How to integrate SIEM system capabilities with incident response

How to integrate SIEM system capabilities with incident response

How to integrate SIEM system capabilities with incident response

Date: Jun 19, 2014

In this webcast Mike Rothman, president of the firm Securosis, takes on the issue of integrating today's SIEM systems with incident response methods to help you identify advanced attacks faster, understand what damage was done and mediate that damage.

On the heels of many high-profile breaches, Rothman notes, there's been an upsurge in efforts to better respond to any sort of attack, and to be sure you have the right tools and procedures in place to contain the damage.

SIEM has been evolving for over a decade, driven by the increasing need for more data in order to respond to the evolving threats to your system. SIEM captures data so that it's available to be used in incident response and today it's more flexible and supports more use cases than ever before. The data that SIEM systems gather is crucial for if your operations team is going to have the information they need for post-attack remediation.

The nature of the attacks coming at systems today requires IT pros to take a broader view of threat management than in the past, one with a heightened focus on investigating the compromises that do take place. Rothman reviews the many ways in which SIEM now works differently to get the information required for investigation of the assaults that do occur in the enterprise system.

In the closing slides, Rothman remarks on some notable recent developments. In recent years, for instance, IT budgets have gone from primarily funding prevention and detection methods to focusing on funding investigation -- a budget item that was starved for too long, in Rothman's opinion.

Another development is the change in focus away from trying to stop attacks, which is simply becoming too difficult. The focus is now on more gracefully finding and containing any damage an attack causes. In other words, today detection and investigation, not prevention, are the key arbiters of security success. Of course, IT teams still aim to prevent attacks but Rothman says it's clear now that no security system will ever be 100% successful in that effort.

In response to this reality, SIEM technology is evolving rapidly in terms of both scale and capabilities for detection and investigation use cases. The SIEM tools that work best are ones that accelerate and streamline the investigation workflows; this enhances threat intelligence capabilities, allows the creation of malware profiles and helps the IT crew search for indicators of attack in their system.

View the next item in this Essential Guide: SIEM best practices for advanced attack detection or view the full guide: Improving security management with SIEM

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: