Information Security Blog

Pivot Point Security Discusses Pitfalls of SIEM at CSO Event

John Verry (CISA), Principal Enterprise Security Consultant with Pivot Point Security speaks on Security Information and Event Management challenges at Baltimore CSO Breakfast Club event.

Owings Mills (PRWEB) October 3, 2008 – John Verry spoke before an audience of experienced and senior Information Security professionals from a variety of markets at the CSO Breakfast Club’s Baltimore chapter event on Network Access Control (NAC) and Security Information and Event Management (SIEM).

Verry, an expert on the topic of SIEM with over 7 years of SIEM experience under his belt addressed the crowd on the SIEM landscape, including the history of the solution, its early pains and its growing success stories. His “Keys to Success” formed the basis of the presentation and elicited extensive interchange with members considering and/or in the process of implementing SIEM technology.

Over the course of the hour long discussion, Verry explained that while in its earlier, more immature years, SIEM solutions received a bit of a ‘black eye’ for several reasons, SIEM solutions have changed quite a bit in recent years in part due to industry consolidation and product acquisition by larger, more established companies. He continued by stating this maturity has turned SIEM solutions into an answer to the challenge of demonstrating compliance with numerous regulations including; PCI-DSS, SOX, HIPAA, and ISO27001 for many organizations. He noted a good example of this recent maturity is indicative in the Novell Sentinel SIEM solution, acquired from e-Security in 2005. With Novell’s enhanced development and support services the product has evolved significantly since the acquisition.

He stressed that the key elements to success in any SIEM project are clear definition and alignment (with systems architecture and databases) of requirements, commitment of the necessary resources and a tightly scoped and phased implementation approach. Within this portion of the presentation he stressed that knowledge of the events generated by an enterprises’ security devices per second is one of the critical metrics when defining requirements. He continued to note that these event rates will ultimately define the other requirements of the project, especially the database architecture.

The event concluded with a recap of his key points along with the important advice to start such projects small and create positive momentum and political support within your organization to make a SIEM project successful.

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

How to deal with increasing threats
How to manage multiple regulatory requirements
How to handle client requests for attestation
To validate that significant changes did not have unanticipated results

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

Substantiate the net effectiveness of a mature control environment
Prove to a third party that an environment is secure/trustworthy
Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
To validate that significant changes did not have unanticipated results