Knowing what is going on so you can figure out what to do is one of the biggest challenges facing the enterprise today. Without situational awareness, investigations would require looking into a number of systems and collating incomplete information to get the bigger picture. For many IT administrators, the ability to monitor bandwidth, firewall use and VPN sessions has been simplified with the use of a security information and event management (SIEM) platform. The increasing flexibility of SIEM tools is especially important the more hazardous the threat landscape becomes. This latest eBook from SC Magazine surveys the SIEM landscape and digs into several actual use cases to examine the benefits and challenges faced by enterprises and the security teams running SIEM implementations.
The problem of spam hardly needs an introduction. It is a time-waster for recipients. It has its sinister side in the form of V-spam and phishing. And it consumes infrastructure resources -- especially bandwidth. The only real solution available today is blocking: either at the recipients' premises or, sometimes, at the recipients' ISP. But this feels very much like locking the stable door after the horse has bolted and there must be a better alternative.
Face it, your users want to use any application while at work, yet they may not be aware of the associated business and security risks. Filesharing, remote access, video and social networking applications are all rampant on most every network we analyze. Commonly found among those applications are very sophisticated threats hiding in plain sight, acting like normal traffic, using SSL, FTP, and RDP to steal data.
The industry seems to have now (finally) moved past screaming with every new virus that comes out, or variant of an old one for that matter, as pros now focus on the whole security posture and situational awareness. But, as an enterprise, how do you achieve strong situational awareness and, more importantly, how do you then use that information?