by Anton Chuvakin | December 11, 2012 | Comments Off
Recently I updated a paper originally written by Dan Blum called “Event and Log Information: A Strong Case for Standards” and it just got posted to the site: “A deficit of globally accepted event and log standards is exacerbating compliance, operations and information protection challenges. This document provides an update on current standardization efforts and [...]
Comments Off
Category: logging security standards Tags: logs, security, standards
by Anton Chuvakin | September 24, 2012 | 4 Comments
Here is a great term I picked from another SIEM literati: “output-driven SIEM.” This simply means deploying your security information and event management tool in such a way that NOTHING comes into your SIEM unless and until you know how it would be utilized and/or presented. Thus, only existing/planned reports, visuals, alerts, dashboards, profiling algorithms, [...]
Category: logging monitoring SIEM standards Tags: logs, security, security monitoring, SIEM
by Anton Chuvakin | August 24, 2012 | Comments Off
Is your SIEM stuck in the past? Is it “mature”? Is it evolving? Is it solving one problem or many? Is it collecting logs or collecting dust? This post continues our journey into SIEM deployment architecture and SIEM operational processes. First, if your SIEM architecture was built in, say, 2003, and it has been solving [...]
Comments Off
Category: logging monitoring security SIEM Tags: security, security monitoring, SIEM
by Anton Chuvakin | August 9, 2012 | 8 Comments
As promised, this next post from my SIEM research project is about people. Over the course of my 10+ year (!) experience with SIEM technology, I have come across organizations that assumed that buying and deploying a SIEM tool is all they need to do for security monitoring. I wish I can say that the [...]
Category: logging monitoring security SIEM Tags: security, security monitoring, SIEM
by Anton Chuvakin | July 30, 2012 | 3 Comments
Security monitoring (whether centered around a SIEM tool or broadly defined) is not something you can actually buy. A software or an appliance – purchased and racked in your data center – does not a capability make. It sounds boring and even trite, but SIEM, in particular, and security monitoring, in general, MUST include technology, [...]
Category: logging monitoring security SIEM Tags: security, security monitoring, SIEM
by Anton Chuvakin | July 25, 2012 | 11 Comments
How would YOU architect a SIEM deployment for this FICTITIOUS (but real-world-inspired …) large corporate environment: About 30,000 events/second ongoing rate (this is NOT a peak rate, but a rate measured and then averaged over the course of 24 hours) 15 separate sites, most in US but some in Europe and Asia; a few datacenters [...]
Category: logging security SIEM Tags: security, security monitoring, SIEM
by Anton Chuvakin | July 18, 2012 | 2 Comments
As I mentioned, I am working on two SIEM reports this quarter. Here are some of the questions I will be trying to answer: Deployment: How do large enterprise SIEM deployments grow and evolve? What choices made early in the deployment process can make the whole project more successful? What is the best phased approach [...]
Category: logging security SIEM Tags: logs, security, security monitoring, SIEM
by Anton Chuvakin | July 13, 2012 | 4 Comments
Am I hallucinating or is SIEM really evolving back to its original security roots, slowly weaning off its compliance addiction? We still see (SIEM MQ 2012) a large percentage of SIEM deployments is compliance driven and funded, but I have this uncanny feeling that more people are actually buying and using SIEM for detecting, investigating [...]
Category: announcement logging security SIEM Tags: security, security monitoring, SIEM
by Anton Chuvakin | May 21, 2012 | 2 Comments
“Security Information and Event Management Futures” paper by myself and Ramon Krikken is up on the Gartner site – go and grab it there. Abstract follows below: “Security information and event management (SIEM) is the principal technology used for security monitoring by enterprises today. This assessment predicts the directions for this technology in the next [...]
Category: announcement logging monitoring security SIEM Tags: security, security monitoring, SIEM
by Anton Chuvakin | April 10, 2012 | 4 Comments
Another inherently “annoying” feature of security monitoring (apart from its “ongoing, need-to-do-it-forever” nature) is that somebody must actually do it. Yes, the dreaded “who will do the monitoring on a day to day basis?” question, who would be the “the human in the loop”, who will be ever-vigilant about security-relevant events, who will actually use [...]
Category: cloud logging monitoring security Tags: cloud security, security, security monitoring
