For all the right reasons, your company has been thinking about deploying
SIEM…to create an alert system when those with less than good intentions
come knocking; to remediate potential network threats; to comply with
federal, state or industry regulations; and identify the risks and
vulnerabilities throughout the enterprise IT infrastructure and architecture.
If you maintain even a modest (SMB -> Fortune 1000) organization that has any
online identity, SIEM should be the cornerstone of your asset protection
First and foremost, SIEM (and to a certain extent log management) is about
visibility. Who is doing what and when on your network. It is as much about
understanding the holistic landscape of your infrastructure as it is
protecting proprietary assets. Without it, it’s akin to coaching the Big
Game without any idea who is the opponent; or for that matter... (more)
In my experience there are two types of enterprise IT departments: those that
maintain the status quo and those looking to continuously explore and
It is truly unfortunate how many fall into the former category. But the
problem with IT security is that it's an ever-evolving and moving target. So
the decision to not dip your toe in the water and understand all available
options could mean the difference between a panicked 3am call regarding a
breach alert or a good night’s sleep.
I realize this is an over generalization, and oftentimes the decision to
“stay the course”... (more)
Today's is a cautionary tale. One that you've probably heard before, but I
promise a new spin on making sure it won't happen again.
It's a true story. It recently happened to a colleague's friend's business.
But it is not an isolated incident. Because the information is sensitive and
the wounds still raw, I have changed the names to protect the innocent and
It was a dark and stormy night...
Dan is the CEO and CTO of a privately owned business that develops software
tools to manage lease lifecycles and other financial information. His primary
customer is com... (more)
I recently came across an article regarding the difficulty of separating log
data from actionable events. The issue at hand is a network is pinged
potentially millions of times a day. Most of it innocuous-the legitimate log
on and off of employees, genuine transactions of data, etc… But what gets
lost amidst all this “white noise,” are the red flags that indicate
breaches or worse malicious activities.
It can be overwhelming. In fact, the article Struggling to Make Sense of Log
Data, points out a study by the SANS Institute that the biggest critical
concern for security is the a... (more)
Users are making it too easy for hackers.
If we take a closer look at the 6.5 million hashed LinkedIn passwords that
leaked we find a large swath of the user population are ignoring warnings of
overly simplistic and obvious passwords. Would you believe the most common
word or phrase found in a 160K sampling of the list was “link”? And would
you further shake your head in disbelief that “1234” and “12345”
followed close behind. Rounding out the top 10 were “work,” “god,”
“job,” “angel,” “the,” “ilove,” and “sex.”
More so than Facebook, LinkedIn is the social media of choice for bu... (more)