Security School

Improving security management with SIEM

Introduction

Security information management systems are the hub of your network security infrastructure, with each spoke from firewalls, intrusion detection, network anomaly behavior systems and more feeding reams of information to these sophisticated collectors. The biggest challenge for the security analyst is to obtain useful information about threats and vulnerabilities from the data collected and correlated by a SIM.

This Security School will explain the best means for an organization to effectively analyze SIM data, how to improve SIM collection, set reasonable goals for these tools and how to get the best data in order to improve incident response, change management processes and security policies overall.

1Webcast-

The Past, present and future of SIEM

Security information and event management technology has been around for over a decade. First generation technologies have given way to the 2.0 moniker, which is now being positioned as a "Security Big Data Analytics" platform. In this webcast, Securosis analyst Mike Rothman will touch on the history of SIEM, the challenges of making the technology work at scale, and discuss how enterprises have overcome these issues to use SIEM to generate actionable intelligence. Mike will also discuss the evolution to highly scalable analytics platforms, which will enable organizations to finally realize the promise of SIEM.

Video

As SIEM technology evolves, so must the teams that use it

Security information and event management technology isn't new but it's changing rapidly. In this webcast viewers will learn SIEM's history, current uses and likely future as a security big data analytical device. Continue Reading

2webcast-

Integrating SIEM with incident response

In this webcast Mike Rothman takes on the issue of integrating today's SIEM systems with incident response methods to help you identify advanced attacks faster, understand what damage was done and mediate that damage.

Video

How to integrate SIEM system capabilities with incident response

Learn how SIEM systems have evolved and how they now gather the data operations teams need to investigate and mitigate attackers' damage. Continue Reading

3Tip-

SIEM best practices

The industry has panned SIEM as overly expensive and under performing technology, and have used the products as glorified compliance reporting engines. But to be clear, it's not a technology problem, it's a process issue. In this tech tip, Rothman will outline a time tested process to build SIEM policies which actually alert on the attacks you need to protect against.

Tip

SIEM best practices for advanced attack detection

SIEM struggles are common, but Mike Rothman explains why SIEM products are critical for advanced attack detection, and offers a SIEM tuning step-by-step. Continue Reading

4Podcast-

Truth or consequences: The top 5 lies about SIEM

You'll hear all sorts of outlandish claims from company's pushing SIEM technology. In this thought provoking (and funny) podcast Rothman will help you parse the hyperbole and wade through the sales lingo to isolate what's important about SIEM. By deflating the Top 5 lies about SIEM, you'll make it clear that you know what questions to ask and are a sophisticated buyer.

Podcast

Setting the record straight

SIEM technology is rapidly advancing but is no silver bullet against advanced persistent attacks. Mike Rothman corrects the top five lies and explains how a SIEM really works. Continue Reading

5Quiz-

Test your knowledge

In this five question quiz, test your knowledge of our Security School lesson on core functions and options of SIEM.

Take the quiz

6BIO-

About the expert

Mike Rothman is president of Securosis, an independent information security research and consulting firm. Having spent over 15 years as an end-user advocate for global enterprises and mid-sized businesses, Rothman's role is to educate and stimulate thought-provoking discussion on how information security contributes to core business imperatives. Rothman previously was the first network security analyst at META Group, held executive level positions with CipherTrust and TruSecure, and was a founder of SHYM Technology.