SOC Visibility and SIEM Tools – Jeff Costlow – BSW #145

SOC Visibility and SIEM Tools
The post SOC Visibility and SIEM Tools – Jeff Costlow – BSW #145 appeared first on Security Weekly. Continue reading SOC Visibility and SIEM Tools – Jeff Costlow – BSW #145

Security Orchestration and Incident Response

Last month at the RSA Conference, I saw a lot of companies selling security incident response automation. Their promise was to replace people with computers ­– sometimes with the addition of machine learning or other artificial intelligence techniques ­– and to respond to attacks at computer speeds. While this is a laudable goal, there’s a fundamental problem with doing this… Continue reading Security Orchestration and Incident Response

New Presidential Directive on Incident Response

Last week, President Obama issued a policy directive (PPD-41) on cyber-incident response coordination. The FBI is in charge, which is no surprise. Actually, there’s not much surprising in the document. I suppose it’s important to formalize this stuff, but I think it’s what happens now. News article. Brief analysis. The FBI’s perspective…. Continue reading New Presidential Directive on Incident Response

Credential Stealing as an Attack Vector

Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what’s missing is a recognition that… Continue reading Credential Stealing as an Attack Vector

Resilient Systems News: IBM to Buy Resilient Systems

Today, IBM announced its intention to purchase my company, Resilient Systems. (Yes, the rumors were basically true.) I think this is a great development for Resilient Systems and its incident-response platform. (I know, but that’s what analysts are calling it.) IBM is an ideal partner for Resilient, and one that I have been quietly hoping would acquire it for over… Continue reading Resilient Systems News: IBM to Buy Resilient Systems