Paul Stamp: Token Security Guy

So Cisco launched their Unified Computing System this morning. This has some big implications for EMC, and Chuck Hollis has gone into great detail on this. In a nutshell, Unified Computing System looks to create a single, virtualized  architecture for the data center, managed from top to bottom by a single set of tools. Sounds cool, eh? But what does that mean for us lowly security folks?

We’re pretty pumped here at RSA, since today we’re releasing our latest and greatest version of RSA enVision.

RSA enVision 4.0 has some really cool new features, and should be a boon for anyone trying to get a better handle on using log data to deal with any bad stuff that may be going on in their IT environment.

Many people buy a SIEM system looking for a tool that will spot things they might not on their own, or things that a single data source might not. Here’s an example of correlation that will work - given the right input, an analytic engine and some expert knowledge.

There are two big parts to a SIEM or log management system. Both are really important - but most people choosing a SIEM have a tendency to look carefully at one while giving the other scant attention.

Too often we vendors go to clients and talk about compliance, and then throw up a slide showing an alphabet soup of regulations and standards, with no context about what they mean or how their product can help. Not only is it confusing, it shows a lack of understanding to customers, who are generally well educated about what these regulations and standards mean. I know this is basic stuff, but it's useful to recap once in a while.

Also at the IANS conference, we talked extensively about enterprises' budgets. Apart from a few notable exceptions, most agreed that budgets hadn't been significantly cut...yet. It stands to reason – nobody buys security because it’s cool, or because they have extra cash in their pockets. On the other hand, few thought their budgets’ were immune to being cut in the near future either, though. Either way, just about everyone was finding that they needed extra justification for their security purchases.

I had the pleasure of attending the Institute of Applied Network Security (IANS) conference in San Francisco last week. For anyone not familiar with this organization, they’re a peer to peer research organization where security practitioners come together to talk about the issues du jour. It’s a real good way for us vendors to get a pulse on what people are worried about, and what they think about what we’re doing to support them.

We’ve been getting a good few questions recently about how many Events Per Second a SIEM product support. Well, that depends on a few factors:

• The transport – processing Syslog events takes up a heck of a lot less processing power than collecting from a Windows box. Same with collecting data over an ODBC connection.