Category


Latest Blogs

All Blogs »

March 7, 2017 | Security Operations Centers (SOCs)
By Mike Rothman, IANS Faculty

 Overcoming Resistance to SOC Data Collection

How can you run an effective security operations center (SOC) when operations won't provide you with the right data? In this Ask-an-Expert live interaction, IANS Faculty Mike Rothman outlines some potential reasons for operations' lack of cooperation and provides strategies for overcoming them.

Read More »


August 22, 2016 | Security Analytics and Visualization
By Dave Shackleford, IANS Faculty

 Assessing Tools for Data Lineage Visualization

Most tools for performing data lineage visualization fall into one of two categories: data analytics processing or fraud analytics. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford details the top analytics processing and visualization tools, including some open-source options that can be used to analyze large quantities of logs and events.

Read More »


August 9, 2016 | Security Analytics and Visualization
By Dave Shackleford, IANS Faculty

 User Behavior Analytics: A Tools Overview

Over the past few years, a number of organizations have begun to implement a user behavior analytics program in an effort to combat things like insider threats. In this live Ask-an-Expert interaction with the security team at a large financial services organization, IANS Faculty Dave Shackleford assesses the current landscape of user behavior analytics tools and offers tips and pitfalls to consider when implementing such a program.

Read More »


April 20, 2016 | Security Information and Event Management (SIEM) and Log Management
By Davi Ottenheimer, IANS Faculty

 Log Management Product Comparison

The goal of log management is to connect the dots within complex environments as quickly as possible to glean security insights. In this Ask-an-Expert written response, IANS Faculty Davi Ottenheimer details the latest evolution of the log management space and offers pros and cons for some of the major vendors in the market today.

Read More »


April 11, 2016 | Security Information and Event Management (SIEM) and Log Management
By Michael Pinch, IANS Faculty

 SIEM Isn't Dead, Just Evolving

With so much hype around machine learning and big data, some organizations are beginning to question their investments in SIEM. In this Ask-an-Expert live interaction, IANS Faculty Mike Pinch says SIEM isn't dead, just evolving, and that it may eventually morph to become the magic single pane of glass for security.

Read More »


January 12, 2016 | Security Analytics and Visualization
By Davi Ottenheimer, IANS Faculty

 Ethics in Machine Learning: Uncovering Breaches Effectively – and Fairly

Security organizations are looking for ways to turn the thousands of data points they gather each day into actionable threat information. Can machine learning help? In this report, IANS Faculty Davi Ottenheimer explains the implications of using big data and machine learning in security and focuses on ways to ensure organizations use these new tools as ethically as possible.

Read More »


January 11, 2016 | Security Information and Event Management (SIEM) and Log Management
By Raffy Marty, IANS Faculty

 Best Practices for Managing a SIEM

Security organizations often underestimate the time and effort required to effectively manage a SIEM. In this Ask-an-Expert written response, IANS Faculty Raffy Marty offers key recommendations for successfully running a SIEM and explains how failing to regularly update your rules and alerts can leave you "flying blind."

Read More »


November 5, 2015 | Metrics and Reporting
By Alex Hutton, IANS Faculty

 Creating Meaningful, Actionable IT Security Metrics

When it comes to defining meaningful security metrics, security professionals need to take into account a number of factors, from industry-standard baselines to the business risk tolerance. In this Ask-an-Expert written response, IANS Faculty Alex Hutton details the process of creating these metrics, from the foundational goal-question-metric technique to the establishment of a risk scorecard that combines multiple metrics.

Read More »


October 27, 2015 | Security Information and Event Management (SIEM) and Log Management
By Dave Kennedy, IANS Faculty

 Best Practices for Monitoring Security Events

When building a threat monitoring and detection program, the first step for security teams is to define what, exactly, they want to monitor. In this Ask-an-Expert written response, IANS Faculty Dave Kennedy explains that following that initial phase of defining attack vectors and high-value assets within the business, the next step is to create and add rules, from pass the hash detection to honeypots and honeyfiles.

Read More »


October 26, 2015 | Metrics and Reporting
By Bruce Bonsall, IANS Faculty

 Delivering News to the Board

Presenting to the board can be a daunting task for CISOs, particularly when they have less-than-stellar news to report. In this Ask-an-Expert written response, IANS Faculty Bruce Bonsall offers tips for delivering both positive and negative news and recommends that CISOs focus on strategy, provide meaningful metrics and maintain a two-way dialogue that keeps security on the board's list of top priorities.

Read More »


October 26, 2015 | Metrics and Reporting
By Mike Saurbaugh, IANS Faculty

 Briefing the CIO on Security and Budgeting

With information security sitting within IT at the majority of organizations today, CISOs must often be prepared to present budget proposals to the CIO. In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh provides templates that can be used for these types of presentations and lists some of the key topics that CISOs should highlight when demonstrating the value of security, including compliance and vulnerability management.

Read More »


October 23, 2015 | Metrics and Reporting
By Mike Saurbaugh, IANS Faculty

 Keeping Technical Staff Engaged During Security Presentations

As the role of security within organizations continues to grow, CISOs and their teams need to constantly improve the delivery of their message to the board, technical staff and others within the business. In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh offers a sample outline for a quick, 30-minute security presentation and recommends using GIFs, memes and videos to keep the audience engaged.

Read More »


September 18, 2015 | Security Information and Event Management (SIEM) and Log Management
By Bill Dean, IANS Faculty

 Choosing the Right Commercial Threat Feed for a LogRhythm Environment

The benefits of threat intelligence are becoming increasingly clear for security professionals, but which feeds are the most effective when it comes to automating intelligence into a SIEM? In this Ask-an-Expert written response, IANS Faculty Bill Dean explains that when it comes to threat intelligence, organizations should focus on preventing targeted attacks, and lists a number of useful commercial and open-source threat feeds.

Read More »


June 23, 2015 | Security Operations Centers (SOCs)
By Dave Shackleford, IANS Faculty

 When to Go the Hybrid SOC Route

Think Business: A comprehensive security operations center (SOC) is a crucial component of any organization, but what if the security team lacks the budget and resources necessary to fully implement one on its own? In this report, IANS Faculty Dave Shackleford outlines the situations where it can be beneficial to leverage managed security service providers (MSSPs) to build a hybrid SOC.

Read More »


May 8, 2015 | Incident Response Planning
By Michael Pinch, IANS Faculty

 So You've Implemented SIEM… Now What?

Improve Visibility: Many organizations are implementing security information and event management (SIEM) solutions to help uncover new incidents, but they're falling short when it comes to incident response. In this report, IANS Faculty Michael Pinch examines the challenge of SIEM-generated incident response and outlines the key characteristics of the various toolsets available to help overcome this issue.

Read More »