‹ All episodes

Hashtag Realtalk with Aaron Bregg

Episode 78 - Advancing Your SIEM: Tales from the Trenches

February 15, 2023 Aaron Bregg Season 5 Episode 3
Hashtag Realtalk with Aaron Bregg
Episode 78 - Advancing Your SIEM: Tales from the Trenches
Info
Hashtag Realtalk with Aaron Bregg
Episode 78 - Advancing Your SIEM: Tales from the Trenches
Feb 15, 2023 Season 5 Episode 3
Aaron Bregg

In this episode I not only have a great guest but have a great co-host as well. I had a chance to talk with Kassandra Murphy and Rich Worth about advancing your Security Information and Event Manager. Kassie talks to the importance of standardizing your data sets to increase your searchability (e.g. especially useful when sending data to your managed security operations partner). Rich will be talking to 'real world' use cases and the importance of alert aggregating and risk based alerts. Kassandra is a Senior Consulting Solutions Engineer at Splunk. Rich is the Lead Security Operation Center Analyst for Corewell Health.

 Talking Points:

  • Data hygiene is the 1st step
  • Normalizing data as it applies to data security and being able to better search across your entire data set
  • Technical challenges like alert fatigue
  • Tech is advancing but still a view of security as a check the box or an after though
  • All data is security data!
  • There are easier to way to align your data flows to things like the MITRE or NIST
  • 6 phase of logging maturity:
    • Collecting
    • Maturing
    • Enriching  (collation of the end point data threat landscape) 
    • Expanding
    • Automation (what are repeatable processes that can be moved to save money and time) 
    • Advance Detection (via machine learning)

Episode Sponsor:

This episode is sponsored by Splunk. Splunk is a security observability solutions provider based out of San Francisco California.

Proceeds from this episode will be going to different Autism charities - Autism Alliance of Michigan and Autism Support of Kent County

Share
Apple Podcasts Spotify Amazon Music Overcast iHeartRadio Castro +
Show Notes

In this episode I not only have a great guest but have a great co-host as well. I had a chance to talk with Kassandra Murphy and Rich Worth about advancing your Security Information and Event Manager. Kassie talks to the importance of standardizing your data sets to increase your searchability (e.g. especially useful when sending data to your managed security operations partner). Rich will be talking to 'real world' use cases and the importance of alert aggregating and risk based alerts. Kassandra is a Senior Consulting Solutions Engineer at Splunk. Rich is the Lead Security Operation Center Analyst for Corewell Health.

 Talking Points:

  • Data hygiene is the 1st step
  • Normalizing data as it applies to data security and being able to better search across your entire data set
  • Technical challenges like alert fatigue
  • Tech is advancing but still a view of security as a check the box or an after though
  • All data is security data!
  • There are easier to way to align your data flows to things like the MITRE or NIST
  • 6 phase of logging maturity:
    • Collecting
    • Maturing
    • Enriching  (collation of the end point data threat landscape) 
    • Expanding
    • Automation (what are repeatable processes that can be moved to save money and time) 
    • Advance Detection (via machine learning)

Episode Sponsor:

This episode is sponsored by Splunk. Splunk is a security observability solutions provider based out of San Francisco California.

Proceeds from this episode will be going to different Autism charities - Autism Alliance of Michigan and Autism Support of Kent County