2/5/19 SIEM systems are something more and more people are adopting to use with defense-in-depth and its a good move. The company I work for partners with a SIEM solution provider called SocSoter and they have these affordable units that you deploy on a network and it has an interface in every network device you desire. These device come in a few flavors, a VMS and SMA to name a couple. The SMA proactively monitors the network that it’s mirroring and allows for syslog monitoring of switches and storage appliances including taking Windows Server Event logs. On the flip side…

2/5/19 I’d like to discuss a few things around the classification of data types coming thru a firewall or security device. I think pretty much even know the slang of false positives, but there is in-fact 4 types. True Positive – means an action was taken, that was true and accurate True Negative – means it has not acted, because there was no activity False Positive – means a security control acted based on a threat but it was a error False Negative – means the security control didn’t act even though there was a threat