You can short cut pitfalls with a trainer
AT THIS time of the year, gym managers rub their hands in glee, watching streams of wellintentioned patrons pour in, ready to embark on their fitness journey.
We’ve all been there; the feeling of satisfaction for finally getting around to it, feeling fitter and stronger. Those completely new to it may realise that there is much to learn, and so enlist the help of trainers to show them the road to fitness.
We frequently see this same mind set when it comes to businesses taking the plunge on an investment into their security capabilities. Just as the enthusiasm and excitement of the January gym rush can quickly disappear, contracts for security provisions like SIEM (security information and event management) can follow a similar time frame.
On day one, I step into the gym following a year of gluttony: I’ve finally put my first footsteps on the road to fitness nirvana, and although the coming months may present new challenges, I’m equipped to tackle them.
With a personal trainer, I can learn and short cut the pitfalls that uninformed sloths suffer from.
On the security side, the ink is drying on the contract and applications are rolling out on the estate. IT managers feel happy that they’ve addressed the security issues facing the company, and any suspicious activity will be logged and investigated.
Over at the gym, I walk into a hall of gleaming equipment and brightly coloured mats. This is the SIEM: these slick tools can all be used to exercise and they work – but not without their knowledge counterpart, and not without hard work.
The constant feed of data from a SIEM will flag up false positives, sparking an endless chase of suspicious-looking data, like selecting the next exercise machine at random and giving it your all. It works, but how can it be measured? That feeling of ‘being on top of security’ is still there, because the SIEM is working, and pushing out reports.
By day two at the gym though, I’m already fatigued. Feeling tired and sore from yesterday, will I drag myself out of bed early to do some more work?
Compare this with the constant outpour of information from a SIEM, with which dealing becomes an all-consuming, exhausting affair. By the time I’m halfway through the previous night’s alerts, I’m drained. So picking up on that one piece of targeted malware is all the more difficult.
This is an issue facing security analysts worldwide; retaining an experienced and effective workforce in this environment is difficult when the work is repetitive, and throws up so many false positives that it becomes draining and eventually unsustainable. Like the New Year’s resolution-ers, many of these will eventually quit to go elsewhere, without a metric to measure success or progress.
Fast forward to the end of the year, and my contract – I have long stopped using it. ‘Fitness’, like ‘security’, is a vague and nebulous term and equally hard to grasp if not prepared. Without knowing if I am making progress, why continue?
When it comes to security, it is possible to observe trends and patterns over an extended period, but this is something more effectively delegated to statistical analysis. This is where the log aggregation solution comes in: think of the ability to collate all of the workout routines of every member of one’s gym over the previous year, measure their effectiveness, results and identify issues both past and future. Those problems which do not map against known previous issues can then be
“Retaining an experienced and very effective workforce is a challenge