Security analytics and automation

SIEM benefits include efficient incident response, compliance

SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting. Continue Reading

Security data scientists on how to make your data useful

Data science and machine learning can reveal valuable security information that would otherwise remain hidden in large data sets. Security data scientists can be hard to find and may be out of reach for most organizations. Even without these skill sets, companies can make strides to take advantage of advanced analytics to improve their security posture.

In August 2017, Google data scientists revealed that they had worked in conjunction with academic researchers from Princeton and other universities to create a model for tracking ransomware payments on the bitcoin blockchain. The researchers tallied roughly 20,000 payments worth $16 million.

"Very large organizations can often build their own data storage and data analysis solutions, because they will often have security data scientists on staff to write code and identify patterns," said Joshua Saxe, chief data scientist at security software firm Sophos. "The vast majority of organizations do not have the resources to do that."

Data analytics and machine learning can help companies quickly reduce the amount of data they need to parse in order to highlight potential threats. Too much data noise can quickly overwhelm human analysts, however. In this issue of Information Security magazine, we talk to CISOs and security data scientists about effective use of data analytics, machine learning and their strategies for managing this information to advance threat research.

 Continue Reading

A comprehensive guide to SIEM products

Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security. Continue Reading

SOC services: How to find the right provider for your company

SOCs are the latest services you can now outsource rather than build in-house. But should you entrust them to a third party? Yes—but make sure you know how to pick the best. Continue Reading

Algorithmic discrimination: A coming storm for security?

Following several RSA Conference 2018 talks on machine learning and AI, it's worth asking how algorithmic discrimination might manifest in the infosec industry. Continue Reading

How machine learning anomaly detection works inside SAP

SAP CSO Justin Somaini discusses how SAP uses machine learning for security tasks, like anomaly detection, and compares supervised and unsupervised algorithms. Continue Reading

Binance bounty offered for info on attempted attack

A failed attack led to a Binance bounty offer of $250,000 for information that leads to the arrest of the threat actors responsible for the attempted cryptocurrency theft. Continue Reading

Behavioral analytics, security go hand in hand

This Security School explores behavioral analytics as a tool for enhancing the security of enterprise systems and data. Continue Reading

IT sabotage: Identifying and preventing insider threats

Preventing IT sabotage from insider threats can be a challenge. Peter Sullivan explains how enterprises should monitor for characteristics of insider threat behavior. Continue Reading

Security behavioral analytics: The impact of real-time BTA

Johna Till Johnson, CEO and founder of Nemertes Research, explains real-time threat analysis in terms of BTA and its next-generation security architecture. Continue Reading

The tug of war between user behavior analysis and SIEM

Information security technologies embrace user behavior analytics, and the trend is expected to continue. Should CISOs consider a standalone UBA component? Continue Reading

Will it last? The marriage between UBA tools and SIEM

The failure to detect insider threats and a growing need to store and sort through massive amounts of data have drawn attention to user behavior analytics, sometimes called user and entity behavior analytics. According to Gartner, UBA tools deliver value for use cases such as compromised accounts, including stolen and phished credentials. They can also be used to find compromised systems and data exfiltration.

Security platforms like data loss prevention, endpoint security and cloud access security brokers will increasingly layer or incorporate UBA features to help analyze alerts and make underlying technology more useful, according to analysts. SIEM and UBA are also converging, with SIEM vendors adding UBA tools and UBA vendors building SIEM systems.

In this issue of Information Security magazine, we look at the dynamics around UBA and strategies for CISOs going forward. UBA vendors are releasing product suites targeted at security operations centers, today built around SIEM. What does the future hold for standalone UBA tools? We look at time to value and use cases, and help you sift through the noise.

 Continue Reading

The tug of war between user behavior analysis and SIEM

 Continue Reading

Considerations for developing a cyber threat intelligence team

The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee. Continue Reading

Can the STIX security framework improve threat intelligence sharing?

Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework. Continue Reading

What SIEM features are essential for your company?

