Posts

Showing posts from August 2, 2015

Mengambil data analisa dari SIEM

For many companies, the “boy who cried wolf” isn’t a fable. A constant stream of security alerts generated by security information and event management (SIEM) systems can’t distinguish the wolf from the sheepdog, or even the sheep. A study by the Ponemon Institute found that typical companies receive 17,000 malware alerts a week, and fewer than 3,500 are reliable. Only a much smaller fraction, about 700 alerts, is investigated. And those are just malware alerts, not other kinds of threats. Most companies can’t add enough staff to review and respond to all the threats. For you to protect yourself, you need to make better use of your tools to highlight the most relevant threats that need a response. Pay attention to these points to make sure you’re gathering the right information and using it effectively. KNOW YOUR BUSINESS Start by understanding what you really hope to accomplish by using SIEM. Develop a series of use cases that identifies the kinds of risks you want the SIEM to help p…

Gartner Magic Quadrant untuk Application Security Testing

Image
Magic Quadrant for Application Security Testing 6 August 2015 ID:G00268424 Analyst(s): Neil MacDonald, Joseph Feiman VIEW SUMMARY Highly publicized breaches in the past 12 months have raised awareness of the need to identify and remediate vulnerabilities at the application layer. Enterprise application security testing solutions for Web, native, cloud and mobile applications are key to this strategy. Market Definition/Description Application security testing (AST) products and services are designed to analyze and test applications for security vulnerabilities. Ideally, an application would be tested using multiple approaches, and many providers in this Magic Quadrant offer multiple styles of AST, including: Static AST (SAST) technology analyzes an application's source, bytecode or binary code for security vulnerabilities typically at the programming and/or testing software life cycle (SLC) phases (see "Hype Cycle for Application Security, 2015").Dynamic AST (DAST) technolog…