It's not any more a rumor, HP and ArcSight, Inc. announced yesterday that they have signed a definitive agreement for HP to acquire ArcSight.
It will be really interesting see how is intrated ArcSight within the HP portfolio. And how it address the problems mentioned by Tom Reily in his open letter.
Tuesday, September 14, 2010
Wednesday, August 4, 2010
RSA TechFest 2010
Hi again,
RSA TechFest 2010 has been a great conference, with SE, engineering, PS and support personnel present. I was able to speak with most of enVision 'gurus', and I get answers to all of my questions. The conference was really technical oriented with completely open discussions regarding interface, features, roadmap and so on.
RSA TechFest 2010 has been a great conference, with SE, engineering, PS and support personnel present. I was able to speak with most of enVision 'gurus', and I get answers to all of my questions. The conference was really technical oriented with completely open discussions regarding interface, features, roadmap and so on.
Thursday, July 22, 2010
Using treemaps for tunning SIEM alerts
I had some time this week to try to apply one of the concepts presented in the book "Applied Security Visualization" from Raffael Marty. One of its chapters describes how to use treemaps for IDS tunning. So i used a similar approach for SIEM alerts tunning. And it looks pretty cool :)
Sunday, July 18, 2010
ArcSight PS bootcamp
Hi again,
first part of the summer training done, ArcSight PS Bootcamp in London. It was a good training specially for all the extra information provided by the instructor Mark Jonhston, who add great value with all his real life experience.
first part of the summer training done, ArcSight PS Bootcamp in London. It was a good training specially for all the extra information provided by the instructor Mark Jonhston, who add great value with all his real life experience.
Tuesday, June 22, 2010
July 2010 SIEM events
I can't wait to start the month on July. First the ArcSight Bootcamp in London and later the RSA Techfest in Boston.
Tuesday, June 15, 2010
Correlation opens the SIEM managed services needs
It has been very interesting follow up the blog traffic initiated with the loglogic announcement of price lowering of their SEM capability, specially the responses from Loglogic to the comments at visiblerisk and the post at Log Talk "Is correlation killing the Log Market?"
I'm agree that the vendors promise too much with the out-of-the-box rules, most of them need to be tunning in order to provide real value. And that's exactly the point! I don't think that Correlation is not good enough, it's just that the people using it lack of the skill/TIME necessary to actually get a good outcome.
I'm agree that the vendors promise too much with the out-of-the-box rules, most of them need to be tunning in order to provide real value. And that's exactly the point! I don't think that Correlation is not good enough, it's just that the people using it lack of the skill/TIME necessary to actually get a good outcome.
Friday, June 11, 2010
Magic Quadrant for SIEM - May 2010
Finally i had time for reading the Gartner Magic Quadrant for SIEM (May 2010) and I'm not surprise that the 2 clear leaders continue being ArcSight and RSA(EMC) -I'm completely agree with it :P -
It's interesting to see how the primary driver continues to be regulatory compliance (80% North America SIEM market). Here in Norway I'd say it's even bigger, close to the 90%, especially PCI and its requirement for log management.
It's interesting to see how the primary driver continues to be regulatory compliance (80% North America SIEM market). Here in Norway I'd say it's even bigger, close to the 90%, especially PCI and its requirement for log management.
Thursday, April 15, 2010
SIEM is difficult
Lets face it, deploy a SIEM solution which give you value is difficult. It's not enough with install the solution and configure the different log sources to send the events.
You need to customize the predefine content to your needs or create new from scratch. And that takes time, not only from the consultant who deploy the solution, but from all the different stakeholders who want to get something from the shiny new SIEM tool installed. Otherwise you can end up having a tool who nobody uses proactive, just a place to store logs, nothing else.
It's sad but it can happens, you need to start building up your system from the floor to the roof, not the other direction. Sounds obvious, but sometimes is not.
You need to customize the predefine content to your needs or create new from scratch. And that takes time, not only from the consultant who deploy the solution, but from all the different stakeholders who want to get something from the shiny new SIEM tool installed. Otherwise you can end up having a tool who nobody uses proactive, just a place to store logs, nothing else.
It's sad but it can happens, you need to start building up your system from the floor to the roof, not the other direction. Sounds obvious, but sometimes is not.
Wednesday, April 14, 2010
Welcome to the Smart SIEM blog
Hi there,
Welcome to the Smart SIEM blog (if you don't know what SIEM is, this is not your blog).
A picture is worth a thousand words:
Welcome to the Smart SIEM blog (if you don't know what SIEM is, this is not your blog).
A picture is worth a thousand words:
Subscribe to:
Posts (Atom)