Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Next Generation Of SIEMs? Ease Of Use, Analyze More Data
Newest First  |  Oldest First  |  Threaded View
mharrison392
50%
50%
mharrison392,
User Rank: Apprentice
10/22/2013 | 8:42:50 PM
re: Next Generation Of SIEMs? Ease Of Use, Analyze More Data
I don't think I want a plug and play SIEM solution. The complexity of all the interconnected parts in unique environments is not something that I am comfortable with a SIEM understanding. It is important that someone in the organization understand how these pieces work together whether a SIEM is implemented or not.

A SIEM solution is a TOOL. It makes the job easier, but it's still a hard job. Knowledge is still required. They used computers in 1969 to put a man on the moon. The people designing the systems and working at mission control still had to know the pieces and parts. They still had to know what they were doing.

The problem is that most people want to purchase a solution that they can install and forget. A SIEM takes care and feeding on a regular basis. A properly installed and configured SIEM requires tuning regularly. However, most SIEM implementations I've seen have had the proverbial "kitchen sink" worth of logs thrown at them day one or week one. It takes time to do this properly. You have to add one feed at a time and spend some time getting to know it and tuning it, then move on to the next log feed.

I believe you could make the argument that anyone wanting a plug a play SIEM should outsource their security operations. The fact of the matter is that real, effective security requires knowledgeable, dedicated, warm bodies. Most organizations are unwilling to accept that.
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Apprentice
10/21/2013 | 11:09:31 PM
re: Next Generation Of SIEMs? Ease Of Use, Analyze More Data
You'd think after this long in the market, SIEMs would have become easier to use. Although, as the story notes, the marketing line with SIEMS has always been the opposite.
AccessServices
50%
50%
AccessServices,
User Rank: Apprentice
10/21/2013 | 12:28:10 PM
re: Next Generation Of SIEMs? Ease Of Use, Analyze More Data
From someone that has lived and worked in the trenches, I agree with Robert. SIEMs are complicated beasts. They capture data from multiple devices so the person setting up the rules needs to understand the relationship between databases, networks, web servers, load balancers, firewalls, AD, etc.... The biggest problem I've seen is training. Companies will purchase a nice vehicle to move a company forward and then won't pay to teach one of two employees how to drive it. Then when it crashes, blame the IT group.

Even if the SIEM is just capturing the data, a company has made progress. The forensic and troubleshooting capabilities are significant. There have been several times when I've solved issues by going to an "unused SIEM" or logging device. For what to correlate, the SANS Institute has written several papers on what to look for.

Jeff Jones
Abacus Solutions


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34812
PUBLISHED: 2021-06-18
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-34808
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
CVE-2021-34809
PUBLISHED: 2021-06-18
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34810
PUBLISHED: 2021-06-18
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34811
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.