In this most excellent edition of the Exploring Information Security podcast, I talk with Derek Thomas a senior information security analyst specializing in log management and SIEM on the topic of: "What is a SIEM?"
Derek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM. He seemed to be very passionate about the subject and that showed in this interview.
In this episode, we discuss:
- How to pronounce SIEM
- What is a SIEM
- How to use a SIEM
- The biggest challenge using a SIEM
- How to tune the SIEM
- Use cases, use cases, use cases.
More Resources:
- Applied Network Security Monitoring: Collection, Detection, and Analysis by Chris Sanders and Jason Smith
- Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff and Jonathan Ham.
- Logging and Log Management: The Authorative Guide to Understanding the Concepts Surrounding Logging and Log Management by Anton A. Chuvakin and Kevin J. Schmidt
- Anton A. Chuvakin Gartner blog
- Ultimate Windows Security