SIEMs Can Suck... and Other Stories from the Security Sarlacc Pit by Brian Contos - Security Boulevard

SIEMs Can Suck… and Other Stories from the Security Sarlacc Pit by Brian Contos

Please join Verodin at the Rocky Mountain Information Security Conference RMISC May 10th & 11th 2017 at the Denver Colorado Convention Center.

Be sure to stop by the Verodin booth (#301) to learn more about Verodin, get a demo, and play some foosball. On May 11th at 11:15 am we’ll be giving a talk titled “SIEMs can suck…and other stories from the security Sarlacc Pit.”

Here’s an outline of the talk

Like many of you, I’ve been installing, integrating, tuning, and operating SIEMs for way too long. One thing people like us know for certain is that from log collection and transmission to rule correlation and alerts – SIEMs sometimes suck.

Without a doubt, the biggest issue I’ve encountered is metadata creation i.e. rules correctly firing following an incident. When it comes to SIEMs I’ve always wanted a way to quickly and easily validate that they’re working, optimize my rules, and tune them to do precisely what I want. But SIEMs, like many security controls, can be a Sarlacc Pit that few escape from – but I’m still pulling for a certain bounty hunter with Mandalorian armor.

Continuously validating that you’re receiving logs following an attack, rules are firing based on that attack, and your SIEM remains effective over time are areas where Security Instrumentation Platforms or SIPs can really help.

SIPs can be used to safely execute real attacks within your production environment while integrating with your defensive stack to determine if your firewalls, IPS, DLPs, endpoint security solutions, log managers, SIEMs and related security solutions are working the way you want.

SIPs allow you to know the answer to questions such as – when under an attack am I: blocking, detecting, logging, correlating, alerting, and responding. And if you’re not doing some of these things, SIPs can help provide a prescriptive approach to closing the gaps.

Following this presentation, you will be able to:

  • Describe how SIPs operate and how they help to optimize SIEMs
  • Recognize through a live demo how SIPs are used to validate and instrument SIEMs by safely launching attacks, integrating with SIEMs following an attack, determining what was blocked, detected, and correlated, and leveraging prescriptive, evidence-based results for tuning
  • Construct solutions that leverage SIPs within your own organization

About Verodin

Verodin is defining the emerging concept of Instrumented Security™. Its revolutionary platform empowers enterprises to remove assumptions and prove their security effectiveness with empiric data. With Verodin, you can observe and adjust real responses to real attacks without ever putting production systems in danger. Verodin customers dramatically increase the ROI of their existing security investments, achieve maximum value from future spending and measurably mature their cyber prevention, detection and response effectiveness. Learn more at

*** This is a Security Bloggers Network syndicated blog from Verodin Blog authored by Verodin Blog. Read the original post at: