Saturday, September 17, 2011

SIEM is dead?

My life has been a wreck since Wednesday. That is when, according to John Linkous’ article, I found out SIEM is dead. Only now am I able to pull myself together enough to write this. It certainly isn’t because I have been busy extracting value out of what we are currently using in that technology space and am now chillin in a Chick-fil-A while a few things get looked at on my car.

Oyie – how to write this. My reaction to his article swung between humor and WTH is your expectation of what value a SIEM provides? I will try to summarize and talk a little to each of this three points.

Friday, September 9, 2011

A few thoughts on Symantec's MSS

Looking back I’m sort of surprised I haven’t really written anything about Symantec’s MSS yet. On some level I’m guessing the ArcSight folks might have thought I was beating them up a little in some of my posts but for whatever reason I’m not as inclined to do that with this. I think maybe it has something to do with making my momma proud and listening to the old adage of ‘if you don’t have anything nice to say….’ Don’t get me wrong, Symantec’s MSS has some great people and has been good as a service that detects and alerts on bad stuffs.

Saturday, September 3, 2011

Monitoring business segments

I think we have all heard the ‘best practice’ that speaks to monitoring portions of your network. The question is how do you do that even from a strictly network traffic view given the volume of traffic you are likely to see. I mean we can all talk ethereally about taking things piecemeal/not trying to boil the ocean, establishing baselines, monitor for anomalies because AV as a whole isn’t as trustworthy as we would like it to be from a detection standpoint. My question is how are people doing this?

In my old job I used ArcSight to create an approach that while worked and addressed a number of areas I’m not sure it was the best. Perhaps sharing this will spark some discussion or if nothing else help someone else get a step farther down the road if they are trying to do the same thing.