Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SIEM.  Is It What Is “SIEMs”? Dr. Anton Chuvakin Chief “SIEM Advocatus Diaboli”   SIEM and Log Management Summit 35 th  A...
What is SIEM? <ul><li>SIM?  /information/ </li></ul><ul><li>SIM? /incident/ </li></ul><ul><li>SEM?  </li></ul><ul><li>SIEM...
Brief History of SIEM <ul><li>1996   - first SIEM vendors launch </li></ul><ul><li>2000  – “ SIEM winner ” ArcSight launch...
Questions to Think About <ul><li>Is SIEM  relevant  today, after  12  (!) years in biz? </li></ul><ul><li>Is SIEM  evolvin...
What I Wish More People “Get” About SIEM <ul><li>Vendors :  STOP  (!!!!!!!!!!!!!!!!!) overselling it </li></ul><ul><li>Use...
Let The Games Begin! <ul><li>Comment! </li></ul><ul><li>Interrupt! </li></ul><ul><li>Criticize! </li></ul><ul><li>Inflame!...
Hour 1: Lessons Learned <ul><li>Who has the use cases? Problems vs use cases! </li></ul><ul><li>Vendor: What problem do yo...
Hour 2: Lessons Learned <ul><li>Crappy SIEM product -> in-house development -> back to commercial  is actually pretty comm...
Upcoming SlideShare
Loading in …5
×

SIEM: Is It What Is SIEMs? Security Information and Event Management Summit at CSI 35th Conference

23,483 views

Published on

Anton Chuvakin's presentation from "SIEM: Is It What Is SIEMs?" Security Information and Event Management Summit at CSI 35th Conference

Published in: Technology, Business
  • Perhaps you may be interested in a Product we have spent several years in the making. This
    service can be used to protect systems and custom applications, as well as providing privacy
    and data loss prevention, and fraud. Developed by a leader in the field of security, originally from the team of X-Force (ISS). With this product we can begin to set a standard and create a unified approach to information security. This is software as a service, not a device, and it can be incorporated with any device already in place. Developed to be used in the Cloud Environment. as well. Please let me know if you are willing to learn more. rhurley@vaultsecurityinetel.com
    love to be of service, thanks
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Thanks for the praise. Sadly, I spent a few years in that part of realm as well and had a chance to learn all the bizarreness and weirdness of SIM/SEM/SIEM swamp.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

SIEM: Is It What Is SIEMs? Security Information and Event Management Summit at CSI 35th Conference

  1. 1. SIEM. Is It What Is “SIEMs”? Dr. Anton Chuvakin Chief “SIEM Advocatus Diaboli”  SIEM and Log Management Summit 35 th Annual CSI Conference
  2. 2. What is SIEM? <ul><li>SIM? /information/ </li></ul><ul><li>SIM? /incident/ </li></ul><ul><li>SEM? </li></ul><ul><li>SIEM? </li></ul><ul><li>“ ESM” – puuuulease  </li></ul>
  3. 3. Brief History of SIEM <ul><li>1996 - first SIEM vendors launch </li></ul><ul><li>2000 – “ SIEM winner ” ArcSight launches </li></ul><ul><li>2002-2007 – some SIEM vendors are acquired </li></ul><ul><li>2002 – 2007 – more vendors launched </li></ul><ul><li>What’s Next? </li></ul>
  4. 4. Questions to Think About <ul><li>Is SIEM relevant today, after 12 (!) years in biz? </li></ul><ul><li>Is SIEM evolving fast enough? Is it evolving? </li></ul><ul><li>What today’s problem does it solve? </li></ul><ul><li>Is SIEM for everybody ? Every large company? </li></ul><ul><li>Is SIEM a “ MUST HAVE ” now? Later? </li></ul><ul><li>SIEM vs/with/same as Log Management ? </li></ul><ul><li>Has SIEM over-reached what it can do? </li></ul><ul><li>Do you believe SIEM promise of a single intelligent security observation pane ? </li></ul>
  5. 5. What I Wish More People “Get” About SIEM <ul><li>Vendors : STOP (!!!!!!!!!!!!!!!!!) overselling it </li></ul><ul><li>Users : stop believing vendors that SIEM = ESM </li></ul><ul><li>Vendors : solve problems that users have TODAY (ideally, “… and tomorrow”) </li></ul><ul><li>Users: define what problems you plan to solve with SIEM before buying </li></ul>
  6. 6. Let The Games Begin! <ul><li>Comment! </li></ul><ul><li>Interrupt! </li></ul><ul><li>Criticize! </li></ul><ul><li>Inflame! </li></ul><ul><li>Ask! </li></ul><ul><li>Go! </li></ul>
  7. 7. Hour 1: Lessons Learned <ul><li>Who has the use cases? Problems vs use cases! </li></ul><ul><li>Vendor: What problem do you have? – Customer: What problem do you solve? </li></ul><ul><li>Human factor – SIEM is NOT a SOC in a box </li></ul><ul><li>Business case – vendor helps, not “does it for you” </li></ul><ul><li>NEVER talk “solutions” before you talk “problems” </li></ul><ul><li>What do you want? SIEM. No!!! Tell me what pains you and we figure whether SIEM solves it! </li></ul><ul><li>Making SIEM easy is NOT easy. Is it impossible? </li></ul>
  8. 8. Hour 2: Lessons Learned <ul><li>Crappy SIEM product -> in-house development -> back to commercial is actually pretty common, if sad, route </li></ul><ul><li>“ Fraud” is not just a remote future use case; people are starting to do it now </li></ul><ul><li>Customer want to see a commitment from vendors to improve and develop “ahead of problems”, not just respond to problems </li></ul>

×