What's Happening in Information Security

Did you see the cyber warfare segment on CBS’s 60 Minutes? There’s an article, “Cyber War: Sabotaging the System” along with the video from the show, in case you missed it. CBS News correspondent Steve Kroft interviewed a host of people who are sure to know something about the country’s security – among them retired Admiral Michael McConnell and former State Department official Jim Lewis, who is currently director of the Center for Strategic and International Studies, about the current state of cyber warfare.

Jim Lewis tells Steve Kroft how a series of major successful espionage attacks were perpetrated in 2007 against the Departments of Defense, State, and Commerce and probably the Department of Energy and NASA, resulting in the theft of terabytes of sensitive data. Lewis also mentioned a case in December 2008 in which attackers entered highly-secured classified Department of Defense networks, using seemingly discarded thumb drives containing malware. I had nightmares after this segment. 

While the government can be expected to respond to these attacks by shoring up known holes and strengthening defenses, the basic question remains … “How come they didn’t detect the intruders immediately?” What we need to do, in both the public and private sectors, is to get much better at detecting anomalous behavior or even usual behavior that might have insidious elements.

We asked Warren Axelrod, a notable lecturer, practicioner and writer on information security how he would answer the question – “Warren, why didn’t they know?”

From the desk of Warren Axelrod: Pam, this news segment took my breath away as well. Let’s look at this for a moment. What we know is what security teams typically do is “close the barn door after the horse has fled”. As an example, we have seen how rogue USB devices can be used to infiltrate systems and networks. Consequently,we disable USB ports. Why wasn’t that done at the outset, since it is well known that viruses and malware are often resident on thumb drives? Unfortunately, sometimes we’re our own worst enemy.

When policies are created to disallow thumb drives, objections are often raised by powerful areas of influence – like the legal department. Their excuse is that they must respond immediately to requests for data. Similarly, the executive suite insists that they MIUST synchronize their whatever. Of course, after a breach, such arguments rapidly vaporize.

Nowyou might wonder why monitoring behavior on networks and systems include exceptions based on experiences after something bad has happened. Here’s a simple example: A criminal payables clerk accessed 400 hundred accounts per day when he/she was stealing information versus the usual twenty accounts per day. So someone gets the bright idea to report on anyone accessing more than 50 accounts per day. That makes sense if we’re just trying to avoid a recurrence of that type of breach.

But on closer inspection there are two problems here: one is that those with evil intentions soon learn how to stay below the radar and adjust their activities accordingly and two, we typically check for previously-experienced events. What about events that haven’t been seen before – that is the unknown unknowns?


Check back here tomorrow to read Warren's recommendations! Have some recommendations of your own? Comment here!

Protecting information assets from cybercriminals is a global initiative. There are advanced technologies to detect the criminals and advanced criminal activity in places you would least expect them. Our friend Warren Axelrod tells an interesting story of a cruise to Baltic capitals where most recently cybercriminals were arrested for the heist of ATM credentials. As your cruising with Warren, think about your efforts to protect information assets.

From the desk of Warren Axelrod:
In the fall of 2005 my wife and I took a wonderful cruise of the Baltic c.capitals which included St. Petersburg in Russia and Tallinn in Estonia. Siobhan Gorman and Evan Perez had an article in the Wall Street Journal (November 11, 2009 section A10) about the huge ATM heist and the arrests made in the same Baltic capitals - a very different context for appreciating the Baltic capitals.

You probably recall the heist in question. The Royal Bank of Scotland’s RBS WorldPay systems in Atlanta, Georgia (the U.S. Georgia that is) were hacked and the ATM credentials of customers were stolen. These credentials were used to create prepaid ATM cards, which were used to withdraw cash from 2,800 ATMs in 280 cities globally within a twelve-hour period. The hackers cleverly exploited their access to the systems to raise the permitted limits on the ATM cards, thereby increasing the haul. It is indeed a credit to law enforcement that the alleged perpetrators were found and indicted and it is hoped that this case will deter others from such activities.

Now, back to the cruise… St. Petersburg and Tallinn were the highlights of the trip. St. Petersburg is a beautiful European-style city, founded by Peter the Great in 1703, with its wide Parisian boulevards, Venetian canals, and impressive Baroque and neoclassical buildings. Tallinn is a medieval city with historic churches and fortresses. From the physical appearances of these cities, one would never guess how technologically sophisticated their populations are.

