Access "A full-service model for SIEM"
This article is part of the December 2013 Vol. 15 / No. 10 issue of 2013 Security 7 award winners revealed
Organizations continue to struggle with a rise in security incidents, and CISOs and their IT teams often lack the resources to meet the challenge. Like most information security programs, we are being asked -- and, in many cases, forced -- to do more with less. Enter a concept that hasn't been a focus in the industry until recently: Developing a security information and event management (SIEM) system, which addresses not only the high costs of setup and ownership, but the most important use cases. SIEM promises to improve the security incident response lifecycle by collecting and analyzing data from a myriad of sources (network and security devices, security programs and servers). SIEM technologies provide log management, event monitoring, alerting and compliance reporting through complex infrastructure involving hardware, software, custom processes and analytics. Given the push towards the cloud, there's a unique opportunity to deliver SIEM in a way that adds far greater value to users. What is the goal of a SIEM? That depends on the organization, but the ... Access >>>
Premium Content for Free.
Beyond the Page: Breach detection systems
by John Pirc
In the December 2013 Beyond the Page, John Pirc explains why breach detection systems are an essential security tool in a malware-infested world.
Banking on intelligence-driven security
by Jason Witty
Security 7 Award winner Jason Witty discusses how rapid change requires a disciplined, collaborative approach to information security.
Analytics and the insider threat: Privileged users and patterns of deception
by Timothy Rogers
Security professionals should analyze metrics to learn baseline behavioral patterns of their employees and identify anomalous behaviors.
Secure all the (Internet of) Things
by Angela Orebaugh
Despite the promise of the Internet of Things, history will repeat itself unless we take action.
Feature: Enhanced threat detection: The next (front) tier in security
by John Pirc
When conventional security falls short, breach detection systems and other tier-two technologies can bolster your network’s defenses.
- Beyond the Page: Breach detection systems by John Pirc
Wi-Fi connectivity puts pressure on medical device security
by Ali Youssef
Health system's certification program mitigates the risks associated with wireless medical devices.
A full-service model for SIEM
by George Do
The industry needs to recognize the value that full service "SIEM in the cloud" would bring to organizations.
From ABCs to BYOD
by Philip Scrivano
Security 7 Award winner Phil Scrivano heads a BYOD program for the 17 public schools in Los Angeles County, securing network access from kindergarten on up.
Get back to basics for improved network security
by Nick Duda
If your post-mortem meetings are anything like mine, forget the bells and whistles and revisit security best practices.
- Wi-Fi connectivity puts pressure on medical device security by Ali Youssef
Congratulating the 2013 Security 7 Award winners
by Kathleen Richards, features editor
We honor leading information security professionals in seven vertical industries and applaud their achievements in our annual awards issue.
Return on security investment: The risky business of probability
by Pete Lindstrom, Contributor
You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.
- Congratulating the 2013 Security 7 Award winners by Kathleen Richards, features editor
More Premium Content Accessible For Free
Strategies for a successful data protection program
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
Devices, data and how enterprise mobile management reconciles the two
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
Putting security on auto-pilot: What works, what doesn't
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...