Talk to an expert

Tag: Security Information and Event Management (SIEM)

8 Open Source SIEM Tools You Should Know

8 Open Source SIEM Tools You Should Know

Security Information and Event Management (SIEM) platforms are no longer limited to large enterprises. While proprietary platforms have much to offer small and mid-sized organizations, many security leaders are attracted to the lower licensing costs offered by open source SIEMs.  These options don't always share the same features as proprietary alternatives, but they can present […]
Why a Co-Managed SIEM?

Why a Co-Managed SIEM?

In simpler times, security technology approaches were clearly defined and primarily based on prevention with things like firewalls, anti-virus, web, and email gateways. There were relatively few available technology segments and a relatively clear distinction between buying security technology purchases and outsourcing engagements.
Work Smarter – Not Harder; honeynet

Work Smarter – Not Harder

Log collection, SIEM and security monitoring are the journey not the destination.  Unfortunately, the destination is often a false positive.  This is because we’ve gotten very good at collecting logs and other information from production systems, then filtering that data and presenting it on a dashboard.
SIEM and Return on Security Investment (RoSI)

SIEM and Return on Security Investment (RoSI)

The traditional method for calculating standard Return on Investment (RoI) is that it equals the gain minus the cost, divided by the cost. The higher the resulting value, the greater the RoI. The difficulty in calculating a return on security investment (RoSI), however, is that security tends not to increase profits (gain), but to decrease loss – meaning that the amount of loss avoided rather than the amount of gain achieved is the important element.

On-demand Exabeam Expertise Unlocks SIEM Value for AECOM

Lumifi helps organizations solve complex SIEM deployment problems and maximize the value Our Customer: AECOM is a publicly traded critical infrastructure consultancy and Fortune 200 member with 50,000 employees located around the globe. As one of the largest companies in the United States, AECOM plays a major role in building skyscrapers, mass transit terminals, concert […]

Transparent Talent Gap Management Made Simple with MDR for BankPlus

Delve into Lumifi Cyber's compelling case study in the manufacturing industry, uncovering how their expertise fortified security measures. Witness how advanced solutions, tailored to the sector's unique needs, revolutionized cybersecurity. Visit the link to explore the full success story. Delve into Lumifi Cyber's compelling case study in the manufacturing industry, uncovering how their expertise fortified security measures. Witness how advanced solutions, tailored to the sector's unique needs, revolutionized cybersecurity. Visit the link to explore the full success story.

How MXDR Pro Enables Scalable Security Growth for Vensure HR

Delve into Lumifi Cyber's compelling case study in the manufacturing industry, uncovering how their expertise fortified security measures. Witness how advanced solutions, tailored to the sector's unique needs, revolutionized cybersecurity. Visit the link to explore the full success story. Delve into Lumifi Cyber's compelling case study in the manufacturing industry, uncovering how their expertise fortified security measures. Witness how advanced solutions, tailored to the sector's unique needs, revolutionized cybersecurity. Visit the link to explore the full success story.
7 Questions Answered About Windows 7 End-of-Support

7 Questions Answered About Windows 7 End-of-Support

Is your organization still using Windows 7? Microsoft support is coming to a close in a few short months. If you think end-of-support for legacy systems doesn't impact your organization, think again.
Top 6 uses for SIEM

Top 6 uses for SIEM

Security Information and Event Management (SIEM) is a term coined by Gartner in 2005 to describe technology used to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response

Mitigate Software Supply Chain Attacks with SIEM and EDR

Mitigate Software Supply Chain Attacks with SIEM and EDR

At Black Hat 2019, Eric Doerr, GM of the Microsoft Security Response Center, reminded attendees of the interconnectedness of enterprise software supply chains and of their vulnerability to attack. Eric highlighted how supply chain compromises come in many guises
Three key advantages for SIEM-As-A-Service

Three key advantages for SIEM-As-A-Service

Security Information and Event Management (SIEM) technology is an essential component in a modern defense-in-depth strategy for IT Security. SIEM is described as such in every Best Practice recommendation from industry groups and security pundits. The absence of SIEM is repeatedly noted in Verizon Enterprise Data Breach Investigations Report as a factor in late discovery of breaches.
What good is Threat Intelligence integration in a SIEM?

What good is Threat Intelligence integration in a SIEM?

