Tag Archives: security

The Top Ten Criteria for a Security Information and Event Management (SIEM) Tool

The Top Five Security Information Management Considerations

1. Ensure your log management layer is scalable. The log management layer is responsible for collecting the hoards of audit logs within your environment; it is not likely to filter any collected data. A key requirement for a Security Information Management (SIM) tool is to collect all audit log data so that a forensic investigation can be instigated if required. This layer therefore needs to scale to ensure full log collection.

2. Comprehensive Reporting. The log management layer should be able to report on activity that have been collected and identified within the accounting and audit logs. This should include running reports across up to 90 days of data. When you are collecting 10-20 million logs a day, this means the report will need to search upwards of 2 billion entries to retrieve the requested data for the report. It is also possible that you will run several reports a day.

3. Log Collection. It is important that you can collect logs from across the enterprise. The SIM layer should be a true forensic store of accounting and audit logs that allows a complete investigation, should the need arise. This means you want logs from firewalls, operating systems, applications, VPN’s, Wireless Access Points etc. You therefore need to ensure that logs from all of these sources can be collected. Plain text logs stored in flat files are typically widely collected, as are Windows Event Logs. Event logs stored database’s are not easily collected, so if you have any custom built or internal built applications ensure that these logs can be collected, as often these are stored in some type of database.

4. Chain of Custody. Ensure that you can validate that the logs have not been changed or modified, since they were collected from the source device. This should include collection of the logs in real-time from the original device, to ensure they are not modified before collection. This will allow for a forensically assured investigation, if required.

5. Trend Dashboards. It is important to be able see the trend of the volume of logs being collected. When collecting millions of logs a day, dash-boarding all of that data becomes pointless, as it will be a sea of information. However the size of the haystacks can tell you if there are problems. For example if you see a huge spike in failed logins, this tells you that there is something going on within the environment that is not normal.

The Top Five Security Event Management Considerations

1. Correlation. The main purpose of a SEM tool is to filter out the noise from the forensic data and flag up or alert up any suspect behaviour. It is critical therefore that your SEM can filter the rubbish down to useful information via complex correlation rules.

It is almost useless to alert on every failed login within your environment, as in large enterprises there are hundreds or thousands of these per day. However 100 failed logins within a five minute span, from an external IP address, for an administrative account should be alerted on and investigated. Your correlation engine should support easy creation of these multiple event rules.

2. Dashboards. Once you have generated a correlated alert, you want to place this information on a dashboard for easy user consumption. While it is not feasible to dashboard the forensic data that the SIM has collected, because of the sheer volume, it is recommended to dashboard the SEM alerts, as they are likely to be significantly less in number. On average you should be alerting on less than 1% of 1% of the collected logs that equates to a maximum of 200 alerts from 2 million collected audit logs. With a really strong correlation engine we would expect to eventually tune these alerts down to 2 a day, instead of 200 a day. You only want to be alerted on TRUE security or operational risks to your enterprise, not every time someone fat fingers their password.

3. Reporting. While reporting capability is critical for SIM, it is also important for SEM. The reports are not going to be as difficult to produce, for starters you are not reporting against billions of logs, more likely you are reporting against tens of thousands of alerts. But management will want to see that critical alerts have been responded to and resolved.

4. Log Normalisation. To create detailed alerts you will need to “understand” the raw logs, for example you will need to understand what part of the log string is the group name, if for example you want to alert when a user is added to an administrator group. Most vendors will create normalisation rules for the standard off the shelf applications, but you should be able to normalise your organisations custom log formats, without having to employ the vendors, likely to be expensive, professional service consultants.

5. Alert Management. As well as creating complex alerts based on correlation rules it should be possible to track the status of generated alerts. Has the Alert been resolved? What steps were taken after the alert was raised. A built in ticketing system or tight integration in to an existing ticketing system is a critical feature of a Security Event Management tool.

Explaining Some Things To Look For In An Integrated Security System And PSIM

We are fortunate in this era that modern technology has produced a lot of beneficial products and solutions. One of these advantages is integrated security systems.

Professionals on the matter of security suggest that you will need to recognize how integrated security systems operate and how crucial they are for modern corporations. There is no secret that criminal activity,essentially theft, is commonplace in society. This has led people today and businesses all around you to become cautious in the case of security. In an effort to lessen the potency of criminals, gurus in the security industry are constantly being faced with the problem of how to best safeguard the law abiding population.

In the present day, security has become heightened further as proprietors, supervisors and even executives are cautious about the hazards that they face each day and are developing these security systems to boost their armory. This cause for worry is the reason why a lot of office blocks, by way of example, utilize the assistance of a specialized security organization, that may let them have peace of mind.

Lots of business establishment owners will not immediately favor integrated security systems and PSIM. However, if these people can clearly see the grand scheme of the full undertaking, chances are they’ll may perhaps modify their reaction almost instantly. Quite possibly a good reason why integrated security systems aren’t that widespread is due to the fact that they have a steep learning curve.

One key advantage of an integrated security system, however, is that it also safeguards the data and information of your company, together with your physical premises. As you might envision, this complete security management is no straightforward task, and the seriousness of such an undertaking is enough to put loads of individuals off from investing. Which is why it is important to open your mind instead of shutting it without even knowing all about this service.

To incorporate security systems and PSIM into a corporation is not a stroll in the park. Once again, don’t let the complicated setup deter you, as once your integrated security system is ready to go, you will find yourself wanting to know what you ever did without one.

A vital thing to consider when going through the installation process of an integrated security system is basically that you will need to keep in continuous contact with your dealer. Put another way, the origin of the paraphernalia for this to continue should come from just one manufacturer only. In case the dealer ceases its business or chooses not to carry on their professional services, then it could spell chaos to a business. This is the reason it is recommended to diligently select the right people to assist in putting up this sort of protection.

Internet Security – Protecting Your System And Data From The Perils Of The Web World

Computer security and online privacy have always been the most common issues since the advent of internet. Almost all the internet users keep internet security as one of their top listed priorities. The always connected internet connection and the idle smart minds have made internet security indeed a popular issue. There are good number things that are unsafe because of the online perils. You need to safeguard you data, encrypted information, private files and much more. In case you are operating an online business, the need for proper e-security measures would be even more for you.

In order to protect your personal computer and data from the perils of internet, here is a complete checklist of things to do. These can serve as a guide to saving the private information and data from the wicked elements of the web world.

1. Block Hackers And Viruses
Without an up to date anti-virus and firewall software, your personal computer might be completely vulnerable to the threats of hackers and viruses. Most of the internet connections are always connected and without any firewall or antivirus, your PC will be prone to hackers and virus attacks like an empty house is to the burglars. A firewall helps in protecting the system from communicating with any third party network.

2. Use Two-Way Firewall
The in-built firewall of Windows is quite helpful, but it is recommended to install an additional and up to date firewall in order to monitor as well as manage the network traffic in an easy and protected manner. With the help of this bidirectional firewall, any kind of backdoor program in your system will be blocked and your PC will be rendered safe.

3. Setting Proper Security Controls
Apart from installing up to date antivirus programs, you are required to verify all your security settings of each and every application installed in your PC. This will help in blocking viruses from attacking your system, prevent cookies and keep the spies away from your PC as well as network. Browser security settings can also prove to be helpful in controlling any harmful web content. These settings can control all the nasty things from accessing your system without any authorization.

So, if you are worried about the internet security of your system and data, then the above discussed checklist can help you a lot. You are required to go through the aforesaid checklist in order to protect the system from any kind of internet perils.