There was little to no visible evidence of advanced technologies changing the lives of Tallinn’s citizens. However, the tour guide in Tallinn did allude to it. She mentioned that Tallinn is the home of the Internet phone company Skype, which was founded by a Swiss national who moved to Estonia. And Estonia found its place on the cyber map when a massive denial-of-service attack put the country’s financial system out of action. Supposedly this was the first real example of cyber warfare. It was then that the world at large realized how advanced Estonia was in terms of moving so much of its government and private sector business online, and how dependent the country had become on the internet.

While we have a tendency to equate impressive modern skyscrapers, roads, bridges, tunnels and other physical infrastructure elements with the presence of advanced cyber technologies, one shouldn't’t underestimate the cyber sophistication and effectiveness of seemingly traditional societies. Appearances can indeed be deceptive. Take this observation one step further: In companies large and small there are people who look like the employee of the year or the innocent local business owner who are hiding their real identities as hackers and cybercriminal. This knowledge is important to professionals charged with protecting information assets.
 

Intellitactics congratulates Indusface - an end to end Information Security Solutions and Services provider - that was recently recognized as a winner of the Deloitte Technology Fast 50 India Program.

At an award ceremony held in Bangalore on the 20^th of November, 2009, Deloitte announced the winners of the fastest growing 50 Technology companies in India.  The Deloitte’s Technology Fast 50 India program is one that recognizes the fastest growing technology companies in India based on their percentage revenue growth over the past three financial years. All eligible nominations in the Deloitte Technology Fast 50 India 2009 program will automatically qualify for participation in the Deloitte Technology Fast 500 Asia Pacific 2009 program which recognizes the 500 fastest growing technology companies in Asia Pacific, rankings of which will be announced on the 10^th of December, 2009 in Hong Kong.  

The Deloitte program is one that is recognized world over and a ranking achieved in these programs would help build credibility, potentially attract business partners, increase employee pride and generate media coverage for your company.

Ashish Tandon, CEO Indusface on the being a winner said, “Since the inception of our company in 2004, we have been focusing on quality and reliability for every solution and service we provide to our customers. This has been a driving force for our growth and market penetration. Today, receiving the Deloitte’s Technology FAST 50 India, we are truly recognized in our efforts. It is a great honour and privilege to be amongst the winners and the top 50 companies. This I am sure will give us strength to continue on our successful path”.

Indusface, an enterprise security services company, boasts an annual growth rate of over 175%. Through its India, Middle East and North America based operations and its ISO 27001 adhered delivery centers in Bangalore and Vadodara, Indusface services over 350 customers spread across 12 countries in 4 continents including Fortune 500 clients. Indusface has strategic partnerships with globally renowned technology vendors such as IBM, Entrust, Qualys, Rapid7, Symantec, Intellitactics and Trend Micro and with an engineering team of over 60 consultants averaging over 5 years of enterprise information security experience, Indusface has proven its technical and delivery excellence by having a high percentage of their business come from existing customers. 

Indusface - Good Luck in Hong Kong from your partners Intellitactics!

For more info on Indusface

Nandini Tandon

Indusface Consulting Pvt Ltd

Ph: +91 6562666 / 888

Cell: +91 98989 06651

Up close and personal - protecting information assets with Google using a Google Dashboard – You’ve Got to be Kidding!

Imagine that you use Gmail - Google’s mail product. Here’s a fundamental question about protecting information assets - your personal mail as an example: 
You own your email data right? Should you need to GIVE PERMISSION to Google to use, look, search your email  ---OR

Google owns your email content and can do whatever they want with it – UNLESS – you learn to use the Google DASHBOARD to protect your information assets - your private correspondence?? 
 

In another installment from Tales from the Cloud, Warren Axelrod, disagrees with Matt Asay’s review of the Google Dashboard.

It really is insidious … that constant chipping away at our privacy - often without our knowledge.

So now we have a new responsibility. According to Matt Asay’s November 5, 2009 column “Google privacy controls: Most people won’t care,” Google is harvesting every Google Doc. Google Voice call and Gmail e-mail and is assuaging people’s privacy concerns by making available the Google Dashboard.

Google Dashboard supposedly enables individuals to control their personal data  - protect their information assets supposedly held for them by Google. Users may review their data, and delete information about themselves and change the policies whereby such data are gathered, held, and distributed.

Matt Asay’s post rightly hails this as a step in the right direction. However, is it really going to do much to sustain privacy? Asay notes that Google Dashboard is “almost certainly never [ever] going to be used by the vast majority of Google users.” The writer claims that this is because of user apathy and their not valuing their personal privacy.

I challenge Asay’s hypothesis. I think that the features of Google Dashboard won’t be fully utilized because while individuals care  about their privacy they simply don’t have the time to learn a dashboard, choose settings, tweak Google’s storage settings in order to keep something private that should be private to begin with. Most already have enough to deal with  - the economy, their work, family problems, health care issues – come on, where does Google get off making their mail system as important as finding a job????

Maybe Google is trying to do the right thing. I suggest the right thing is to treat email as private correspondence and then provide the means for a user of gmail to give Google permission to store and search it. How can you be sure that the data haven’t already been cached or distributed or copied many times over? What assurance do you have that the controls they are asking you to impose are even effective?

Google- close but no cigar!

Here’s a quick list of security activity you should be able to monitor with your SIEM solution to get control of “creative users” that ignore policy or controls.

-       Unauthorized IP address on the network

-       Account used from multiple sources

-        High rate of failed logins – 50 or more in 1 minute

-       High rate of firewall denies for a single source ip

-       Login denies from or to an operational sensitive host

-       Many failed login attempts for a user

-       Many failed logins from a single source – 50 or more in 1 minute

-       Successful attempts to login to any account on many hosts from a single source

-       Successful attempts to login to same account on many hosts

-       Unauthorized pseudo logins

Here’s one more way to use a SIEM solution with correlation capability: This example is employed by a company focusing on user login activity. The goal: know when a user logs in that HAS NOT LOGGED in for 5 days or more. The Intellitactics SIEM solution creates a dynamic list that expires in five days and populates the list with each user’s login ID. Then the Intellitactics SIEM looks at the list everytime a user logs in and generates an alert if they ARE NOT on the 5 day list. This practice is unique for this company but using dynamic lists is very effective in generating alerts for early warning.

Packaged correlation, dynamic lists, unparalleled collection and patented adaptive parsing of all log sources makes Intellitactics SIEM a TOP 10 Technology for 2010.

More examples of security activity monitoring - using the Intellitactics SIEM solutions.

One of our SIEM customers had a potential problem with employees choosing to use the public wifi at work since it didn’t have any of the restrictions presented by the corporate wifi. Then they would connect back in with a VPN to do their work. Now the Intellitactics SIEM solution can check for a VPN login under a user name and alerts if the user had badged into the building in the last 8 hours. The SIEM solution monitors the physical badge reader for this effective correlation. Not all SIEM solutions are created equal: Intellitactics SIEM solutions monitor just about anything that generates a log and correlates the data with other monitored events.

Here’s another example made possible by using your SIEM solution to monitor a physical device – like a badge reader. The company wanted to know when employees tried to badge into areas of the building they had not badged into in the previous two weeks. Similarly, they monitored to identify instances of multiple failed badge swipes at any particular badge reader or zone of readers in a three day period. The SIEM solution had correlations to look for all of these conditions.

Tomorrow  - the quick list of activities to monitor with your SIEM  to identify insider threats. 

If you visited the blog earlier in the week, you know that security activity monitoring is on the TOP 10 List of Technologies for 2010. This week we're featuring how you can use your SIEM solution for security activity monitoring.

An insurance company uses the correlation capability that comes with their Intellitactics SIEM solution to identify users that are doing password rotation. Password rotation is when a user, forced by policy to change their password, reuses a password they’ve used before. The policy for this company, which is not uncommon, is that a user can’t use the same password for 12 iterations of changes. This company tracks the user name of the users and their machines and the correlated result creates an alert. The alert triggers a case in their ticketing system and the user and their manager are notified.

This next one is one of my favorites: A company had a problem with users logging into machines in other departments for look for files they weren’t supposed to see. I’m pretty sure this doesn’t happen in your company, but in case it does here’s a good approach for solving the problem. It turns out the users were able to do this because they had local admin rights – this was discovered using the SIEM solution. Since every user had dedicated use of a machine, a correlation alerted if a user logged into a machine they had not logged into in the last 7 days. Problem solved.

Tomorrow – having your SIEM solution monitor physical devices -  like badge readers -  to stop the use of public wifi at work.

