Analytics

9/27/2017
07:00 AM
Dawn Kawamoto
Dawn Kawamoto
Slideshows
100%
0%

7 SIEM Situations That Can Sack Security Teams

SIEMs are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.
Previous
1 of 8
Next

Image Source: Shutterstock

Image Source: Shutterstock

Infosec professionals working with security information and event management (SIEM) systems may find themselves in a love-hate relationship – they love the concept of the SIEM's incident response capabilities, but hate their potential fist-full of problems and surprises, according to a presentation this week at the ISC(2) Security Congress convention in Austin, Texas. 

More than half of SIEM users are displeased with the intelligence they glean from the technology, according to a presentation by Cyphort, which sponsored a SIEM survey by the Ponemon Institute and one from Osterman Research. Both surveys collectively represented nearly 1,000 enterprise SIEM users, says Franklyn Jones, Cyphort's chief marketing officer, who gave the presentation.

Here are seven major problems SIEM users face, according to Cyphort's presentation and, based on interviews with Dark Reading, solutions offered by a Forrester Research analyst, and various SIEM vendors.

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
donnaksmith
100%
0%
donnaksmith,
User Rank: Apprentice
10/12/2017 | 3:22:56 PM
EXCELLENT!
Covers everything that I've run into!
LouiseMiller
100%
0%
LouiseMiller,
User Rank: Apprentice
10/10/2017 | 9:13:16 AM
Great post
wow, what can I say 
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.