On the hunt for the best SIEM tool for your company? Learn how to evaluate the capabilties of the newest security information and event management products. Continue Reading

Machine learning in cybersecurity: How to evaluate offerings

Vendors are pitching machine learning for cybersecurity applications to replace traditional signature-based threat detection. But how can enterprises evaluate this new tech? Continue Reading

Tactics for security threat analysis tools and better protection

Threat analysis tools need to be in top form to counter a deluge of deadly security issues. Here are tips for getting the most from your analytics tool. Continue Reading

Q&A: How the Cyber Threat Alliance solved threat intelligence sharing

Palo Alto Networks CSO Rick Howard talks with SearchSecurity about his experiences with the Cyber Threat Alliance and how the group approaches threat intelligence sharing. Continue Reading

How threat intelligence feeds aid organizations' security posture

This Security School explores how threat intelligence feeds works and discusses the types of vendor services that exist now. Continue Reading

Incorporating user behavior analytics into enterprise security programs

User behavior analytics can be used for a number of different objectives within an enterprise. Expert Ajay Kumar examines some of the most important features and capabilities. Continue Reading

User behavior analytics: Building a business case for enterprises

User behavior analytics can be beneficial to enterprises, but there are complexities involved. Expert Ajay Kumar explains what companies should know about this new technology. Continue Reading

Securing big data is a growing infosec responsibility

Learn the ins and out of securing big data, from the key risks facing big data environments to the skills infosec pros need to master to handle this growing responsibility. Continue Reading

Machine learning in security explodes: Does it work?

Machine learning in security is continuing to advance, and many companies now claim to have introduced artificial intelligence techniques into their platforms. With the high volume of data that most security teams have to prioritize, machine learning in security technology is increasingly being adopted as a way to reduce the noise that traditional security products produce.

Smaller companies, such as Keen Footwear, have turned to threat platforms that incorporate machine learning and AI techniques -- and soon automated defense -- to solve a variety of problems. "I don't need to go hire someone dedicated to security," said Clark Flannery, director of IT at Keen's headquarters in Portland, Ore. "It just feels like a whole team back there -- who are way more qualified than [staff] I would be able to pay."

With security professionals in short supply, companies like Keen are relying on these technologies to make it easier to spot and respond to attacks. While machine learning and artificial intelligence are often used interchangeably, the concepts are different. In this issue of Information Security magazine, we discuss the nuances and dive into the current state of the technology. Machine learning in security offers information security analysts more depth of knowledge, helping to detect patterns and related analysis they may not otherwise have known about.

 Continue Reading

AI or not, machine learning in cybersecurity advances

As more companies promote machine learning and artificial intelligence technologies, chief information security officers need to ask some tough questions to get past the hype. Continue Reading

Security looks to machine learning technology for a cognitive leg up

Advances in machine learning technology and artificial intelligence have proven to work well for some information security tasks such as malware detection. What's coming next? Continue Reading

Security looks to machine learning technology for a cognitive leg up

 Continue Reading

AI or not, machine learning in cybersecurity advances

 Continue Reading

RSA NetWitness Logs and Packets: Security analytics product overview

Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats. Continue Reading

Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview

Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data. Continue Reading

EMC RSA Security Analytics: SIEM product overview

Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise. Continue Reading

AlienVault OSSIM: SIEM Product overview

Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization. Continue Reading

Splunk Enterprise: SIEM product overview

Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity. Continue Reading

SolarWinds Log and Event Manager: SIEM product overview

Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity. Continue Reading

IBM Security QRadar: SIEM product overview

Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data. Continue Reading

LogRhythm's Security Intelligence Platform: SIEM product overview

Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data. Continue Reading

What are the secrets to SIEM deployment success?

Many organizations deploy security information and event management systems without the proper planning and therefore can't reap the proper rewards. Expert Kevin Beaver offers tips for a successful implementation. Continue Reading

Beyond the Page: New SIEM Battleground Unfolds with Advanced Analytics

Robert Lemos looks at next-generation security information and event management analytic tools and cloud-based systems. Continue Reading

SIEM systems: Using analytics to reduce false positives

Combining data from a variety of sources with better analytics can reduce workloads. Continue Reading

Benefits of the Cisco OpenSOC security analytics framework

Cisco's open source security analytics framework aims to help enterprises address visibility and incident management challenges. Expert Kevin Beaver discusses OpenSOC and what to consider when integrating it into an enterprise security strategy. Continue Reading

How emerging threat intelligence tools affect network security

Up and coming threat intelligence tools aim to improve data security and even standardize threat intelligence across the industry. Expert Kevin Beaver explains how. Continue Reading

Big data security analytics: Facebook's ThreatData framework

Expert Kevin Beaver explains how enterprises can take a page from Facebook's ThreatData framework security analytics to boost enterprise defense. Continue Reading

How to define SIEM strategy, management and success in the enterprise

Enterprise SIEM technology is as functional, manageable and affordable as it's ever been. Learn how to achieve success with SIEM in your organization. Continue Reading

Quiz: Using SIEM technology to improve security management processes

In this five question quiz, test your knowledge of our Security School lesson on using SIEM technology to improve security management processes. Continue Reading

Is centralized logging worth all the effort?

Network log records play an extremely important role in any well-constructed security program. Expert Mike Chapple explains how to implement a centralized logging infrastructure. Continue Reading