Episode Summary

11:11 Systems Director of Cloud Market Intelligence Brian Knudtson is joined by guests Leon Adato, Amanda Berlin, and Steve Sims for a conversation about Log Management and SIEM technologies. For many organizations, SIEM is about moving forward with compliance or cyber insurance requirements and… not much else. However, when utilized properly, these deep tools provide SOC analysts with actionable insights and data to protect your business. Our panelists discuss the uses of SIEM, what a proper installation in the cloud will look like, and the material ways in which it benefits your security posture.

Panel

Amanda Berlin

LinkedInTwitter LinkWebsitePodcast

Steve Sims

LinkedIn

Leon Adato

LinkedInTwitter LinkWebsitePodcast

Cloud Conversations

Topic 1

[03:24] With technologies like security incident and event management (SIEM) designed to collect, collate and alert based on all these logs. Is there still room for human analysis?

Topic 2

[13:42] Given cloud customers don’t have access to many of the underlying systems in the cloud, can they expect to get a full picture of their infrastructure when trying to identify and track malicious behavior through their same infrastructure?

Topic 3

[23:04] Are there any advantages to using the SIEM that your cloud provider provides, which exists in many different cases, versus using one that’s hosted on premises, or that is hosted by a third party cloud provider?

Cloud Bites

[02:09] “I think that logs, in all their beautiful, many varied forms, are sort of the ultimate old school still rules options in tech, and I think we dismiss them or ignore them at our own peril.”  — Leon Adato 

[02:36] “Don’t accept the defeat of alert fatigue before you even get started. Log. Look at your logs. Use your logs to inform your decision making. And of course, use your logs to secure your environment.” — Steve Sims 

[06:00] “I find that any time SIEM comes up very shortly after that, you have to redefine what log monitoring is, because people say log monitoring and they means syslogger traps or they say log monitoring and they mean Windows event log” —Leon Adato

[10:17] “I think you have to have the human element in order to do that. and it’s not going to happen with just technology doing this for you. One of the metrics that I use for my team is how many incidents are actually escalated to a customer and how many are true positive” — Steve Sims

[16:37] “We need to understand what motivates businesses to pay attention to things and frame our needs in those ways.” — Leon Adato

[19:00] “There have been breaches because people aren’t able to send all of the logs that they need to detect something, which is really sad.” — Amanda Berlin

“Don’t accept the defeat of alert fatigue before you even get started. Log. Look at your logs. Use your logs to inform your decision making. And of course, use your logs to secure your environment.”

STEVE SIMS

Episode Asset

Managed SIEM

Information overload is real, but security shouldn’t suffer because of it.

Utilize a Managed SIEM system to identify threats from across the infrastructure through centralized logging, automation, and analysis.

By combining a powerful SIEM tool and years of human analysis and expertise, 11:11 Systems can help you with:

  • Log management
  • Real-time monitoring
  • Correlation and automation
  • 24x7x365 analysis and support
READ DATA SHEET