SANS Tool Talk Webcast: “Log Management: No Longer Optional”

sansI’ll be presenting a SANS Tool Talk Webcast entitled “Log Management: No Longer Optional” on Tuesday, June 2nd at 1pm EST.

About the session:
Both network and security professionals agree – a log management solution is no longer optional. It’s now a required tool in their arsenal.

Unfortunately, many of their log management projects have failed because the solution they chose was unable to support the size and scope of the deployment and/or effectively deliver useful results.

During this webcast Andrew Hay will discuss important considerations when selecting and deploying a log management solution for your organization and how to avoid some of the pitfalls.

Join this webcast and learn about:

  • Drivers of log management, including security best practices and regulatory mandates
  • Architectural considerations for supporting large distributed enterprise networks
  • Deployment considerations for supporting a multi-vendor network
  • Correlation considerations to effectively make sense of enterprise-wide network & security events
  • Advanced security management considerations to improve an organization’s ability to detect more complex integrated network threats
  • Reporting, auditing and forensics considerations that support compliance initiatives

Sign up for the webcast here.

10 Commandments of Airplane Etiquette – Part 1 of 2

airplaneThe following post has nothing to do with security but should serve as a reminder if you’re traveling to a security conference or meeting in the near future:

1) Thou shalt not plan to go to the bathroom (especially Number 2) on the plane instead of taking the time to go at the airport prior to boarding.

Come on people…it’s really not that nice a place to go to the bathroom. It’s small, it’s cramped, and it smells funny. They have bathrooms at terminal for a reason. There is nothing worse than having to sit across from the toilet after someone dropped a dingo before takeoff.

2) If thou art too old, weak, or short to sit in the exit row thou shalt give up your seat to the 6’4″ gentleman that can’t sit comfortably in the regular seats.

Let’s review…most planes were built in the 1950’s-1970’s. Aparently, during this period in history, our entire civilization was made up of 5’0″ / 100lb humans that could easily travel in “spacious airline accommodations”. Guess what…there’s people who are taller than 5’0″ and heavier than 100lbs. How about we accommodate them for a change?

3) Thou shalt not talk the ear off of the person who is trying VERY HARD to ignore you.

You know who you are. You’re the person who didn’t bring a book to read, doesn’t have an iPod, or just likes to talk the entire flight. If the person beside you inserts their headphones into their ears that means that the conversation is over.

4) Thou shalt not unbuckle your seatbelt and start to get your luggage from the overhead compartment before the pilot tells you to.

Are you that important that waiting 30 seconds is going to kill you? I didn’t think so.

5) Thou shalt not try to recline your seat if you notice that the 6’4″ gentleman behind you has his knees flush with the back of your seat.

I think I’m actually getting a headache from the blinding rage I feel when I think about how many people have done this to me. I can remember one older gentleman telling me that I should really find another seat so that he could recline his seat in front of me. He then proceeded to ask the flight attendant where I could be moved too. Grrrrrr…..

And with that last one I’ll stop my post and continue with Part 2 next week. I have another flight out to Seattle (12hrs of flights, layovers, etc.) so I’m sure I’ll have more commandments to share.

Virtualized Network Security Management (vNSM)

This is a term that I’ve been throwing around for a while now so I thought I’d take the time to define it for everyone.

Virtualized Network Security Management (vNSM)
The extension of existing Network Security Management (NSM) policies and procedures to include “virtualized” deployments. This includes, but is not limited to, the collection, correlation, and normalization of:

  • logs (e.g authentication, authorization, status, etc.) generated by “virtualized” hosts (e.g. servers, workstations, etc.)
  • logs generated by non-security related applications (e.g. mail server, web server, etc.) installed on “virtualized” hosts
  • logs generated by security related applications (e.g. firewall messages, anti-virus alerts, rootkit installation prevented, etc.) installed on “virtualized” hosts
  • logs (e.g authentication, authorization, status, etc.) generated by “virtualized” network components (e.g. virtual switches, virtual hubs, etc.)
  • network flows (e.g. NetFlow) generated by “virtualized” network components
  • expected, anomalous, or malicious network communications to/from/between “virtualized” hosts (e.g. web server communicating with “virtualized” database, “virtualized” workstation retrieving file from “virtualized” FTP server, etc.)
  • logs generated from the operation of the host virtualization platform

I may expand on, or refine, this definition in the future but I wanted to make sure I had my ideas down on “paper” before I lost them.

Scroll to top