Bad actors/actions are more and more prevalent on the Internet. Who are they? What are they up to? Are they prowling in your network? The first two questions are answered by Threat Intelligence (TI), the last one can be provided by a SIEM that integrates TI into its functionality.
SIEM, UEBA, SOAR and Your Cybersecurity Arsenal

SIEM, UEBA, SOAR and Your Cybersecurity Arsenal

The evolution of Security Information and Event Management (SIEM) solutions has made a few key shifts over time. It started as simply collecting and storing logs, then morphed into correlating information with rules and alerting a team when something suspicious was happening.
SIEM and Return on Investment: Four Pillars for Success

SIEM and Return on Investment: Four Pillars for Success

Return on investment (ROI) - it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately yield more than the initial investment outlay. But is the investment justified?
How do you determine IT security risk?

How do you determine IT security risk?

How much security is enough? That’s a hard question to answer. You could spend $1 or $1M on security and still ask the same question. It’s a trick question; there is no correct answer.
How many people does it take to run a SIEM?

How many people does it take to run a SIEM?

You must have a heard light bulb jokes, for example: How many optimists does it take to screw in a light bulb? None, they’re convinced that the power will come back on soon.
Top 3 traits of a successful Security Operations Center

Top 3 traits of a successful Security Operations Center

Traditional areas of risk — financial risk, operational risk, geopolitical risk, risk of natural disasters — have been part of organizations’ risk management for a long time. Recently, information security has bubbled to the top, and now companies are starting to put weight behind IT security and Security Operations Centers (SOC).
SIEM: Sprint or Marathon?

SIEM: Sprint or Marathon?

Winning a marathon requires dedication and preparation. Over long periods of time. A sprint requires intense energy but for a short period of time. While some tasks in IT Security are closer to a sprint (e.g., configuring a firewall), many, like deploying and using a Security Information and Event Management (SIEM) solution, are closer to a marathon.
Top 5 SIEM complaints

Top 5 SIEM complaints

Here’s our list of the Top 5 SIEM complaints:1) We bought a security information and event management (SIEM) system, but it’s too complicated and time-consuming, so we’re:
The 5 stages of SIEM Implementation

The 5 stages of SIEM Implementation

Are you familiar with the Kübler-Ross 5 Stages of Grief model? SIEM implementation (and indeed most enterprise software installations) bear a striking resemblance.
Cybersecurity is an Investment, Not a Cost Center

Cybersecurity is an Investment, Not a Cost Center

The cybersecurity threat landscape is in constant motion – ever evolving. According to Kaspersky Labs, 323,000 new malware strains are discovered daily! Clearly, this rate of increased risk to a company’s assets and business continuity warrants a smart investment in cybersecurity.
Maximize your SIEM ROI

Maximize your SIEM ROI

Far too many SIEM implementations are considered to be catastrophes. Having implemented hundreds of such projects, here are the three parts of a SIEM implementation which if followed will in fact minimize the drama but maximize the ROI.
3-Minute Breakdown of Cybersecurity’s Biggest Buzzwords

3-Minute Breakdown of Cybersecurity’s Biggest Buzzwords

The cybersecurity market is loaded with ambiguous buzzwords and competing acronyms that make it very difficult to clearly distinguish one infosecurity capability from another. If your efforts to understand what cybersecurity components you need to focus on have left you frustrated, you're not alone. Let’s cut to the chase and separate fact from fiction regarding cybersecurity’s biggest buzzwords.
Research points to SIEM-as-a-Service

Research points to SIEM-as-a-Service

SC Magazine released the results of a research survey focused on the rising acceptance of SIEM-as-a-Service for the small and medium sized enterprise. The survey found that SMEs and companies with $1 billion or more in revenue or 5,000-plus employees faced similar challenges.
Cost-Effective Log Management: What Log Data Does Your SIEM Need?

Cost-Effective Log Management: What Log Data Does Your SIEM Need?

Optimize your SIEM implementation by avoiding redundant analysis and focusing on the highest-value log data first.  Deciding which logs to analyze is an important step in the process of SIEM implementation. Every organization must answer this question based on its own network infrastructure, security posture, and risk profile. 
SIEM: Security, Incident AND Event MANAGEMENT, not Monitoring!

SIEM: Security, Incident AND Event MANAGEMENT, not Monitoring!

Unfortunately, IT is not perfect; nothing in our world can be. Compounding the inevitable failures and weaknesses in any system designed by fallible beings, are those with malicious or larcenous intent that search for exploitable system weaknesses.
Security Subsistence SyndromeSecurity Subsistence Syndrome

Security Subsistence Syndrome

Security Subsistence Syndrome (SSS) is defined as a mindset in an organization that believes it has no security choices and is underfunded, so it minimally spends to meet perceived statutory and regulatory requirements.

Compromised Credential Attacks Are Top Cause of Data Breaches

Compromised Credential Attacks Are Top Cause of Data Breaches

The use of stolen or compromised credentials remains the most common cause of a data breach. It was responsible for 19% of breaches studied by IBM in 2022. The reason? These attacks are relatively easy to plan and execute.
SIEMpocalypse?

SIEMpocalypse?

Did you know that Microsoft is a security vendor? No, it’s true. For years, the company was hammered by negative public perception and the butt of jokes around the 2002 "trustworthy computing" memo. The company has steadily invested in developing a security mindset and the product results are now more visible to the public.
Idea to retire: Do more with less

Idea to retire: Do more with less

Ideas to Retire is a TechTank series of blog posts that identify outdated practices in public sector IT management and suggest new ideas for improved outcomes. Dr. John Leslie King is W.W. Bishop Professor in the School of Information at the University of Michigan.
Five Takeaways from the 2019 SIEM Study

Five Takeaways from the 2019 SIEM Study

We recently released the findings of the Security Information and Event Management (SIEM) study conducted by Cybersecurity Insights. The study surveyed over 345 IT and Security executives and practitioners, with 45% of them small and mid-sized firms with 999 or fewer employees and the balance comprised of enterprise organizations with 1,000 or more employees.
Is the ELK Stack a SIEM?

Is the ELK Stack a SIEM?

The ELK (Elasticsearch, Logstash, Kibana) stack is a popular open source log analysis and management platform. The collection, processing, normalization, enhancement, and storage of log data from various sources are grouped under the term “log management.”
Cybercrime Doesn't Take a Holiday

Cybercrime Doesn't Take a Holiday

The holidays are a busy time for most business owners as they ramp up to serve consumers excited to find holiday specials, or even as they prepare for time away from their businesses to spend time with friends and family. Hackers know that you are distracted from your core duties and normal routine and will look for vulnerabilities in your systems.
Top three reasons SIEM solutions fail

Top three reasons SIEM solutions fail

We have been implementing Security Information and Event Management (SIEM) solutions for more than 10 years. We serve hundreds of active SIEM users and implementations. We have had many awesome, celebratory, cork-popping successes. Unfortunately, we’ve also had our share of sad, tearful, profanity-filled failures.
Subtraction, Multiplication, Division and Task Unification through SIEM and Log Management

Subtraction, Multiplication, Division and Task Unification through SIEM and Log Management

When we originally conceived the idea of SIEM and log management solution for IT managers many years ago, it was because of the problems they faced dealing with high volumes of cryptic audit logs from multiple sources. Searching, categorizing/analyzing, performing forensics and remediation for system security and operational challenges evidenced in disparate audit logs were time consuming, tedious, inconsistent and unrewarding tasks.  We wanted to provide technology that would make problem detection, understanding and therefore remediation, faster and easier

Death by a Thousand cuts

Death by a Thousand cuts

You may recall that back in 2012, then Secretary of Defense Leon Panetta warned of “a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life.” This hasn’t quite come to pass has it? Is it dumb luck? Or are we just waiting for it to happen?
Dirty truths your SIEM vendor won’t tell you

Dirty truths your SIEM vendor won’t tell you

Analytics is an essential component of a modern SIEM solution. The ability to crunch large volumes of log and security data in order to extract meaningful insight can lead to improvements in security posture. Vendors love to tell you all about features and how their particular product is so much better than the competition.
Enriching Event Log Monitoring by Correlating Non Event Security Information

Enriching Event Log Monitoring by Correlating Non Event Security Information

Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event security information that your SIEM should be ingesting and correlating with security events more than ever before. There’s at least 4 categories of security information that you can leverage in your SIEM to provide better analysis of security events
Coordinated Ransomware Attacks Hit Resource-Constrained Municipalities

Coordinated Ransomware Attacks Hit Resource-Constrained Municipalities

A financially motivated ransomware gang hit 23 local governments in Texas in a coordinated attack. Ransomware is a type of malicious software, often delivered via email or drive-by web downloads, that locks up an organization’s systems until a ransom is paid or files are recovered by other means such as backup restoration.
Expanding Work-from-Home Increases Cybersecurity Risk

Expanding Work-from-Home Increases Cybersecurity Risk

Maintaining strong cybersecurity is crucial as organizations make impromptu decisions to send more and more employees to work from home to help minimize the spread and impact of COVID-19. Before you expand and extend your remote workforce, it’s critical that you take appropriate steps to ensure that by decreasing a health risk to your business, those same actions don’t conversely increase a cybersecurity risk.
When a SIEM is Like an Exercise Machine Stuck Behind the Junk in Your Garage

When a SIEM is Like an Exercise Machine Stuck Behind the Junk in Your Garage

I’m a big believer in security analytics and detective controls in general.  At least sometimes, bad guys are going to evade your preventive controls, and you need the critical defense-in-depth layers that detective controls provide through monitoring logs and all the other information a modern SIEM consumes.
What Is Managed Detection and Response and Why Do You Need It?

What Is Managed Detection and Response and Why Do You Need It?

The security of data and systems is one of the most important concerns in today' business world. If your data is at risk or compromised, it can cripple your operations along with the trust others have in your business.
5 Do's and Don'ts to Qualify Your Next MDR deployment

5 Do's and Don'ts to Qualify Your Next MDR

(Updated April 2022) The success of your managed detection and response deployment hinges on asking the right questions.  Managed detection and response is a valuable element of your enterprise' security posture. With the right technologies in the hands of competent, highly trained analysts, you can significantly reduce security risks while paying a fraction of what […]
SolarWinds-vs.-Splunk_Comparing-Two-Leading-SIEM-Solutions

SolarWinds vs. Splunk: Comparing Two Leading SIEM Solutions

SolarWinds Log Event Manager and Splunk Enterprise Security are two of the top security information and event management tools. Both SIEM solutions differ but offer high-performing features that simplify threat detection and response within expansive networks. Here, we look at key differentiators between both options. To effectively compare both options, the following criteria were chosen […]
5-Questions-to-Ask-an-MSSP

5 Questions to Ask an MSSP

An organization’s choice to seek a managed security services provider (MSSP) to guard over its IT infrastructure is usually based on three major reasons. According to Gartner’s 2020 Market Guide for Managed Detection and Response Services, they are: To simplify the decision-making process while ensuring the final choice leads to a long-lasting business relationship, here […]
Top 5 Takeaways for NIST 800-53 Rev 5

Top 5 Takeaways for NIST 800-53 Rev 5

Recapping a highlight from Cybersecurity Awareness Month, the National Institute of Standards and Technology (NIST) has released an update to its master IT security guidance document, Special Publication 800-53. This update, "Rev 5," is the first major change to SP 800-53 in seven years, and a lot has changed in cybersecurity since 2013. The new […]
Google Chronicle ;google_chronicle_splunk

Google Chronicle vs Splunk

Alphabet’s announcement concerning the inclusion of big-data security into Chronicle led to a 5% drop in the value of Spunk’s shares and sparked a debate on which security information and event management (SIEM) tool supplies better options. As with many comparisons, a definite answer on which SIEM tool is best is one that comes with […]
SentinelOne_Security_Integrations

SentinelOne: Security Integrations

SentinelOne is known for its AI-driven endpoint security protection platform (EPP). The lightweight agent integrates with leading security tools and platforms. Their team regularly announces partnerships and development with best-in-breed tools. API-First Approach SentinelOne was created with an API-first approach, made to interface seamlessly with leading security tools. Their current automation integrations include SonicWall, Fortinet, […]
Leveraging the Power of Exabeam

Leveraging the Power of Exabeam

Organizations of all sizes are dealing with more data than ever before, and as Castra learns about increasingly complex attack vectors, it is worth noting that traditional SIEM may no longer fit the purpose of the modern security program.
Improving Visibility and Preventing a Miss - Part 1: Mandatory PowerShell Logging

Improving Visibility and Preventing a Miss - Part 1: Mandatory PowerShell Logging

One of the greatest risks for a SIEM or SOAR platform is missing that one event that helps with accurate detection. In general, misses can occur for several reasons, although in our experience, misses mostly stem from incorrect/empty PowerShell logs or merely a lack of logging required for advanced detection.
The True Cost of Information Security

The True Cost of Information Security

In-House vs. Outsourced SIEM Management: Discover the True Cost of IT Security (Updated November 2022) Your SIEM management needs will grow over time. Can your information security team follow suit? Security information event management is one of the pillars of effective information security. Capturing and investigating event logs lets security operators detect and respond to […]

🚨 New Webinar Alert! 🚨

Q2: SOC Quarterly Threat Briefing

🗓️ Date: July 24th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram