If you follow the IT news feeds, you probably learned today that HP bought ArcSight for $1.5 billions. ArcSight is not a known public name but is a leader on the SIEM (“Security Information & Event Management“) market. This announce already generated lot of comments, positive as negative. Log management,
When you decide to implement a new software solution, one of the choices you’ll certainly face is: “Commercial vs. free software”. No debate here: you’ve to make the best choice depending on the requirements. They can be technical constraints, budget, support, etc. I’m working with commercial solutions which perform (generally)
For a while, it looks that “Fraud detection” is a hot-topic for many SIEM vendors (“Security Information and Event Management“). Recent presentations or webcasts I attended had always some time dedicated to “fraud”! The vendors can’t be blamed to find new opportunities to sell their products. Today they are solutions
Back from the first ISSA Belgium Chapter Meeting of 2010. Today’s topic was “Introduction to OSSEC : Log Analysis and Host Intrusion Detection“. A very interesting topic for me. First because I’m involved in lot of SIEM projects. But especially because Wim Remes, the speaker, is a friend of mine.
A few months ago, I posted an article about how to add extra logging facilities to the Bash shell. For specific users, it can be useful to have a complete history of their activity on your server (for audit purposes). The first release candidate of Bash 4.1 is available for
“Log Management”, “SIEM”, “Correlation”, “Incident Management”, more and more organizations have a SIEM project in the pipe. SIEM means “Security Incident & Event Management“. Just to remind you, a SIEM is a set of tools which helps to collect and analyze logs from several sources on a corporate network. Basic