Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/27/2017
07:00 AM
Dawn Kawamoto
Dawn Kawamoto
Slideshows

7 SIEM Situations That Can Sack Security Teams

SIEMs are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.
8 of 8

Task Automation is Often Missing

More than 70% want to automate certain SIEM-generated tasks so that they can be free to focus on other areas of security, according to the report.

"There are certain tasks that as part of an incident response process a SIEM can do if automated," Jones said, noting users would be thrilled to pass those tasks off to the SIEM to save time.

The survey found more automation is one of three requirements they would like to see in their SIEM. The other two include better detection of advanced threats and more comprehensive, correlated and accurate analytics on security events.

Solutions

Automation is increasingly being included as a feature of the latest SIEM versions, observes Blankenship. He also adds that security automation and orchestration (SAO) tools are also an option for adding orchestrated processes with automated actions.

"Buy a SIEM that has staff dedicated to automation and orchestration within the product," Carder says. "If you dont, then youll need to look at some of the niche, security automation and orchestration software options, to apply on top of your SIEM."

Image Source: Cyphort

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industrys most knowledgeable IT security experts. Check out the INsecurity agenda here.

8 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
donnaksmith
100%
0%
donnaksmith,
User Rank: Apprentice
10/12/2017 | 3:22:56 PM
EXCELLENT!
Covers everything that I've run into!
LouiseMiller
100%
0%
LouiseMiller,
User Rank: Apprentice
10/10/2017 | 9:13:16 AM
Great post
wow, what can I say 
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6017
PUBLISHED: 2020-12-03
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code ...
CVE-2020-6021
PUBLISHED: 2020-12-03
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DL...
CVE-2020-6111
PUBLISHED: 2020-12-03
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and...
CVE-2020-5680
PUBLISHED: 2020-12-03
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
CVE-2020-5638
PUBLISHED: 2020-12-03
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.