Active Directory is a popular technology used in many organizations to handle their user management, authentication and authorization. The fact that it’s so dominant and so central to the IT infrastructure makes it a key component for security monitoring. It’s also a popular target for malicious… Read More »Practical Guide For SIEM And Active Directory
SIEM: Security Information and Event Management
This category contains articles related to security information trends and tips, as well as event management best practices and guidelines.
How does a SIEM project usually go? You purchase a license (through an RFP process or not), the integrator comes, gathers information about your environment, two weeks later they come to set up the configuration and then you start seeing beautifully ingested logs from all… Read More »Failed SIEM Projects And How To Avoid Them
Google Cloud Platform and Security Monitoring Google Cloud Platform (GCP) is attracting a lot of companies, large and small, with its stability and many built-in services. But aggregated security monitoring has to be done via an external service. However, log aggregation for security purposes… Read More »SIEM for Google Cloud Platform
Cyber-attacks are becoming increasingly commonplace and dangerous with both the chance and cost of a data breach constantly growing – over 36 billion records were exposed only in the first half of 2020 and the average total cost of a breach was almost $4 million.… Read More »Free Ebook: The Benefits of SIEM
Security information and event management (SIEM) has been “reserved” for large enterprises for a long time and therefore vendors largely ignored smaller customers. “Smaller customers” are medium enterprises and mid-market companies, according to various definitions and brackets, and they range from a hundred to more… Read More »Why Mid-Market Companies and SMEs Benefit From SIEM
LogSentinel’s vision is to provide a security monitoring solution to any organization that needs it and thus reduce their risk of security breaches. That vision requires many innovations and here we’re sharing our high-level roadmap for the next 2 years. Each part of LogSentinel SIEM… Read More »LogSentinel SIEM Roadmap: From SIEM to a 360-Degree Security Monitoring Platform
Many people, when reviewing their security strategy, ask the question “is SIEM suitable for my organization”, or simply “is SIEM right for me?” And for a long time, the answer was “no unless you are a large multinational”. The price, the complexity and the hard-to-get… Read More »Is SIEM Suitable For My Organization?
We have built our LogSentinel SIEM around some core principles and we’d like to share and explain them. Every organization can get value from SIEM SIEM is considered expensive and complicated and generally not fit for smaller organizations (and “smaller” can mean anything from a… Read More »The Three Pillars of SIEM
Top Reasons Why SIEMs Are Considered Expensive SIEM (Security Information and Event Management) systems have a reputation for being expensive. And that’s generally correct – they can cost hundreds of thousands per year or have huge upfront costs. But why is that? There are several… Read More »Why Are SIEMs Expensive?
What is Alert Fatigue? Alert fatigue is a well-known phenomenon with security products – the security team gets a lot of alerts (from the SIEM, for example), it tries to triage and act upon all of them, but at some point, they are so many… Read More »Alert Fatigue And Automation Fatigue
The number of cyberattacks has increased five-fold after COVID-19, as the pandemic brought new opportunities to cybercriminals. At this rate, cybersecurity threats are estimated to cost the world US $6 trillion a year by 2021. Since remote working became “the new normal”, it also became… Read More »Free Ebook: SIEM for Work From Home Security
What is a SIEM? SIEM stands for Security information and event management. This technology has existed since the late 1990s. Traditional SIEM has been joined by a broad use log management technology that focuses on collecting various types of logs and events for different purposes,… Read More »SIEM: What Is SIEM, How It Works, and Useful Resources
Security Information and Event Management systems are considered a “must-have” in many industries. They are effectively a horizontal security tool that improves security posture and improves visibility regardless of the domain specifics. Or at least it seems so at first. The reality is somewhere in… Read More »Three Industry-Specific Aspects of SIEM
LogSentinel was founded several years ago with the vision of improving security for everyone and an initial goal of protecting audit log integrity. Initially, we implemented and scaled state-of-the-art research to guarantee the integrity of logs – through hash chains, merkle trees, timestamps and, ultimately,… Read More »Evolving to SIEM
You have probably seen many other SIEM buyer’s guides and realized that they are focused on large multinationals and Fortune 500 companies and you find them hard to relate to. However, the SIEM products are no longer targeted just at large corporations (despite the fact… Read More »SIEM Buyer’s Guide for SMEs
Security Information and Event Management (SIEM) systems are crucial for every organization as they are able to detect malicious acts and even to prevent them. By converting simple audit logs into a very detailed behavior analysis, SIEMs can help in achieving full data protection and… Read More »Free Webinar: SIEM – Benefits and Pitfalls
Log Integrity Capabilities of SIEMs Log integrity and non-repudiation are key properties of audit logs. As SIEMs are usually the way to collect audit logs (among many other things) in large organizations, we have to make sure they give us those properties. We have discussed previously that it’s not… Read More »Log Integrity: How SIEMs Address the Issue and Is It Enough?
Logs are ubiquitous in IT – they are semi-structured pieces of information about the behavior of a system and its users. Many standards, regulations and best practices assume and require the existence of logs. Consequently, many systems collect those logs and make use of them for… Read More »Log Collectors Landscape: SIEM, Log Collectors, UEBA, and Audit Trail
You are likely using a log collector – Graylog, Splunk, Loggly, logstash, logz.io, scylar, CloudWatch logs, etc. And log collectors are absolutely mandatory for any deployment of more than one machine (though they are very useful even in that case). They collect all your logs… Read More »How LogSentinel SIEM Complements Log Collectors