Algorithmic Stealth and the Security Arms Race

I recently visited Norwich University, the oldest private military college in America and an NSA & DHS Center of Academic Excellence for Cyber Defense. I had the opportunity to speak with some of the students in their Computer Security and Information Assurance program, and I was asked a question by Keely Eubank about the ability

PERCEPTION VS. REALITY: The Myth of 100 Security Data Sources

The realities of security monitoring and the promise of SIEM? In enterprise IT, data is collected from any number of IT and security devices, and then used to monitor, protect, understand and manage our technology-enabled businesses. Due to the ever-expanding attack surface, the amount of data collected today is overwhelmingly unmanageable, and ironically, we only

Ripping off the Bandage: How AI is Changing the SOC Maturity Model

The introduction of virtual analysts, artificial intelligence and other advanced technologies into the Security Operations Center (SOC) is changing how we should think about maturity models. AI is replacing traditional human tasks, and when those tasks are automated the code effectively becomes the procedure. Is that a -1 or a +10 for security operations? Let’s

“Fake News” Must Learn to Regulate Itself!

Digital interaction has surpassed interpersonal interaction — even grandmothers primarily interact with their grandchildren via iPad.  Almost everything we do can be done via an App or online, before long that’ll be the only way we can do anything. We have a word for this and that is “critical infrastructure,” and as a society we

Rules vs. Reasoning in the Security Ops Center

For the last 15 years, Security Ops Centers have been using rules (aka Boolean logic) to describe situations that look like an attack from the logs collected into their SIEM solutions. As an industry-wide standard practice, the intent is to reduce the volume of events to a reasonable level so that a human can effectively analyze them.

The Origins of the Security War Room

In 2001, I was a relatively new Security Operations Center manager for IBM’s Managed Security Services Delivery (yay, MSSD!).  On a Friday night relaxing at home, I was a few beers into my evening, when the phone rang.