Related
Recommended

THWACKcamp 2017 - Protecting the Business: Creating a Security Maturity Model with SIEM

solarwinds_worldwide_llc
1 minute read time

Security concerns are getting lots of media coverage these days, given the massive breaches of data that are becoming more common all the time. Businesses want to have a security plan, but sometimes don't have the resources to create or implement one. Protect your infrastructure with the simple features that a SIEM application provides. Simple, step-by-step implementation allows you to lock in a solid security plan today.

In my THWACKcamp 2017 session, "Protecting the Business: Creating a Security Maturity Model with SIEM," Jamie Hynds, SolarWinds Product Manager, and I will present a hands-on, end-to-end, how-to configure and use Log & Event Manager, including configuring file integrity monitoring, understating the effects of normalization, and creating event correlation rules.

In our 100% free, virtual, multi-track IT learning event, thousands of attendees will have the opportunity to hear from industry experts and SolarWinds Head Geeks -- such as Leon and me -- and technical staff. Registrants also get to interact with each other to discuss topics related to emerging IT challenges, including automation, hybrid IT, DevOps, and more.

We are bringing our expanded-session, two-day, two-track format from THWACKcamp 2016 to THWACKcamp 2017. SolarWinds product managers and technical experts will guide attendees through how-to sessions designed to shed light on new challenges, while Head Geeks and IT thought leaders will discuss, debate, and provide context for a range of industry topics.

Check out our promo video and register now for THWACKcamp 2017! And don't forget to catch my session!

  • Some thoughts from our experience of deploying Splunk:

    • Ensure you have an accurate estimate of how much traffic your network will send Splunk.  Our firewalls and wireless controllers are the heavy traffic generators to Splunk, and our VAR's initial estimate of how many messages they'd send was incorrect.  It resulted in a deployment of Splunk solutions that were too small for the need, and we ended up buying bigger Splunk hardware than we'd been told to budget for.  That said, there is only more traffic on the horizon destined for Splunk analysis, and our solution is now robust and adequate to the need.  It's pretty intuitive to make queries on Splunk, once you have the guidelines and some pre-built query variables.  IMHO, there's nothing equivalent to Splunk's intelligence for recognizing patterns that need attention.
    • If you work with any other SIEM vendor, make certain you provide the correct size of incoming messages per second or minute or hour.  When I talked with SW about it, they said LEM could not handle the volume of syslog messages from our firewalls and wireless controllers, which surprised me.  I just checked; Splunk is receiving 14 million messages per hour from our network (includes switches, routers, wireless controllers, firewalls, UPS's, etc.), or 336 M messages per day.  It was quieter over the Labor Day weekend--just 200 M per day.

    There are numerous threads on Thwack regarding LEM vs. Splunk:

    How do you like LEM especially when compared to Splunk?

    https://thwack.solarwinds.com/search.jspa?q=splunk

  • We are going the Splunk route as well due to it's flexibility but I have no experience with it.  We had a vendor do the implementation and I am hoping to get some training soon since I am being told I will be the one to support it.  I have seen a bit of it thus far based on what the vendor has showed me and it makes me really appreciate the simplicity and ease of use of LEM.

  • My bosses also looked at the Magic Quadrant for justifying elimination or inclusion of products for Proofs Of Concept.

    After participating in a survey that provided information for the M.Q., I discovered myself disillusioned about using that as a resource for decision making in the future.

  • I'm looking forward to everything about Thwack camp - well except for sleeping outdoors and the mosquitoes.

    I know my bosses always look at the "magic quadrant" for purchases. It might be good to highlight some ways that SolarWinds competes even though it doesn't currently live in the top right corner.

  • Splunk is great for getting information in to do its wonderful queries....it just doesn't share well on the other end...

Thwack - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.