Security information management systems are the hub of your network security infrastructure, with each spoke from firewalls, intrusion detection, network anomaly behavior systems and more feeding reams of information to these sophisticated collectors. The biggest challenge for the security analyst is to obtain useful information about threats and vulnerabilities from the data collected and correlated by a SIM.
This Security School will explain the best means for an organization to effectively analyze SIM data, how to improve SIM collection, set reasonable goals for these tools and how to get the best data in order to improve incident response, change management processes and security policies overall.
Watch the video, listen to the podcast, read the tech tip then take the quiz to see how much you have learned. Passing the quiz earns you one CPE credit from (ISC)².
View our Security School Course Catalog to view more lessons eligible for CPE credits.
The Past, present and future of SIEM
Security information and event management technology has been around for over a decade. First generation technologies have given way to the 2.0 moniker, which is now being positioned as a "Security Big Data Analytics" platform. In this webcast, Securosis analyst Mike Rothman will touch on the history of SIEM, the challenges of making the technology work at scale, and discuss how enterprises have overcome these issues to use SIEM to generate actionable intelligence. Mike will also discuss the evolution to highly scalable analytics platforms, which will enable organizations to finally realize the promise of SIEM.
Security information and event management technology isn't new but it's changing rapidly. In this webcast viewers will learn SIEM's history, current uses and likely future as a security big data analytical device. Continue Reading
Integrating SIEM with incident response
In this webcast Mike Rothman takes on the issue of integrating today's SIEM systems with incident response methods to help you identify advanced attacks faster, understand what damage was done and mediate that damage.
Learn how SIEM systems have evolved and how they now gather the data operations teams need to investigate and mitigate attackers' damage. Continue Reading
SIEM best practices
The industry has panned SIEM as overly expensive and under performing technology, and have used the products as glorified compliance reporting engines. But to be clear, it's not a technology problem, it's a process issue. In this tech tip, Rothman will outline a time tested process to build SIEM policies which actually alert on the attacks you need to protect against.
Truth or consequences: The top 5 lies about SIEM
You'll hear all sorts of outlandish claims from company's pushing SIEM technology. In this thought provoking (and funny) podcast Rothman will help you parse the hyperbole and wade through the sales lingo to isolate what's important about SIEM. By deflating the Top 5 lies about SIEM, you'll make it clear that you know what questions to ask and are a sophisticated buyer.
Test your knowledge
In this five question quiz, test your knowledge of our Security School lesson on core functions and options of SIEM.Take the quiz
About the expert
Mike Rothman is president of Securosis, an independent information security research and consulting firm. Having spent over 15 years as an end-user advocate for global enterprises and mid-sized businesses, Rothman's role is to educate and stimulate thought-provoking discussion on how information security contributes to core business imperatives. Rothman previously was the first network security analyst at META Group, held executive level positions with CipherTrust and TruSecure, and was a founder of SHYM Technology.