Collaborate Disseminate
We just published the second part of our SIEM guidance, “How to Operate and Evolve a SIEM Solution.” Our readers may recognize some of the content from our world-famous “Security Information and Event Management Architecture and Opera… Continue reading Our “How to Operate and Evolve a SIEM Solution” Publishes
This is a depressing post about security in the real world (what … another one?) In any case, we are having those enlightened debates about log analysis (via SIEM/UEBA), network security monitoring (via NTA or, if you’d like, NDR), endpoint… Continue reading Let’s Go Fight IT for Logs? Agents? Taps?
Our team has released our annual security planning guide: “2019 Planning Guide for Security and Risk Management.” Every Gartner GTP customer should go and read it (in fact, the above link requires just such a subscription) The abstract stat… Continue reading 2019 Planning Guide for Security and Risk Management
Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for network-centric detection and response) research one mystery has to be resolved. What mo… Continue reading NTA: The Big Step Theory
This post is about a topic that few of us ponder often: security architecture frameworks. We have some exciting research plans in this area, hence this blog series. Perhaps one can say that dumb people think of boxes, smart people think of processes, w… Continue reading Security Architecture Frameworks – Yay or Nay?
A little bird landed on my desk, and it had the below clutched in its little beak. The text looks like it was written by a fellow analyst: Dear Vendor: Thanks so much for your briefing today. You obviously put a lot of work into your slide deck. Howeve… Continue reading Anonymous Guest Post: More Vendor Briefing Advice
We just published our “How to Architect and Deploy a SIEM Solution” paper. Avid readers of our research will recognize that some of the content actually comes from our world-famous “Security Information and Event Management Architectu… Continue reading Our “How to Architect and Deploy a SIEM Solution” Publishes
As I allude here, my long-held impression is that no true anomaly-based network IDS (NIDS) has ever been successful commercially and/or operationally. There were some bits of success, to be sure (“OMG WE CAN DETECT PORTSCANS!!!”), but in to… Continue reading Network Anomaly Detection Track Record in Real Life?
We have EDR (thanks Anton!), but can we also have NDR – if only to make the world of acronyms more consistent? Instead, today we have NIDS (detection that is assumed to be signature-based), NTA (detection by learning and baselining, and praying t… Continue reading Can We Have NDR, Please?
Have you ever wondered why academic literature – however silly much of infosec academic research is – always talks about “signature-based IDS” (“misuse”) and “anomaly-based IDS” (“abuse”), but… Continue reading NTA: The Other IDS?