Information Week has a small blurb on What factors should we consider in selecting security-log-auditing software? I have also written here before on Five Factors of Logging Infrastructure.
More...Last week we went over some of the Pros of Outsourcing to MSSPs, today we will go over some of the Cons in more details. Here are the reasons why you should think twice before outsourcing. 1. Device control Once you outsource your security infrastructure such as firewalls and IDS, you may lose some or [...]
More...A couple of interesting and relevant articles from CSO Magazine. Trends 2005: Risk And Compliance Management by Michael Rasmussen. Clearing Up the Muddled Security Management Market by Andrew Braunberg
More...If you look at any of the SEM/SIM products these days, they all tout how many pre-built reports they have prepared for you. Most of them have a hundred or more, some even have a couple hundred!! How are you ever going to have time to go through that many reports and find out if [...]
More...I spent five years at one of the largest MSSPs as an architect and development manager. We had a couple thousand firewall, VPN, NIDS and HIDS devices that we manage for various hosting and managed service customers. We needed to aggregate all the logs generated by these devices and be able to provide reports and [...]
More...InformIT has a detailed article on Sguil, Why Sguil Is the Best Option for Network Security Monitoring Data. According to the website, Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides realtime events from snort/barnyard. It also includes other components which facilitate [...]
More...Darn, w/ all the tweaking I’ve been doing to combat the spammers, I actually broke my comments!! No one has been able to post any comments. In any case, it’s fixed now and hopfully there won’t be any more issues.
More...We will be a bit off topic today as I am thinking about a few-parts blog on MSSPs. Today we will discuss the pros and cons of outsourcing to a MSSP. Other ideas I have in the pipe for the next few days are: Requirements for Choosing a MSSP Log Management Requirements for a MSSP [...]
More...So it looks like AT&T wants to get into the SEM game as well, according to this eWeek article. AT&T is also working on a security event management system called Aurora that it plans to sell as a software solution. The system relies on the company’s Daytona database and is designed to do more than [...]
More...Found this while googling. A Firewall Log Analysis Primer From LURHQ. (pdf version) It’s fairly basic but a good start nonetheless.
More...
Disclaimer: This is my personal blog. The opinions expressed in this blog are the views of the writer and do not necessarily reflect the views and opinions of VMware.