Skip to content

The Change We Need (In Security Management)

January 26, 2009

In the aftermath of the historic inauguration of Barack Obama as the 44th President of the US, one of his catch phrases during the campaign really resonated with me.

“We can’t afford four more of the last eight.”

Now when we think about the security and compliance management markets, the same statement can be made. Sure it’s a little bold, but those of you familiar with my work before eIQ probably aren’t surprised. For the last eight years, security professionals have struggled with increasingly sophisticated attackers searching increasingly lucrative targets.

The old methods of trying to correlate event logs from our defensive tools like firewalls and IPSs aren’t working. I could argue that the approach never really worked. The attackers are too smart for that and half the time they shut off logging and the SIEM is none the smarter. That’s why we harp on the reality that log data is not enough.

And current generation SIEMs are just too hard to use, too expensive and provide limited value. Sure it’s a vendor speaking, but that’s what our customers are telling us.

Many of the companies I speak to are looking for change. They don’t necessarily expect to get “ahead of the threat,” but they need to be able to prioritize their efforts more effectively. Based upon what’s at risk, not just what’s being attacked.

That’s why eIQ focuses on a broader data set. Some of the competition have figured out that network flow data is useful in corroborating when an attack happens. But that’s just a start. We also look at configuration, asset, performance, vulnerability, along with event logs and network flows. This richer data set allows us to see things the competition can’t detect.

Interestingly enough, the existing generation of SIEM solutions have been around for about 8 years.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: