Coming apart at the SIEMs…

Security Information and Event Management (SIEM) systems are all the rage at the moment – and with good cause.

As you are all aware, one item of data does not a case make, it is the combination & correlation between _all_ of the data that creates “evidence” – and here in the SIEM we are seeing the very thinnest separation between forensics and security – if we look at it today it is security, if we look at it tomorrow, it’s forensics.

An SIEM (oft pronounced “seem” – although mostly I like to spell out my TLAs ESS-AYE-EEE-EMM [ with a few notable exceptions … raid, scuzzy, wizzywig … but I suspect that shows my age more than anything else ! ] ) is a centralised system that collects information from other systems in the network. This information is typically – but not exclusively – collected from some, or all, of the normal logging of the system…

Read More

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles