Digital Edition

SYS-CON.TV
Conclusion: Why Rule-Based Log Correlation Is Almost a Good Idea...
How can you improve your static rule-based correlation solution?

During these past few weeks, we have looked at several reasons why a static rule based correlation is not the "SOC in a Box", end-all be all that many thought it was.

Indeed what to think about a "solution" that:

  • Can only address a very limited set of attack scenarios
  • Requires meticulous consideration on how to map out the few selected attack scenarios
  • Doesn't guarantee you to catch attacks in progress even when one of the few selected scenario is taking place
  • Obliges you to think of minute details to slightly reduce false positives
  • Yields hundreds and thousands of basic correlation rules that need to be programmed, tuned, managed, kept up to date and constantly revisited
  • Needs massive computing power and memory resources to run
  • Cannot manage all of your logs or IT Data, otherwise the engine blows up in smoke

Don't ask your static rule-based correlation tool to be the universal solution to your security problems.

The Solution
The solution is to understand the problems of static rule-based correlation, understand when this technology is useful, and understand what to do to mitigate the issues. In the next installment we'll look at pragmatic steps to get the most out of it.

  • Reduce the number of scenarios
  • Don't go for too many correlation rules
  • "Peter and the Wolf" - Validate the false positives
  • Get yourself the best Forensics tool you can afford
  • Ask Yourself if you really can afford an in-house Real-Time Incident Management

More details on each of these next time...

About Gorka Sadowski
Gorka is a natural born entrepreneur with a deep understanding of Technology, IT Security and how these create value in the Marketplace. He is today offering innovative European startups the opportunity to benefit from the Silicon Valley ecosystem accelerators. Gorka spent the last 20 years initiating, building and growing businesses that provide technology solutions to the Industry. From General Manager Spain, Italy and Portugal for LogLogic, defining Next Generation Log Management and Security Forensics, to Director Unisys France, bringing Cloud Security service offerings to the market, from Director of Emerging Technologies at NetScreen, defining Next Generation Firewall, to Director of Performance Engineering at INS, removing WAN and Internet bottlenecks, Gorka has always been involved in innovative Technology and IT Security solutions, creating successful Business Units within established Groups and helping launch breakthrough startups such as KOLA Kids OnLine America, a social network for safe computing for children, SourceFire, a leading network security solution provider, or Ibixis, a boutique European business accelerator.



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

The explosion of new web/cloud/IoT-based applications and the data they generate are transforming ou...
CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't com...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, wi...
The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO ...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
If your cloud deployment is on AWS with predictable workloads, Reserved Instances (RIs) can provide ...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
We build IoT infrastructure products - when you have to integrate different devices, different syste...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...