With about 7 weeks left in 2009, companies are looking forward to 2010. Gartner, an IT industry research and analysis group, published a report: the TOP 10 Technologies for 2010. Making number 10 on the list for 2010 is SECURITY ACTIVITY MONITORING. We’re not surprised because almost all our customers use the Intellitactics SIEM solution for security activity monitoring.

Specifically, the article on the report captured on eWeek describes why security activity monitoring made the Top 10 List.

While classic security techniques have tried to bar malicious intruders from attacks, companies are embracing monitoring and analysis tools to identify and isolate suspicious activity.

That’s a significant shift in emphasis – from barring attacks from intruders to isolating suspicious activity. Many professionals agree that all the bad guys aren’t intruders – some of them work on the inside.

In talking with the Intellitactics Solution Architects, our experts on implementing and extracting optimal value from a SIEM solution, I was able to get some examples of security activity monitoring – real life, practical examples from our customer files. This week we’re featuring what Intellitactics customers are doing with their SIEM solutions: Intellitactics Security Manager, our total software solution, and Intellitactics SAFE, the complete SIEM appliance.

Maybe you’ve implemented some of these examples yourself, or would like to if you had the right SIEM solution. Comment on this post and share your practical tips and techniques for security activity monitoring.

Here’s the example for today. Many companies monitor employee web browsing for specific activity like gambling, surfing pornographic sites or other inappropriate activity occurring during the workday. I found  a government site that reports corporations lose millions of man hours a month, translating into  millions of dollars of lost productivity from this type of unauthorized web browsing. This doesn't even take into consideration the vulnerabilities these activities can introduce to the enterprise.

Another practice is monitoring host intrusion detection systems (HIDS) like those from Tripwire, to identify and alert on attempts to get access to restricted files. An ounce of prevention is worth a pound of cure. Be sure your SIEM solution monitors a broad base of data sources like HIDS.

Check back tomorrow to see how a SIEM can be used to enforce password policies. Use Comments to share your best practice.

From the desk of Warren Axelrod:

Sometimes you read about a vulnerability and say to yourself: “Could this be used for good?” That’s what happened when I read about researchers showing how “it is possible for attackers to precisely map where a target’s data is physically within the ‘cloud’ …” found in the October, 2009 article by David Talbot in MIT’s Technology Review.

Isn’t that just what we need to demonstrate PCI DSS compliance as well as conformity with the requirements of the Gramm-Leach-Bliley Act, HIPAA, Sarbanes-Oxley and the like?

The real issue, discussed in the article, is the reliability of such tagging. However, if the methods can be refined, does this offer a solution to the opacity issue which plagues cloud services? Can companies use such information to demonstrate compliance with data protection requirements?

In my October 13 blog, “Protecting Information Assets – Cloud Services Providers,” I discuss the need for physical and logical controls and the ability to demonstrate compliance with specific data protection regulations. And in my October 19 blog, “Catching Fraud – PCI DSS Compliance Software,” I express concern that compliance with laws, regulations and guidelines, though necessary in and of itself, does not guarantee security. So that any methods that will provide more of the information necessary to demonstrate good security and privacy practices are to be welcomed.

There are, of course, somewhat easier ways to track where customers’ data are residing. One way is to carve out specific equipment in known locations for particular client institutions, which are subject to regulatory oversight, particularly those in the financial services and health services industries. And it appears that cloud service providers are increasingly willing to offer such services, recognizing the huge potential population of applications that could then take advantage of the cloud. Such specificity will increase the cost of services, since some of the advantages of virtualization and rapid scalability will be reduced making the costs higher. However, with resources costing cloud service providers so much less, it is more than likely that the net cost of “knowable dedicated cloud resources” will still be much lower than most organizations could negotiate on their own.

Another potential advantage is that cloud services providers may be more receptive to your directly monitoring logs of the resources that are dedicated to your particular use – but that remains to be seen.

It’s virtually impossible to know who you can trust on the Web. Read the October 1, 2009 column by Elinor Mills, “Facebook shuts down malicious fake profiles.” It will certainly raise your level of concern on several counts.

 Seemingly there are “numerous profiles” on Facebook that “were identical except with different names …” If someone clicked on a link within the profile then they could be tricked into paying for unneeded software, revealing credit card information, and subject to having spyware installed on their machines.

Roger Thompson, chief of research at the anitvirus provider AVG Technologies is quoted as saying that the bad guys “…have found a way to automate the creation of Facebook accounts, which means that they have found a way to bypass the Facebook Captcha, a hard-to-read image of letters [and other characters, such as numbers] supposed to ensure that a human is involved.” The use of a Captcha is required for opening a new account on Facebook.

Facebook spokesman Simon Axton claims that the Captchas were not in fact read automatically, but had been subject to human intervention.

There have been rumors for some time that hackers were working on recognizing Captcha characters by machine in order to overcome the effectiveness of the method. Were this to happen, then yet another heavily relied-upon authentication method will go down the tubes. It may be, in the Facebook example, that the Captcha technology was not in fact compromised. But it’s likely that it’s only a matter of time before it will be.

There are some who look forward to the possibility that the Captcha images will be broken signaling a material advance in pattern recognition. That may seem somewhat perverse, but early hackers and some current software vulnerability seekers claimed that they are a positive force, striving to improve security for all.

Whichever position you may take, the single most important lesson to derive from this is that any security measure is only effective until it is broken … and breaking it is only a matter of time and persistence.

Cisco Aironet Wireless Access Points

Cisco Catalyst Switches

Cisco Security Agent

Cisco VPN Concentrator

Cisco Content Engine

Cisco Content Switch

Cisco Global Site Selector

Cisco Intrusion Prevention System

Cisco IOS (Routers & Smart Switches)

Cisco IronPort Web Proxy

Cisco MDS (Multilayer SAN Switches)

Cisco ASA/FWSM/PIX

Cisco Secure ACS (Access Control System)

Cisco Tacacs+ (this support is across several Cisco networking products listed above)

Cisco UBR (Universal Broadband Router cards)

Cisco Unified Call Manager

Cisco Wireless LAN Controller

Here's something to think about: For any given device category (eg. firewall) we support many more products than what Cisco lists as supported devices for MARS. Slip SAFE into place right next to MARS and get everything you've been missing like hundreds of compliance reports, visual analysis for finding root cause, monitoring access controls and applications with one simple appliance.

Want to learn more about other ways we get more from your logs? Comment here and ask about the extensive SIEM solution device list.

From the desk of Warren Axelrod

Oops, again! Seemingly tens of thousands of email passwords belonging to users of hotmail, gmail, and others were hijacked and are being used by spammers – see the October 6, 2009 article “Passwords for Google, Yahoo and Hotmail accounts illegally leaked online,” by Nate Lanxon. This is not a good thing, to say the least.

 No one appears quite sure – or maybe just not willing to disclose – what actually happened here. Some attribute the loss to phishing, others to keylogging. It sounds to like a direct attack on the password files, but I really don’t have any evidence to support that. The reason I suspect a more direct attack is that the report verified that affected account names began with the letters A and B. That would appear to suggest that password files had been stolen, since phishing and keylogging would generally yield a more random selection of names. But who knows?

More important than the specific attack vector (although that is important for preventing it from happening again), is the issue of relying on the cloud for storing one’s sensitive data, whether you are an individual or a corporation or a government agency. Clearly, data stored in the cloud can be exposed to theft and misuse. In some cases, such as with the PCI DSS (Payment Card Industry Data Security Standard) and various laws and regulations, it is often impossible to comply because of the opacity of the cloud.

I attended a presentation at which the information security officer of a major financial firm mentioned that he had discovered that millions of records of sensitive information had been inadvertently stored with a cloud services provider. Upon discovery, they pulled the data back inside the company. However, knowing how virtualized the storage of data is in the cloud, with many copies residing across numbers of machines in many locations, it’s practically impossible to ensure that all copies of every data item have been removed.

Data persistence, like that in the cloud, represents a significant risk to regulated companies in particular and represents risk to any entities that choose to store sensitive data in the cloud. The danger is compounded when they don’t know that they are doing so. Organizations do not have control over all their structured and (especially) unstructured data as it is, so the risk of exposure in the cloud is that much greater.

What has really happened is that we have taken a bad situation and made it worse. In the “good old days” of relatively simple IT outsourcing, one usually had some idea of what data you were sharing with third parties and you could attempt to make sure that the data were protected and suitably destroyed when no longer needed. Now, it appears, all that is up for grabs in the cloud where virtualization, resiliency and load balancing have taken away any real ability to manage your data.

Tales from the Cloud – Part 1: A Kick in the Side

 Oops! SideKick users were subjected to the “Men In Black” memory eraser or “Neuralizer” … and they weren’t protected by their Ray-Bans.

The T-Mobile’s SideKick outage, which occurred as a result of a server failure in early October 2009, essentially wiped out users’ stored contact lists. At first, it was feared that the data was lost forever; subsequent reports indicated that the data was recoverable. Whether the data was recoverable or not, there was clearly a period during which customers did not have access to their data, causing great inconvenience and anxiety.

This incident and others involving Gmail and other service outages should raise a red flag as we continue to increase our dependency on cloud services. Which presents a greater issue to users: cloud security or cloud services?

I have felt for some time that availability is the greater issue. We have ways of securing our sessions on the Web, even though they offer limited effectiveness in the face of ever-evolving threats. But, when there is no service available at all, the impact can be immediate and devastating. It is true that outages can result from bad guys launching denial-of-service attacks, but the impact is generally focused and usually affects a limited number of websites. The big headline grabbing service interruptions, at least to date, have originated from networks and servers out of service due to a break in undersea cables or failures of servers or other equipment and software due to some error or other. Seldom are these outages due to intentional attacks, except perhaps for the recent politically motivated attacks on Estonia and Georgia.

So where does this leave us? Just as you have defensive driving rules, you should operate under defensive computing rules. I recall in the early days of timesharing, one would store their work every five or ten minutes because you expected to lose the connection and any work done since last time you saved it would be lost! So it is with cloud computing:

• Back up your data onto media under your direct control
• Have an established means of continuing to conduct business even       when your cloud services are not available.

It might just be a matter of maintaining a list of your contacts’ telephone numbers so that you can call them up or text them if you can’t reach them via email or instant messaging. It is true that it is easier to send a single email out to 20 recipients than calling up all 20 colleagues separately, but the latter is better than nothing. If you operate with the expectation of system and network failures, chances are that you will fare better than most when those inevitable outages and data losses occur.

Last week Gartner issued a research note for clients about Cisco MARS.

It seems that Cisco is freezing support for non-Cisco data sources and we’ve heard that  the Cisco salesforce is advising customers to look for another log collection and analysis and event management for non-Cisco sources. Several companies we talked to last week have already taken steps to augment Cisco MARS with Intellitactics SAFE.

We help you take full advantage of your Cisco MARS tool – we treat it like any other data source and consolidate the logs with all the logs from non-Cisco data sources. Better yet - we collect logs from dozens of Cisco devices and any non-Cisco data source you can think of. We offer high speed parsing, log analysis, event management and hundreds of compliance reports using one, simple to deploy SIEM appliance.

We know that there are lots of you out there that were trying to “check the box” for a SIEM solution with MARS. Cisco widely sold MARS as a SIEM and built a huge customer base. It’s time to make your almost SIEM a fully capable SIEM by choosing one Intellitactics SIEM solution like Intellitactics SAFE.

SAFE solves your compliance challenge and gives you the foundation you need to establish best practice security operations. SAFE helps you do more with logs – all your logs – and establish the infrastructure for every day compliance. Whether you plan to augment or replace Cisco MARS you can learn more about SAFE every Tuesday at 2 PM EST. 

In last week's series on 5 Questions from SIEM buyers, I hope we answered some of your questions about buying SIEM Solutions. Here’s a quick summary:

·        Will Intellitactics’ PCI DSS Compliance reports satisfy a Qualified Security Asseessor? YES       Can you write your own reports? OF COURSE but you won’t need to.

·         When you’re using Intellitactics SIEM Solutions will you be able to collect ALL LOGS from any device or data source? YES YES YES!!

·         Can you do root cause analysis? YES and you can do it graphically – in the case of Intellitactics SIEM solution – a picture really is worth a thousand lines of events.

·         How fast is Intellitactics SIEM solutions? FAST ENOUGH – Consistently for effective and efficient log and event management.

·         How many devices does Intellitactics support – ALL the ones that are important to you and then some.

If you missed any of the detailed answers – check last week’s blog posts - AND

If you’re one of the many companies still considering a SIEM acquisition, there’s one more question you might be asking: How hard is this going to be – really?

We won’t kid you – it’s not hard – it’s as easy as we could make it. We went to great lengths to infuse Intellitactics SIEM solutions with the correlations and alerts we know make a difference in security effectiveness. We KNOW they make a difference because best practice companies – our customers - say so.

If you need more proof that a SIEM solution can be meaningful to your company – go to our research center and read what Aberdeen Group, SANS, Gartner and customers report. Come to a Tuesday demo and see for yourself. If you have more questions – comment here!