Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: so many choices, none perfect (Score 1) 8

by brainspank (#48948125) Attached to: Gmail is no longer acceptable - Slashdot, please opine on alternatives!

1. get another vpn provider
2. get a host vps, run openvpn
3. run your own mail server, use mandrill or similar to send to picky recipients
4. use gmail's imap and your own client?
5. ninja combination of the above
G. give up and opt-out of all e-traffic like my grandma

+ - Book review: Designing and Building a Security Operations Center

Submitted by benrothke
benrothke (2577567) writes "Title:Designing and Building a Security Operations Center

Author: David Nathans

Pages: 276

Publisher: Syngress

Rating: 8/10

Reviewer: Ben Rothke

ISBN: 978-0128008997

Summary: Good introduction to those looking to build their own security operations center





Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators.



This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues.



In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. An effective SOC provides the benefit of speed of response time to a security incident. Be it a DDoS attack or malware which can spread throughout a corporate network in minutes, and potentially knock out the network, every second counts in identifying these attacks and negating them before they can cause additional damage. Having a responsive SOC can make all the difference in how a firms deals with these security issues.



The book notes that the SOC is akin to an enterprise nervous systemthat can gather and normalize vast amounts of log and related data. This can provide continuous prevention, protection and detection by providing response capabilities against threats, remotely exploitable vulnerabilities and real-time incidents on the monitored network.



The books 11 chapters provide a start for anyone considering building out their own SOC. Topics include required infrastructure, organizational structure, staffing and daily operations, to training, metrics, outsourcing and more.



When building a SOC, the choices are for the most part doing it yourself (DIY) or using an outsourced managed security service provider (MSSP). The book focuses primarily on the DIY approach, while chapter 10 briefly details the issues and benefits of using a MSSP. The book provides the pros and cons of each approach. Some firms have a hybrid approach where they perform some SOC activities and outsource others. But the book doesn't details that approach.



The book provides a large amount of details on the many tasks needed to create an internal SOC. The truth is that many firms simply don't have the staff and budget needed to support an internal SOC. They also don't have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are "trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files".



One important topic the book does not cover is around SIM/SIEM/SEM software. SIEM software can provide a firm with real-time analysis of security alerts generated by network and security hardware, software and other applications.



Many benefits come from an effective SIEM tool being the backbone of the SOC. A SIEM tool consolidates all data and analyzes it intelligently and provides visualization into the environment. But selecting the appropriate SIEM and correctly deploying it is not a trivial endeavor.



Those looking for a good reference on SIEM should read: Security Information and Event Management (SIEM) Implementation, which I reviewed on Slashdot - http://books.slashdot.org/story/11/02/23/1328243/book-review-security-information-and-event-management-implementation. That book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy.



The book notes that the most important part of a SOC, and often the most overlooked, is that of the SOC analyst. And with that, the book writes how it's important to be cognizant of the fact of SOC analyst burnout. SOC analysts can burnout and it's important for an organization to have a plan to address this, including aspects of training, management opportunities and job rotation.



Building an in-house SOC takes significant planning an attention to detail and the book details a lot of the particulars that are required for an effective SOC design.



The implementation of a SOC will cost a significant amount of money and management will often want to have metrics to let them know what the SOC is doing. The book spends a brief amount of time on SOC metrics; which is a topic that warrants a book in its own right. There are many metrics that can be created to measure SOC efficacy. Effective SOC metrics will measure how quickly incidents are handled by the SOC, and how incident are identified, addressed and handled.



The downside to metrics is that they must be used judiciously. It's important not to measure base performance of a SOC analyst simply on the number of events analyzed or recommendations written. Metrics used in that manner are akin to help desk where analysts are only concerned about getting calls finished, in order to meet their calls completed metrics.



As important as a SOC is, this is surprisingly the first book written on the topic. At under 250 pages, the book provides an introduction to the topic, but is not a comprehensive work on the topic. There are areas in SOC management that the book doesn't cover, such as SOC documentation, creating and using SOC operation run books, and more.



But even with those missing areas, Designing and Building a Security Operations Centeris a good reference to start with. A SOC is a security component most organizations are in dire need of, and the book is a good way to get them started on that effort.





Reviewed by Ben Rothke"

+ - Alien-Esque Short Film ATROPA Captures the Feel of Gritty '80s Sci-Fi ->

Submitted by Wierzbowski85
Wierzbowski85 (2852925) writes "Via io9: Proof-of-concept short film ATROPA wears its 1970s and 1980s scifi influences on its sleeve, capturing the feel of films like Blade Runner and Alien in a tale about a space detective who discovers a research ship that has gone missing — and the bizarre phenomenon linked to its disappearance. The filmmaker told Blastr, "The idea was born out of my love for the dark and gritty sci-fi movies of the '70s and '80s — that definitely informed the visual style and tone, but I especially like the fact that they are strong character stories. Our film follows that lead, with a new and unique take on some classic themes. I'm really excited about where we go with it — the cliffhanger ending of the short is only the setup to a much larger human mystery.""
Link to Original Source

+ - A 1980 Teenager's View on Social Media->

Submitted by platohistory
platohistory (1745498) writes "Written as a response to the recent popular "A Teenager's View on Social Media" that appeared in Medium this past week, about a 19-year-old college student's views on Facebook, Instagram, etc. Well, social media has been around a lot longer than people think. This is a detailed account of what it was like to be a 19-year-old immersed on the PLATO system in 1980."
Link to Original Source
Games

New WoW Patch Brings Cross-Server Instances 342

Posted by Soulskill
from the new-and-shiny dept.
ajs writes "World of Warcraft's Wrath of the Lich King expansion was staggered into 4 phases. The fourth and final phase, patch 3.3, was released on Tuesday. This patch is significant in that it will be the first introduction of one of the most anticipated new features in the game since PvP arenas: the cross-realm random dungeon, as well as the release of new end-game dungeons for 5, 10 and 25-player groups. The patch notes have been posted, and so has a trailer. The ultimate fight against the expansion's antagonist, the Lich King a.k.a. Arthas, will be gated as each of the four wings of the final dungeon are opened in turn — a process that may take several months. The next major patch after 3.3 (presumably 4.0) will be the release of Cataclysm, the next expansion."

"Success covers a multitude of blunders." -- George Bernard Shaw

Working...