Ask yourself: Do you need a Security Information and Event Management (SIEM) to maintain PCI compliance?
According to section 10.6 of the latest Payment Card Industry Data Security Standard requirements (PCI DSS v2.0), any entity involved in payment processing is required to perform log analysis at least once daily.
At a recent security conference that I attended, SIEM was the keynote topic. The speaker covered the areas of log retention and reporting in great detail, but fell short in analysis. I asked the speaker to explain the process around creating log analysis, knowing this was a loaded question as we at Virtela have been working on this for years. My intent was not to challenge the speaker; I simply wanted to compare our thoughts about good processes for log analysis . The speaker danced around the subject, answering in abstracts like “try to understand what you are looking for” (not bad, but pretty vague), “understand the threat landscape” (OK, sure that is important, but still pretty vague), and went on about some other lofty ideas, but no concrete “first you do this, followed by this, and then proceed with this…” As I have attended many conferences this year, it is becoming apparent to me that there seems to be a lack of clarity on the subject of operationally defining security events that can be generated (via correlation) from a SIEM. So, I decided to share my thoughts on the subject in hopes of helping those that are trying to deploy a SIEM solution, as well as maybe sparking a healthy debate.
At one point or another, nearly everyone has had a moment of cybersecurity gone wrong. Whether it’s a bit of spyware downloaded from your personal email or a distributed denial of service (DDoS) attack launched against your company’s network, experiences with security threats are not especially rare these days.
But understanding the odds and ends of cyberthreats is something that still eludes the casual computer user. Terms like malware, spyware, DDoS, botnet, advanced persistent threats, we know they’re bad news, but beyond that they’re just jargon used by IT guys and technology pundits. Even those who do claim to understand the nuances of cybersecurity have a tendency to confuse the details or explain them unclearly.
Investing in bandwidth upgrades without knowledge of traffic is like filling a bucket with a leaking hole
“We are growing and need more bandwidth.”
“We’ll need to double the bandwidth as we are over-utilizing the existing pipe.”
These are common complaints – or requirements – of CIOs and Network/IT managers. Upgrading bandwidth to meet business demands is critical. But equally important is the need to know what traffic types are flowing across the network. Are users making right use of the current bandwidth? Is a DS3 being fully utilized with production or business traffic?
Most companies do not identify their traffic flow due to lack of time, resources, or skill. Budget is commonly available to upgrade the bandwidth but not to analyze the traffic, which is rarely considered a necessity under the assumption that all traffic is legitimate traffic. As a result, it’s comparatively easy to make a business case to upgrade bandwidth than it is to invest in identifying the traffic.
Arrive at work a little early to get ahead of the day. I have some tickets to confirm, work, and close. On top of that there are new engineers to be trained on Virtela processes and tenured engineers to be trained on new, more advanced features. And then there is refresher training for all.
Today my focus will be training. Virtela’s Managed Security Services is growing and our group has doubled in engineers in all tier groups. We have a very diverse group of minds and experience. There’s a significant amount of collaboration and cross-training. There are expert engineers for every device and every security concept.
Previously, Ben had blogged about Why Mobile Device Management (MDM) is necessary for today’s enterprises. Today, I would like to touch on how to secure mobile devices. The main two components of securing mobile devices are 1) securing the connection between the mobile device and the corporate network, and 2) securing the device itself.
Securing the Connection