Security Events Everywhere and None Worth Investigating
If you’re in security, you probably have some tool somewhere showing a lot of events. Verizon Data Breach Investigation Reports consistently show...
Threat detection
SIEM 101 – Best Practices for Implementation
Security information and event management (SIEM) is about collecting, detecting, and responding. That is, collecting data into a single pane of glass...
Situational Awareness Is Key to Faster, Better Threat Detection
Threats start with risks. Understanding risks is really just situational awareness. And that awareness leads to faster and better detection. The...
CISOs Must Make Data Analytics a Top Priority
This time of year, people often ask me about highlights from the past year and what to expect in the new year. As I reflect back on major threats and...
UEBA, It's Just a Use Case
"UEBA, it’s just a use case." – Netenrich CISO Chris Morales
He’s not wrong. But I’d take it a step further. User entity and behavior analytics (...
Want to Optimize Threat Detection & Response? 5 Patterns vs. 500 Rules
One vendor uses 5 patterns, the other uses 500 rules. What’s better?
Anyone who has configured a SIEM or UEBA (e.g., QRadar, Splunk, ArcSight,...