SIEM City, Baby

Imagine for a moment that you’re the most knowledgeable being in the world. Imagine you know everything that’s happening around you all the time. Imagine you also try to let everyone else know what’s going on but you just can’t seem to be able to get them to understand you. They just can’t make sense of what you’re telling them. How frustrating are you? Now imagine you were also kind of a jerk. You would be a SIEM.

A SIEM, or Security Incident and Event Management solution, is probably the hottest selling and most broadly defined security solution in everything cyber today. And the second thing probably explains the first thing.

It’s also one of the most infuriating, like a know-it-all sibling who corrects you when you say “gooder” instead of “more good.” It tells you all the things it thinks it’s figured out but not why. It screams at you a lot. And then it leaves you to figure out if it’s really true and what to do about it, if there’s even anything you can do about it.

But probably the most annoying thing about a SIEM is how it requires full participation from everything around it to have any value. Like an ice-breaker orientation leader. You remember how helpful those are.

On top of all that, it’s constantly notifying you of all the things it thinks it knows better than you, expecting you to respond. And if you don’t immediately respond to those gazillion things per millisecond it’s telling you to check, it tells you again. And again. And again. 

And I’m pretty certain newer models of SIEMs also say “I told you so” in a nasally voice after a breach.

So by now you’re asking yourself, where can I get one?! Of course you’re (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Pete Herzog. Read the original post at: