My recent review of Prism Microsystems’ EventTrack 6.4 update has been published in the November issue of Network Computing. You can download the story for free here – http://www.informationweek.com/nwcdigital/nov09/index.jhtml.

Enjoy 🙂

I’ve been asked to participate in an upcoming SANS Ask the Expert Webcast entitled The Top 5 Fastest ROI Projects Around Identity Assurance with Benjamin Cunningham from IBM. Here are the details:

Webcast Overview:

The Top 5 Fastest ROI Projects Around Identity Assurance
Friday, December 11 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Andrew Hay and Benjamin Cunningham

With budgets being frozen across all industries, executives are finding it increasingly difficult to justify new capital expenditures. Security is one area in which organizations know they cannot afford to reduce spending without increasing risk. In this seminar, we’ll discuss the top 5 identity assurance projects that will give your organization a return on investment (ROI) in the shortest amount of time possible.

You can sign up for the webcast here (it’s free): https://www.sans.org/webcasts/-top-5-fastest-roi-projects-around-identity-assurance-92943

Over the past few weeks SIEM vendor Intellitactics has attempted to answers some of the most commonly received questions about their product. Here are the problems I have with their summary of their responses:

Question 1) Will Intellitactics’ PCI DSS Compliance reports satisfy a Qualified Security Asseessor?

Intellitactics Answer: YES

REALITY: Unfortunately not all auditors are created equal and each one has their own interpretation of what will satisfy the PCI DSS.

Question 2) Can you write your own reports?

Intellitactics Answer: OF COURSE but you won’t need to.

REALITY: I highly doubt that Intellitactics has thought of every possible reporting scenario and I have spent a fair amount of time creating my own reports based off of vendor canned reports. Never say never.

Question 3) When you’re using Intellitactics SIEM Solutions will you be able to collect ALL LOGS from any device or data source?

Intellitactics Answer: YES YES YES!!

REALITY: From my C64? Really? How about my mainframe that logs to a screen, has no unique identifiers, and no native method to ship those logs off to your product? This smacks of marketing and don’t be fooled. Always verify that your products can log to the SIEM you’re looking at and if the vendor says your custom/obscure/dated application will log to their system – ask for a proof of concept with YOUR system.

Question 4) Can you do root cause analysis?

Intellitactics Answer: YES and you can do it graphically – in the case of Intellitactics SIEM solution – a picture really is worth a thousand lines of events.

REALITY: Pictures are great for 10,000 foot views but the answer is in the data. Use flashy graphics as a starting point but don’t believe that your SIEM is smarter than a trained analyst.

Question 5) How fast is Intellitactics SIEM solutions?

Intellitactics Answer: FAST ENOUGH – Consistently for effective and efficient log and event management.

REALITY: It may be “fast enough” for the vendors benchmark tests but that doesn’t mean that it’ll be fast enough for your needs. Always challenge your vendor on their figures.

Question 6) How many devices does Intellitactics support

Intellitactics Answer: ALL the ones that are important to you and then some.

REALITY: How could a vendor know which devices, applications, logs are important to me. What’s important now won’t necessarily be what’s important in 6 months and you mean to tell me that you’ll anticipate this requirement?

BOTTOM LINE: Always challenge your vendors and get what’s right for you folks. Don’t read into the marketing.