Enterprise Security News
"Cyber Deception" comes to Defcon and IoT, Cisco makes a push for Voice over WiFi, Sumo Logic monitors your Lambdas, and identity management integrates with SEIM? All that and more so stay tuned!"
- http://marketcheetah.com/2016/05/25/apteligent-receives-splunk-certification/ - Not really security, but monitoring for Mobile App crashes. Could this be an indication of a mobile compromise? Maybe, but more likely a crappy App, and we all know there are tons of those!
- http://www.1888pressrelease.com/topspin-security-was-selected-to-participate-at-defcon-confe-pr-590195.html - Another "Cyber Deception" company touts the ability to catch attackers. They were selected to speak at Defcon, could be interesting.
- http://www.finanznachrichten.de/nachrichten-2016-05/37482342-attivo-networks-provides-first-deception-based-threat-detection-platform-for-internet-of-things-iot-detection-platform-addresses-gaps-in-iot-secur-256.htm - They wrote this: Attivo Networks Provides First Deception-Based Threat Detection Platform for Internet of Things (IoT) / Detection Platform Addresses Gaps in IoT Security With Real-Time Threat Detection and Attack Forensics for Accelerated Incident Response They meant: "An IoT honeypot". Which is cool, and perhaps a really good application for honeypots as smaller and more tightly controlled devices allow for afinely tuned honeypot.
- http://www.cyberark.com/blog/integrate-cyberark-siem-solution-gain-valuable-insights-advanced-threats/ - Track credential use in your identity management system, and report anomalies to your SEIM. Not a bad idea for an integration. However, I'd really like to see this baked in. If identity management products can track this, can they be configured to detect and prevent this? If they could, would pen testing be harder?
- http://marketcheetah.com/2016/05/23/ping-identity-named-overall-leader-in-leading-analyst-report-on-access-management-and-federation/ - more players in the identity management space, this time Ping.
- http://www.rcrwireless.com/20160523/network-infrastructure/lte/cisco-push-voice-wi-fi-enterprise - Yikes, I remember when this was next to impossible, but as WiFi evolves, well why not use it for Voice? Here we see Wi-Fi Calling has some benefits over the alternative licensed propositions, in terms of being able to serve all the users, all the visitors to a particular venue, irrespective of their affiliated carrier. So lets just send everyone's voice over Wifi, there will be no snooping by attackers at all, right? However, this will be attractive to large enterprises for the cost savings. Why spend money on a phone system, cables and handsets anymore? Just let everyone use their phone. Making mobile security even more important.
- http://www.marketwired.com/press-release/sumo-logic-enables-devops-with-deep-data-insights-into-aws-lambda-2128187.htm - FYI, AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. and Sumo Logic now can monitor these applications. This is one more reason to move to the cloud, security products are starting to catch up! Move to the cloud I say!
SEIM is a fancy term, but what does it mean? Sure there are magic quadrants, but SEIM really is a bad term. What are your goals? Collect all the logs? Detect "stuff"? What are you trying to detect? Is SEIM just log management? What about Security Intelligence? Is that SEIM too?
Lastly, I just want to thank SEIM, for not providing enough security. So many people have a SEIM, but are in the market for other products that actually detect attacks!