Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Why Traditional SIEMs Are Falling Short

Why Traditional SIEMs Are Falling Short

Modern-day cybersecurity threats require close monitoring and effective response. However, as data expands from on-premises to the cloud – or somewhere in between – new blind spots are emerging. Visit VerSprite.com/blog to learn more.

VerSprite, Inc

March 28, 2019
Tweet

More Decks by VerSprite, Inc

Other Decks in Technology

Transcript

  1. PASTA Threat Model 1 2 Absent Threat Models Impact SIEM

    Effectiveness Security Operation Centers do not leverage threat models to contextualize SIEM alerts Signature based alerts may extend focus to triaging more false positives or extraneous alerts
  2. Data Overload Fatigues Detection 1 2 SIEMs often represent an

    endless, list of alerts which may correlate to likely threats for the organization. Correlation capabilities are still primitive & devoid of threat | impact | target context
  3. 1 2 Broken Event Correlations Overly simple correlation rules from

    SIEM products SIEM products can ‘box’ analysts to only considering events correlated at a more generic level.
  4. Poor Integrity of Threat Intel 1 2 Rise of ‘fake’

    intel tainting SIEM events Gap exists between threat related information & observed attack patterns
  5. 1 2 3 Understanding Emerging Threats for Improved SIEMs Gaps

    exist between threat related information & observed attack patterns Conceptualizing threat patterns to attack patterns to targets helps configure SIEMs for focused security operations Threat models help greatly to contextualize & interlink threat information to emerging attack patterns.
  6. @t0nyuv LinkedIn.com/tonyuv Tony UcedaVélez CEO & Founder, VerSprite VerSprite.com -

    Global Security Firm • OWASP Atlanta Chapter Leader (past 10 years) • Author, “Risk Centric Threat Modeling – Process for Attack Simulation & Threat Analysis,” Wiley June 2015 • Passionate global, threat modeling evangelist • Dreams of bankrupting #infosec with intelligent, threat inspired DevSecOps automation