SIEM: Is It What Is SIEMs? Security Information and Event Management Summit at CSI 35th Conference

18,099
-1

Published on

Anton Chuvakin's presentation from "SIEM: Is It What Is SIEMs?" Security Information and Event Management Summit at CSI 35th Conference

Published in: Technology, Business
2 Comments
7 Likes
Statistics
Notes
  • Perhaps you may be interested in a Product we have spent several years in the making. This
    service can be used to protect systems and custom applications, as well as providing privacy
    and data loss prevention, and fraud. Developed by a leader in the field of security, originally from the team of X-Force (ISS). With this product we can begin to set a standard and create a unified approach to information security. This is software as a service, not a device, and it can be incorporated with any device already in place. Developed to be used in the Cloud Environment. as well. Please let me know if you are willing to learn more. rhurley@vaultsecurityinetel.com
    love to be of service, thanks
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Thanks for the praise. Sadly, I spent a few years in that part of realm as well and had a chance to learn all the bizarreness and weirdness of SIM/SEM/SIEM swamp.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
18,099
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
2
Likes
7
Embeds 0
No embeds

No notes for slide
  • SIEM: Is It What Is SIEMs? Security Information and Event Management Summit at CSI 35th Conference Anton Chuvakin's presentation from "SIEM: Is It What Is SIEMs?" Security Information and Event Management Summit at CSI 35th Conference security SIEM SEM SIM management
  • SIEM: Is It What Is SIEMs? Security Information and Event Management Summit at CSI 35th Conference

    1. 1. SIEM. Is It What Is “SIEMs”? Dr. Anton Chuvakin Chief “SIEM Advocatus Diaboli”  SIEM and Log Management Summit 35 th Annual CSI Conference
    2. 2. What is SIEM? <ul><li>SIM? /information/ </li></ul><ul><li>SIM? /incident/ </li></ul><ul><li>SEM? </li></ul><ul><li>SIEM? </li></ul><ul><li>“ ESM” – puuuulease  </li></ul>
    3. 3. Brief History of SIEM <ul><li>1996 - first SIEM vendors launch </li></ul><ul><li>2000 – “ SIEM winner ” ArcSight launches </li></ul><ul><li>2002-2007 – some SIEM vendors are acquired </li></ul><ul><li>2002 – 2007 – more vendors launched </li></ul><ul><li>What’s Next? </li></ul>
    4. 4. Questions to Think About <ul><li>Is SIEM relevant today, after 12 (!) years in biz? </li></ul><ul><li>Is SIEM evolving fast enough? Is it evolving? </li></ul><ul><li>What today’s problem does it solve? </li></ul><ul><li>Is SIEM for everybody ? Every large company? </li></ul><ul><li>Is SIEM a “ MUST HAVE ” now? Later? </li></ul><ul><li>SIEM vs/with/same as Log Management ? </li></ul><ul><li>Has SIEM over-reached what it can do? </li></ul><ul><li>Do you believe SIEM promise of a single intelligent security observation pane ? </li></ul>
    5. 5. What I Wish More People “Get” About SIEM <ul><li>Vendors : STOP (!!!!!!!!!!!!!!!!!) overselling it </li></ul><ul><li>Users : stop believing vendors that SIEM = ESM </li></ul><ul><li>Vendors : solve problems that users have TODAY (ideally, “… and tomorrow”) </li></ul><ul><li>Users: define what problems you plan to solve with SIEM before buying </li></ul>
    6. 6. Let The Games Begin! <ul><li>Comment! </li></ul><ul><li>Interrupt! </li></ul><ul><li>Criticize! </li></ul><ul><li>Inflame! </li></ul><ul><li>Ask! </li></ul><ul><li>Go! </li></ul>
    7. 7. Hour 1: Lessons Learned <ul><li>Who has the use cases? Problems vs use cases! </li></ul><ul><li>Vendor: What problem do you have? – Customer: What problem do you solve? </li></ul><ul><li>Human factor – SIEM is NOT a SOC in a box </li></ul><ul><li>Business case – vendor helps, not “does it for you” </li></ul><ul><li>NEVER talk “solutions” before you talk “problems” </li></ul><ul><li>What do you want? SIEM. No!!! Tell me what pains you and we figure whether SIEM solves it! </li></ul><ul><li>Making SIEM easy is NOT easy. Is it impossible? </li></ul>
    8. 8. Hour 2: Lessons Learned <ul><li>Crappy SIEM product -> in-house development -> back to commercial is actually pretty common, if sad, route </li></ul><ul><li>“ Fraud” is not just a remote future use case; people are starting to do it now </li></ul><ul><li>Customer want to see a commitment from vendors to improve and develop “ahead of problems”, not just respond to problems </li></ul>

    ×