Key SIEM Findings from the AlienVault Blog Q1 2018

alienvault blog Q1 2018

Here at the Solutions Review Cybersecurity Desk, we like to read through the blogs of the most prominent solutions providers in the field. These vendors are on the frontlines of what may be a burgeoning cyberwar. Therefore they are the most equipped to tell us about the situation on the ground, fighting hackers and nation-states alike.

This time, we looked through the 2018 Q1 blog back-catalog of security information and event management (SIEM) solution provider AlienVault. Here’s the key findings we found:

How SIEM Correlation Rules Work by Kim Crawley

To get your SIEM solution to work properly, your need to implement SIEM correlation rules. These rules instruct your solution on the particular sequences of events that are indicative of anomalous activity, potential security vulnerabilities, or cyber attacks. When those sequences occur, a security alert is activated and sent to your cybersecurity team.

According to AlienVault, SIEM correlation rules can’t stop false positives, it can create a set of warning signs to help limit them and keep your security team aware of potential threats. Improperly set rules, or the default rules straight out of the SIEM box, may make execution time unbearably long, may not encompass all the capabilities your enterprise needs, or may flood your team’s inbox with false positives. SIEM correlation rules need to be designed with care.   

By the same token, SIEM event log normalization helps codify the different formats disparate software, hardware, and third-party vendors use to log security events. It compiles all the event information into a consistent, universal style easily read and understood by your cybersecurity team.

SIEM Content Engineer – Why Is It a “Thing”? By Kate Brew

According to AlienVault, legacy SIEM products, often found at large enterprises, are rarely ready for quick deployment out of the box. In most cases, these solutions need a specially assembled team—or at least one truly dedicated person—to set up the custom correlation rules and queries   to make sense of SIEM’s vast compiled logs.

Therefore, some enterprises have turned to hiring a SIEM Content Engineer, a somewhat new position responsible for managing SIEM solutions: properly maintaining and deploying it, writing new rules, and ensuring integration, among other duties.

AlienVault admits to finding the position a little perplexing just because it is a relatively new title. They do say it is a necessary job, but that security operations centers (SOCs)—which can be sole individuals at smaller enterprises—perform much the same responsibilities in addition to other tasks. Furthermore, newer SIEM products may be easier to deploy and may not require the devotion of an SIEM Content Engineer.    

Crypto-Miners: What Are They and What Steps You Can Take to Protect Yourself by David Bisson

Malicious cryptomining software, or cryptojacking, is becoming more popular as cryptocurrencies rise in value and continue to provide anonymity. Cryptomining in itself is fine, as we discussed elsewhere. The problem is that malicious actors are hijacking enterprise’s CPU processing power and electrical power by installing secret cryptomining programs on their networks. AlienVault recommends installing browser extensions that target the more popular cryptojacking programs to keep your enterprise safe.  

What We Lack Most in InfoSec: Inherited Credibility by Bob Covello

Is what cybersecurity teams, professionals, and leaders need the most not money or resources (although we could certainly use more of both) but respect? Bob Covello of AlienVault argues that because our field lacks inherited credibility—because we are not yet a storied institution in enterprises but still upstarts in many organizations, we aren’t getting the attention or resources we need. This will change, but we need to make a concerted effort to build that credibility over time.  

You can download this guide to SIEM for Beginners, this guide to GDPR compliance, this guide to building a security operations center, and this guide to managed security service providers all free from AlienVault.

 

Ben Canner

Leave a Reply

Your email address will not be published.