Earlier this week, I published a piece in SecurityWeek
entitled “Throw Out The Default Rule Set” (http://www.securityweek.com/throw-out-default-rule-set). The piece discusses the benefits of
discarding the default rule set that is included with many alerting and SIEM
technologies and taking a different approach entirely. The approach described in the piece suggests
identifying risks and threats to the business, and using those to build a set
of use cases unique to the specific organization. Those use cases can be used to build a rule
set that is more adequately suited to the specific organization running
it. Ultimately, if done correctly, this approach
can result in far fewer false positives, far less noise, and a much higher
signal-to-noise ratio. If this concept
intrigues you, I’d urge you to have a look.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment