Topic: SIEM

OK, we're in the home stretch - this is the final entry in my 'Security and Disaster Recovery' series. So far we've covered security incidents as disasters, DR for security controls and the security of your DR environment. The last area of consideration is what happens when you need to return to normal operations. The disaster has occurred, you've successfully moved to your DR environment, and things have been humming along. Now the damage to your primary site has been repaired and you're ready to move back - how does this impact security?

Click to Download/Listen

This week marks the 150th edition of the Speaking of Security podcast. We discuss the recent release of President Obama's 60- day cyber security review and the creation of a "cyber coordinator" position in his administration. We also have news on the 2009 Gartner Magic Quadrant for Security Information and Event Management. RSA/EMC is positioned in the leader's quadrant for the sixth consecutive year.

Click to Download/Listen (7:15)

This week's Speaking of Security podcast features a topical discussion on business continuity planning. Recent global concerns regarding a potential Swine Flu pandemic have organizations looking at possible operational and business disruptions. Sam Curry, VP of Product Management for RSA is our guest.

In the previous two installments of my blog we discussed some of the considerations when evaluating security in the context of disaster recovery, and drilled down a bit into the specific area of security as a disaster. Now let’s look at another aspect of the relationship between security and disaster recovery (DR) - making sure your security controls are available when a disaster occurs.

During a recent customer meeting, I was asked to highlight key capabilities necessary to satisfy PCI’s Security Information and Event Management (SEIM) requirements.  I explained to the customer that if their goal was merely to meet PCI Requirement 10, the solution used here – either purchased, outsourced or home grown – must posses a modest set of baseline capabilities.  Some of these include enabling audit trails, reconstructing simple events, and securely storing audit trails for at least a year.

Click to Download/Listen (7:23)

The week's Speaking of Security podcast discusses the release of RSA enVision 4.0, the premier platform for Secuity Information and Event Management/Log Management.

We’re pretty pumped here at RSA, since today we’re releasing our latest and greatest version of RSA enVision.

RSA enVision 4.0 has some really cool new features, and should be a boon for anyone trying to get a better handle on using log data to deal with any bad stuff that may be going on in their IT environment.

Many people buy a SIEM system looking for a tool that will spot things they might not on their own, or things that a single data source might not. Here’s an example of correlation that will work - given the right input, an analytic engine and some expert knowledge.