the Wi-Fi environment, Eye-Fi can store the Wi-Fi snapshot when the picture is taken, and manage inserting the appropriate photo metadata (EXIF format) at upload for Flickr and other services that support geotagging.

Geotagging is a very popular idea, something that I'm quite taken with because it pairs the act of taking a photograph with the location at which the picture is taken, making a digital photograph seem a little less untied to reality. But until now, it's been generally quite involved to match a picture with coordinates. A handful of specialized cameras embed GPS chips, and there's software to facilitate other methods, but the cost and battery drain of GPS chips have apparently so far kept it from being a widely deployed feature, while the wonkiness of alternatives doesn't appeal to mainstream users.

Sony once sold this wacky GPS companion (which I just found out isn't available in either released model) that would track your location over time, and use that information to geotag images via a special software program that let you pair its stream of data with your photographs.

Eye-Fi and Skyhook are doing something almost the same, since the camera isn't capturing the GPS data, and the Eye-Fi isn't applying the information live, much of the time. But it's eminently more usable than the Sony system, because the Eye-Fi handles the assembly seamlessly for you.

Now there's just one thing to worry about. Think about this: McDonald's are everywhere, and nearly all of the U.S. locations have Wi-Fi. The Eye-Fi uploads whenever it can, as long as the camera is turned on. You're geotagging images without any effort. Okay, got it? So...you call in sick to work, and run off to take some photos. Your boss, using RSS to subscribe to your Flickr feed, not only sees your pictures as you wander the town, unknowningly promiscuously uploading them via quick-serve restaurants' networks, but also knows precisely where you are.

This makes me suggest that you might set your Flickr upload preferences to keep images private and your geotagging preferences the same. You can then expose the images you want for public consumption. The Panoptican is...us!