[SecurityRatty] tag: siem

Links for 2008-12-02 [del.icio.us]

Tue, 02 Dec 2008 21:00:00 +0000

Monthly Blog Round-Up November 2008

Tue, 02 Dec 2008 13:24:00 +0000

As we all know, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is an attempt to remind people of useful content from the past month! If you are “too busy to read the blogs” (!), at least read these.

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics.

Amazingly, this month by far the #1 post is my “'Blogging from DeepSec 2008 in Vienna.” DeepSec was indeed an awesome conference.
Last month, I said that “SIEM bashing reached a new high.” OMFG. What should I say now? I dunno. In any case, “11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!" is on the top list. BTW, “On Open Source in SIEM and Log Management” is also again on the top list, to much of my amazement.
Again and again, PCI compliance is obviously still all the rage: MUST-DO Logging for PCI? post was again propelled to a place in my monthly Top5 list.
Get a firewall AND a fire extinguisher, now, will ya? Is it too much to ask? :-) The post “On Small Companies and PCI Compliance” is on the Top list.
Shockingly, AGAINx2 :-) this month, the "Top 11 Reasons to Secure and Protect Your Logs" came up as on the Top list. BTW, see my other logging polls and my other “top 11” lists.

See you in December. Also see my annual “Top Posts” (2007)

Possibly related posts / past monthly popular blog round-ups:

Technorati Tags: blog,security,loggings,monthly

Links for 2008-11-26 [del.icio.us]

Wed, 26 Nov 2008 21:00:00 +0000

Decurity Blog
SIEM is NOT dead, but if High-Tower’s recent announcement is any indication it certainly will become a thinner herd in the very near future.

SIEM Is Not What Is SIEMs Nowadays...

Tue, 25 Nov 2008 12:40:00 +0000

"Aliso Viejo-based High Tower Software, a venture-backed developer of security, compliance, and log management software, has shut down."

Wonna go into SIEM market, anybody?

CSI SIEM Summit Slides and Notes

Mon, 24 Nov 2008 11:45:00 +0000

As I mentioned, I did this fun "SIEM Summit" at CSI 35th in DC. Here are my slides from the event; feel free to pick on them :-)

SIEM: Is It What Is SIEMs? Security Information and Event Management Summit at CSI 35th Conference

View SlideShare presentation or Upload your own. (tags: security siem)

Links for 2008-11-20 [del.icio.us]

Thu, 20 Nov 2008 21:00:00 +0000

Got SIEM? - Part IV « eIQviews
Customers tend to use SIEM technologies for more reactive efforts, such as post-event forensics, rather than as a true correlation solution to determine unusual behavior or policy violations before they have a chance to affect systems and data.
SIEM Blog » Unrestricted Data Collection for Maximum Compliance and Forensic Visibility
Beast Or Buddha » Blog Archive » So we own your client database and everything important to you…
Web Developer: “Just because you can do that doesn’t mean we have a major problem like you say it is. It’s just you that did it!” SG dude: “Well more than likely, others have….we didn’t do anything fancy…”. Web Developer: “Well nothing has ever happened so it’s just you guys!” SG dude: “You have no logging”. Web Developer: “We’ve never been hacked!”
On Data Loss Prevention (DLP) » My Wife Finally Knows What I Do
The Two Kinds Of Security Threats, And How They Affect Your Life | securosis.com
We get money for noisy threats, and get called paranoid freaks for trying to prevent quiet threats (which can still lose our organizations a boatload of money, but don’t interfere with the married CEO’s ability to flirt with the new girl in marketing over email).
Marcus Ranum on Network Security - CSO Online - Security and Risk
The real best practices have been the same since the 1970s: know where your data is, who has access to what, read your logs, guard your perimeter, minimize complexity, reduce access to "need only" and segment your networks.

Links for 2008-11-19 [del.icio.us]

Wed, 19 Nov 2008 21:00:00 +0000

QualysGuard PCI Pass/Fail Status Criteria - Qualys
Press Releases - November 11, 2008 - Q1 Labs
free, downloadable, log management and compliance product that provides organizations with visibility across their networks, data centers, and infrastructures
Healthy Paranoia: Top 50 Internet Security Blogs by The Daily Netizen
GOVCERT.NL Symposium 2008
Looking for Trouble - WSJ.com
ClearNet Security : It’s hard to build a smart SIEM
If you find yourself evaluating SIEM products, dig in and investigate how each works - you don’t want yesterday’s product.
PCI Perspectives by Dave Taylor
Lehman Bros 'killed by complexity' (physicsworld.com Blog) - physicsworld.com

Come Meet at CSI in DC

Mon, 17 Nov 2008 03:44:00 +0000

If you are in DC, come meet me during/after SIEM Summit or catch me at the show floor (ask at Qualys booth)

Events per Second the difference between a target and an assurance

Sun, 16 Nov 2008 21:00:00 +0000

We’ve been getting a good few questions recently about how many Events Per Second a SIEM product support. Well, that depends on a few factors:

The transport – processing Syslog events takes up a heck of a lot less processing power than collecting from a Windows box. Same with collecting data over an ODBC connection.

Links for 2008-11-10 [del.icio.us]

Mon, 10 Nov 2008 21:00:00 +0000