Iran Is Using MITRE. You Should Too.

Iran cyber attacking the US is no longer a threat - it's our reality. How we can better prepare ourselves and make sure our SIEM is equipped to deal with this very serious threat?

Read the full article

Jan 09, 2020

Log analysis - SIEM SIEM, but different

Your Elastic stack is up and running, and you’re using Logstash for SIEM purposes. But you’re overwhelmed to discover that while every new system produces heaps and heaps of logs, each vendor uses their own data format, and employs a different set of values for describing...

Read the full article

Dec 25, 2019

The Secret to Getting More from Your SIEM

SIEM in a Nutshell

SIEM has come a long way since it first came on the scene, about twenty years ago. 

It began as a log management tool focused on simple collection and storage to meet compliance, and these use cases are still very relevant as 2020 draws nearer.

Initially,...

Read the full article

Dec 02, 2019

Next Generation SIEM - 6 Things to Look For

The SIEM market has evolved and today most solutions call themselves “Next Generation SIEM.” Effective NG SIEM should provide better protection and equally important, if not more, a much more effective, next gen user experience. What you should look for when evaluating a next...

Read the full article

Nov 17, 2019

Preventing Misconfiguration in Logstash with empow’s Pipeline Viewer

Elastic’s Logstash multi-pipeline feature, introduced in Version 6.7, is a cool feature, that enables us to easily and flexibly write, maintain, and manage our SIEM parsers. Nevertheless, the fact that it requires manual configuration may lead to serious misconfiguration...

Read the full article

Oct 01, 2019

How MITRE Helps Break Down the “Tower of Babel” for SIEM

Since its first days, cyber security developed in a patchwork fashion.  A security need came up, a product was developed to address it.  After many years of this, the whole contraption reflects the ad-hoc way in which it was formed, like a kid’s tower of blocks about to...

Read the full article

Jul 22, 2019

It’s All About SIEM Value – Infosec 2019 Wrap Up

Today is the last day of Infosecurity Europe 2019 and, besides looking forward to recuperating with a nice weekend in London, I’m reflecting on what I heard at dozens of meetings and talks with people at Infosec, and what the trends are in SIEM.

Read the full article

Jun 06, 2019

SIEM in the Era of the Cyber Security Skills Crisis

The much talked about cyber security skills shortage is getting worse.  While SIEM was supposed to help lower the workload of security teams, this hasn’t actually been the case.  An overview of what to look for - and what to look out for - when considering SIEM.

Read the full article

Jun 04, 2019

The Ground Is Shifting Under SIEM: 5 Ways Things Have Changed

 Since the birth of SIEM, there have been major shifts in the threat and security operations landscape which render the technologies of yesteryear – and even so called “NG-SIEM” solutions - obsolete.  What has changed, and what needs to change to make SIEM effective?

Read the full article

Feb 21, 2019

What Questions Should You Ask Your NG-SIEM Provider?

 

Read the full article

Feb 20, 2019
No More Posts