To be even better, your SIEM needs more intelligence without
noise. Like the universe we live in, the area that must be monitored for APTs
constantly expands. It is hard to focus on the significant security events when
the field of view keeps getting larger.
The key to information security is what you focus on must be worth catching. Enforcing systemic,
organizational proficiency to focus on the narrower relevant field is
absolutely crucial to organizations’ security practice.
Focus on the Top 3 Blind Spots
A lot of the organizations we talk to are finding a way to
address that challenge of making their SIEM better, not burdened. They do it by
dedicating their primary effort to solving the SIEM’s top 3 blind spots:
- the cloud, and
- failure to monitor all the Windows endpoints
We believe in this so much it’s where we are putting all our
money. Here’s how:
LOGbinder provides the market-leading solution for SIEM’s to
have visibility into what’s happening inside Exchange, SharePoint and SQL
Server. Soon after the public availability of Exchange 2016, SharePoint
2016 and SQL Server 2016 (expected mid-2016), LOGbinder intends to release
compatible updates to its core products. We already have these versions in
development and are excited about their potential to help make your SIEM
better. Our SIEM integrations help you isolate and monitor only what’s
Microsoft’s cloud-based products, especially Office 365 and Azure are hugely attractive
to organizations of all sizes. Their limitation has been a lack of audit
capability, but that is soon to change. Microsoft expects to release (also
mid-2016) a completely new and very good audit function to both Office 365 and
Azure’s Active Directory. LOGbinder is poised to deliver a matching solution to
put cloud-based application security intelligence where it belongs – your SIEM.
We are investing significant resources with the plan to deliver the solution 30
days after public availability.
By the way (and this is important),
it is going to require special effort on the part of all of us in the IT
security business to pitch in and make cloud security audit and monitoring
possible. LOGbinder will provide the audit data from cloud, as well as guidance
about what to watch. But… you should talk to your SIEM product development team today
to make sure they are talking to LOGbinder and working on their integration for
LOGbinder’s cloud-based solutions.
The 3rd problem area for SIEM security
intelligence is monitoring all
Windows endpoints. If you don’t know which endpoint is installing a new
Your SIEM is perhaps your greatest bandwidth hog as it is,
adding all that traffic from the endpoints isn’t feasible, right? But that’s
not a good enough reason; nobody wants
to have to explain a data breach because of it. The real reason is probably
a financial one. LOGbinder has developed a solution and is devoting significant
money to bring that solution to market early in 2016. We discussed it at length
at the recent HP Protect conference. We call it SuperCharger for Windows Event Collection. It is software that –
with no agents and no polling – uses
the native Windows event functionality to deliver only the relevant security
events to the SIEM from all the Windows endpoints with no noise! It’s
really cool and we’re super-excited. So are our SIEM partners who’ve taken the
time to talk to us about it.
We are very excited about the opportunities now (and soon to
be) available for SIEM security analysts. Putting meaningful security event
logs in the SIEM where they belong is our passion.
LOGbinder is committed to making your SIEM even more powerful by
feeding it more intelligence without the noise.
Note: The statements
in this post about our new product delivery dates are “forward-looking”. We
can’t predict the future with certainty. Our plans are presented here, and we
expect to be able to make those plans a reality. But like all future plans,
they are vulnerable to unanticipated events.