SIEM Use Cases and Process Maturity – The Plays to Run

From: McAfee

This was started by some good conversations around how a company does all the things a SIEM does.  Thanks to those who participated.

I like to think of all the use cases that a SIEM performs as standing in four groups:

  1. Log Management – get the events generated on your network flowing through SIEM and keep that pipeline operating smoothly
  2. Threat and Risk Correlation – add intelligence to the event flow by attaching context or combining simple events into more complex ones
  3. Incident Response – now that you know something is happening, you have to do something about it


Bionym: Software that gets to the heart of computer security


by Dominic Ali

Passwords are the bane of 21st century life. But Bionym, a Toronto-based tech start-up, promises to change that.

Founded by recent University of Toronto graduates Foteini Agrafioti and Karl Martin, the company develops biometric software. Its latest project may change the way we secure our digital information in the near-future.

The secret is a heartbeat away. Literally.

“HeartID is currently the only commercially available biometric authentication solution that uses the cardiac signal,” says Agrafioti.


DHS issues $6B RFQ for continuous monitoring tools, services

From:  1500AM

By Jason Miller

The Homeland Security Department is expecting agencies to spend billions on continuous diagnostic and mitigation tools and continuous monitoring-as-a-service over the next five years.

DHS, working with the General Services Administration, issued a final request for quote for a blanket purchase agreement (BPA) for 15 tools and for 11 task areas to improve agency cybersecurity. Federal News Radio obtained a copy of the RFQ.

DHS expects the BPA to be worth $6 billion over the life of the contract, which has a one-year base and four one-year options.


A Guide To Practical Database Monitoring

From: Dark Reading

A look at what database activity monitoring can and can’t do, and some recommendations on how to implement the best system for your organization

By Adrian Lane

Database activity monitoring, a form of application monitoring, examines how applications use data and database resources to fulfill user requests. DAM captures and records database events — which, at minimum, includes all SQL activity — in real time or near real time.

DAM is focused on the database layer, which allows for a contextual understanding of transactions, or how multiple database operations constitute a specific business function.


ICAM Still Faces Bumpy Road For Government Smart Card Rollout

From: AOL Government

By Henry Kenyon

What seemed like a simple objective, to develop and issue a standardized, electronically-verifiable identification card for civilian agency personnel, continues to encounter a barrage of technical and cultural challenges at a time when identification has become a critical component in the government’s efforts to embrace mobile and remote computing.

Despite the government’s aggressive push under the Identity, Credential and Access Management (ICAM) plan, only three departments are above minimum fielding levels and using the civilian personal identity verification (PIV) cards, said Paul Grant, director for cybersecurity policy in the Office of the DOD Chief Information Officer. And it remains unclear when the cards will be universally fielded across the civilian government.


Security Intelligence Can Help Enterprises Improve Risk Management and Incident Detection/Response

From: NetworkWorld

ESG Research reveals best practices. Security Intelligence driving big data security analytics

Jon Oltsik

According to ESG Research, 65% use external threat intelligence (i.e. open source or commercial threat information) as part of their overall security analytics activities. This is yet another factor driving the intersection of big data and security analytics. Of those enterprises that consume commercial threat intelligence, 29% say that it is “highly effective” in helping their organization address risk while another 66% say that commercial intelligence is “somewhat effective” in helping their organization address risk.


Walking the talk: FISMA’s continuous monitoring requirement

From: Government Security News

By: Sanjay Castelino

The Federal Information Security Management Act, often called FISMA, was once looked at as purely a “box checking” procedure. The infamous “report cards” were often inaccurate, and rewarded agencies that could best play the paperwork game, rather than actually implement effective security.

This is no longer the case, as FISMA now emphasizes proactivity in security, rather than simply reacting to breaches as they occur.


Will the Feds Change How They Handle Cybersecurity in 2013?

From: GovTech/Public CIO

By Hilton Collins

Between now and early 2013, the Department of Homeland Security is expected to release an RFP for continuous monitoring, a function for detecting network compliance and risk vulnerabilities — which means the feds are working toward a huge shift in how they secure their networks next year.

George Schu, senior vice president at Booz Allen Hamilton, which consults federal agencies on technology decisions and often is instrumental to computing decisions at America’s highest level of leadership, says the company will bid on this RFP. And ultimately, Schu said he expects the DHS and the General Services Administration to spread this monitoring process throughout D.C. next year. He told Government Technology this week that the deal, if successful, could lay the foundation for additional operational changes in federal agencies.


Businesses increasingly under threat says new research

Editor’s Note:  The report, “Empty battlements – enemy inside the gates: Why IT managers need to make time for SIEM is attached here.

From: IT Security Pro

A study carried out by SecureData says that businesses are increasingly coming under threat of attack from both inside their organisation and outside.

The independent IT security service provider – which estimates that UK businesses alone lose £21bn a year to cybercrime – says the research sought to identify how businesses are struggling to manage their Security Information and Event Management (SIEM) systems, leaving them vulnerable to security attacks, data breaches, and compliance issues.


Lack Of Risk Management Integration Hinders Security Improvements

From: AOL Government

By Wyatt Kash

Management and program silos within agencies that so often stymie efforts to integrate information technology and security practices are also hindering efforts to institute smarter risk management strategies at agencies, according to senior government security officials.

Risk is still being managed at most agencies in a stovepipe manner,” said Department of Energy Chief Information Officer
Bob Brese during a Government Technology Research Alliance conference on government security trends on Monday.