Security Balancetrying to bring balance to the Force |
 |
OK, I’m trying to get out of from a long hiatus of producing content by putting together a presentation about Log Management: the devil is on the details. I have been working in log management projects for some years by now and I noticed I managed to assemble a nice list of small issues that you find [...]
There’s a lot of interesting discussions about the value of SIEM solutions. There’s also some discussions about the possibility of doing that with open source, like OSSIM (I personally think it is possible for some organizations – specially those that have the open source culture already).
I like to say that SIEMs are for security what [...]
As usual, another very nice post from Mike Rothman, this time about application security. He is mentioning the BSI-MM model, that I mentioned here too in the context of measuring the outcome of security measures.
Mike also mentioned, again, the need to REACT FASTER (have I said how nice his “Pragmatic CSO” stuff is?) and linked [...]
I’m trying to finish my Master dissertation on the next months. In order to do that I need to test the log analysis methodology I’m proposing. The methodology is targeted to detect insider attacks, so I need to collect logs from internal resources, which include AD domain controllers, internal e-mail systems, file and folder access [...]
This is what Raffy is saying:
“Some of the problems I see with Security Information Management are (the first four are adapted from the Gartner IDS press release):
False positives in correlation rules
Burden on the IS organization by requiring full-time monitoring
A taxing incident-response process
An inability to monitor events at rates greater than 10.000 events [...]
Anton Chuvakin wrote a nice piece about a log analysis he performed on a compromised box. It was interesting to see some techniques I’m using on my work and on my master thesis. He also mentioned some experience on profiling users (the information that one week to one month is enough was very valuable to [...]
This post is incredibly interesting for me, as I’m actively working on SIEMs, MSS for security monitoring and insider threats.
What I really liked about this is that it points to some of the ideas that I like most. it mentions the company behavior with its employees and their actions as results, the misconception about the [...]
