• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Stop focusing on acronyms. Start solving problems.

March 28, 2016 by Kyle Flaherty

IT acronyms

Copyright: 123rf/Duncan Andison

The following is a guest post by a 2016 Secure360 Twin Cities Gold Sponsor Rapid7.

If there is one thing we do well in security it’s the proliferation of acronyms. The current count on abbreviations.com for security terminology is 1,617 (makes you wonder whether Vegas would take a bet on that surpassing 2,000 by end of year). Perusing the acronyms feels like reading through the last few decades in the security industry. Some technologies took off, some didn’t, and a few are continuously evolving.

Another thing our industry loves to do is declare a technology ‘dead’, and then celebrate its demise by birthing a new acronym – think of it as a phoenix technology that rises from the ashes. The latest to undergo the death knell has been a longtime stalwart in the security acronym game, the SIEM. The debate is currently raging amongst vendors, customers, and industry analysts whether the era of SIEM is dead. Some say that User Behavior Analytics (UBA) is the final nail in the SIEM coffin, while others redefine the space by bolting on “next-gen”, or “2.0”, to make the acronym even longer.

What this nebulous noise misses is the fact that for those on the security front lines, they don’t care what the acronym is, they care about a solution that solves their problems. Instead of looking at what these acronyms “should cover”, the focus should be on solving the problems every security team faces daily.

Give us confidence in detection and remediation. That’s what we want!

Let’s consider the top problems companies face in their security programs today:

  • Overwhelmed by too much information and alerts.
  • Understaffed to cover all the needs of the organization.
  • Unclear that the actions taken are accurate and helpful.

Sound familiar? Let’s flip the script and be more positive – what would you want your security program to look like today?

  • Focused on the right information that generates prioritized alerts.
  • Solutions that amplify the staff you have and shows progress across the company.
  • Confidence that you are remediating threats quickly and completely.

That feels better. Of course, the true purpose of a SIEM was to achieve those aspirations, but the requirements were also conceived in a dreamy world. Heavy hardware deployments, professional services for initial deployment, and then full-time staff to watch, maintain, and run the system. And now; 62% of organizations receive more alerts daily from their SIEM than they can actually investigate. Many of us aren’t even confident in our ability to detect the number one attack vector behind breaches, compromised credentials. In order to achieve the above bullets, key functionalities must include analytics and search, familiar integrations from endpoint to cloud, and most importantly, a process that doesn’t require a mammoth of resources to keep the train moving.

Accessible Analytics

Analytics is always a tricky term because it brings up the dated ‘rules’ terminology… that manifests in a ton of work for your team and the need for dedicated data specialists. Fortunately, in 2016, we now can choose analytics solutions that don’t require a data degree in order to siphon through the mountains of network data and only alert on what you really care about.

Using accessible analytics, yes, often referred to as UBA, your team can correlate data from your entire ecosystem to detect internal & external threat actors. Correlating the millions of events on your network back to the users slashes threat validation and scoping times, meaning faster incident investigations.

Useful Search

As we understand that data is more and more useful in our lives, and analytics help to filter it into intelligence, we still have the immediate need to search, but do it in a way that we are accustomed to in everyday life. When we want to find a recipe for tonight’s dinner, we hit Google, find a result, watch a video, and download the ingredients. The same has to go for your ability to search through machine data. It should be immediately apparent what you are looking for during an incident investigation, while allowing you the ability to hunt for new threats or relieve compliance headaches.

CYA from Cloud to Endpoint

When considering analytics of any sort for incident investigation, it is important to consider how you will analyze events from both the endpoint and managed cloud environments. In our world of BYOD and IoT (there we go again!) it has become paramount to correlate behavior taken on cloud services with happenings occurring on individual endpoints. When you have that complete lifecycle of information in an investigation you have a full dossier that allows you to confidently remediate problems, faster and more completely.

This is only the foundation to an incident detection and response program, but the above harken back to our original desires from SIEM. Rather than declare a technology dead, or simply tack on a ‘next-gen’ marketing gimmick, we should focus on building these elements in the form and function we always wanted.

So regardless of the name you choose, let’s hope it solves the problems you and your team have today!

Filed Under: Guest Posts

About Kyle Flaherty

Kyle Flaherty, the Vice President of Solutions Marketing at Rapid7, is passionate about acronyms ranging from IDR to TEM, and can be engaged throughout the interwebs starting with Twitter and the Rapid7 website. 

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Bryghtpath LLC
    Bryghtpath LLC: Bryghtpath CEO @bryanstrawser presented last week at the @Secure360 Conference on "Navigating the Ransomware Challe… https://t.co/iXa3JeRKNN
    about 9 hours ago

  2. Scott Sutherland
    Scott Sutherland: For those who missed it, here's a video of the "Building Ransomware Detections" presentation I gave @Secure360 last… https://t.co/DkjNZnCfRw
    about 16 hours ago

  3. 🟣Tyler Cohen Wood
    🟣Tyler Cohen Wood: @HaroldSinnott @Secure360 Thank you, @HaroldSinnott!
    about 1 day ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.