clear

Subscribe

Archives

2018
Jan Apr May Jul Aug

2017
Jan Feb Mar Apr May Jul Aug Sep Oct Nov Dec

2016
Sep Oct Nov Dec

2014
Apr

2013
Feb Jun Jul

2012
Jan Feb Aug Oct

2011
Jan Feb Mar Jun Jul Sep Oct Dec

2009
Mar Apr

clear
Friday, 24 March 2017
SIEM VENDORS HAVE IT ALL BACKWARDS
Share
clear

On my way into the office this morning, I listened to a podcast interview of a well-known SIEM vendor.  I got more and more frustrated at the wheel, but did make it to the office without incident.  The focus of this conversation was the plethora of log sources that this vendor could ingest—system, network, endpoint—and the machine learning used to analyze the data.

This is backwards.  Good security designs need to start with the CUSTOMER.  Yes, the customer.  Who are the specific people that want information and what exactly do they want to see?  Users could be audit, security operations, CISO, security analysts, developer, etc.  Any other log files collected are irrelevant.  

This approach is just lean thinking applied to security.  Lean itself has been discussed in many books;  I discussed it in the context of security here.  The first lean principle is “voice of the customer”.  SIEM tool design needs to run backwards, starting with the user interface, not the sources of data.  Another lean principle is “systems thinking”, in other words how does the product or tool under discussion fit into the larger needs of protecting information.    Virtually every security product discussion I am part of focuses only on that product’s small part of the assurance puzzle.  I think CISO’s are getting tired of this and I hope vendors will take notice.

Tags:
clear
Posted on 03/24/2017 11:43 AM by Fred Scholl
Comments
No comments yet.