Analytics

9/27/2017
07:00 AM
Dawn Kawamoto
Dawn Kawamoto
Slideshows
100%
0%

7 SIEM Situations That Can Sack Security Teams

SIEMs are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.
Previous
1 of 8
Next

Image Source: Shutterstock

Image Source: Shutterstock

Infosec professionals working with security information and event management (SIEM) systems may find themselves in a love-hate relationship – they love the concept of the SIEM's incident response capabilities, but hate their potential fist-full of problems and surprises, according to a presentation this week at the ISC(2) Security Congress convention in Austin, Texas. 

More than half of SIEM users are displeased with the intelligence they glean from the technology, according to a presentation by Cyphort, which sponsored a SIEM survey by the Ponemon Institute and one from Osterman Research. Both surveys collectively represented nearly 1,000 enterprise SIEM users, says Franklyn Jones, Cyphort's chief marketing officer, who gave the presentation.

Here are seven major problems SIEM users face, according to Cyphort's presentation and, based on interviews with Dark Reading, solutions offered by a Forrester Research analyst, and various SIEM vendors.

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
donnaksmith
100%
0%
donnaksmith,
User Rank: Apprentice
10/12/2017 | 3:22:56 PM
EXCELLENT!
Covers everything that I've run into!
LouiseMiller
100%
0%
LouiseMiller,
User Rank: Apprentice
10/10/2017 | 9:13:16 AM
Great post
wow, what can I say 
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: camera, camera everywhere, not a single news to rely on
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16873
PUBLISHED: 2018-12-14
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, b...
CVE-2018-16874
PUBLISHED: 2018-12-14
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in mod...
CVE-2018-16875
PUBLISHED: 2018-12-14
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are ...
CVE-2018-14623
PUBLISHED: 2018-12-14
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulne...
CVE-2018-18093
PUBLISHED: 2018-12-14
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.