« Conference Season: Round Three - Interop | Main | Interop: Security by Compliance, Karaoke and Booth Babes »

05/15/2009

Webinar week: SIEM, DLP and Smackdowns

Show's what a great blogger I am (not!) when I forget to mention two events I was involved with this week. I mean, what's a blog all about if its not about shameless self promotion?

On Tuesday, I was part of an online panel on log management with Alert Logic, ArcSight and LogLogic.

For those who are interested - the recording is here (registration required)

My key takeaways? We've got to stop putting technology at the center of it all. We're a long way from the "analyst in a box" world that ArcSight's so fond of telling everyone about. Even if SIEM technology was as inherently smart as some would have you think, you'd have a job convincing people of that without some pretty strong proof points and examples.

I would never belittle the place of SIEM - I think it's vital to have as comprehensive a window as possible into what's going on in your security world. This "SIEM is dead" stuff spouted by log managment pure plays is just a reaction to the expectations that vendors have set about what SIEM should be designed to do. In fact, it became clear in the webinar that the distinction between SIEM And log management is becoming more blurred by the day.

What we need to remember, though, is that SIEM is at the nexus of a number of processes, around incident response, compliance management, and security strategy planning to name a few. It's about putting the right information in the right hands at the right time to make the right decision. If that decision is clear-cut and mundane enough to be automated, then so be it, but that's a bonus, not the main aim.

Also yesterday, I presented along with Derek Brink from the Aberdeen Group, as well my colleagues Katie Curtin-Mestre and Ron Kent on the integration of SIEM and DLP technologies. Again, the recording is available here (registration required)

Derek had some great stats and analysis on what leaders and laggards were doing with SIEM, and Ron Kent gave a super demo of RSA enVision and RSA DLP working together. I was just the marketing fluff monkey on this occasion.

Busy but fun week. See you all in Las Vegas next week.

Posted at 12:27 PM |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54ed24044883301156f94af53970c

Listed below are links to weblogs that reference Webinar week: SIEM, DLP and Smackdowns:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Subscribe to this blog's feed
My Photo
About Paul Stamp
Paul is SIEM Solutions Evangelist with RSA, the Security Division of EMC. Prior to joining EMC, he was an analyst with Forrester Research covering security technology.
During the day, he enjoys most chatting with customers about stuff they're doing around security.
Outside of work, Paul is currently contemplating resurrecting his social rugby career.

Disclaimer
The opinions expressed here are my personal opinions. Content published here is not read or approved in advance by EMC and does not necessarily reflect the views and opinions of EMC.

Twitter Updates

    follow me on Twitter

    About

    Categories