Without knowing if I am making progress, why continue? ‘Fitness’, like ‘security’, is a vague and nebulous term and equally hard to grasp if not prepared. Without knowing exactly the problem I was trying to fix, a gym session becomes an exercise in shooting from the hip, picking workouts at random, using different machines, and as a result being unable to measure any progress. Like the New Year’s resolution-ers, many of these will eventually quit to go elsewhere, feeling exhausted, unstimulated, and without a metric to measure success or progress.įast forward to the end of the year, and my contract, I have long stopped using it. This is an issue facing security analysts worldwide retaining an experienced and effective workforce in this environment is difficult when the work is repetitive, and throws up so many false positives that it becomes draining and eventually unsustainable. ![]() By the time I’m halfway through the previous night’s alerts, I’m drained, so picking up on that one piece of targeted malware is all the more difficult. Feeling tired and sore from yesterday, with the prospect of another long day, will I drag myself out of bed early to do some more work? Compare this with the constant outpour of information from a SIEM, with which dealing becomes an all-consuming, exhausting affair. At this point it feels like a challenge, but not by any stretch insurmountable.īy day two at the gym though, I’m already fatigued. It works, but how can it be measured? How do I know I’m getting anywhere? That feeling of ‘being on top of security’ is still there, because the SIEM is working, and pushing out reports. The constant feed of data from a SIEM will flag up false positives, sparking an endless chase of suspicious looking data, like selecting the next exercise machine at random and giving it your all. This is the SIEM: these slick tools can all be used to exercise, and they work – but not without the knowledge counterpart, and not without hard work. Over at the gym, I walk into a hall of gleaming machines, brightly coloured mats and foam rollers, treadmills and rowing machines. IT managers feel happy that they’ve addressed the security issues facing the company, and any suspicious activity will be logged and investigated. On the security side, the ink is drying on the contract, and applications are rolling out on the estate. The buyer’s (and runner’s) high is still on at this point. ![]() With a personal trainer, I can learn and shortcut the pitfalls that those poor, uninformed sloths suffer from. On day one, I step into the gym following a year of gluttony: I’ve finally put my first footsteps on the road to fitness nirvana, and the coming months may present new challenges, but now I’m equipped to tackle them. Just as the enthusiasm and excitement of the January gym rush can quickly disappear, contracts for security provisions like SIEM (security information and event management) can follow a similar timeframe. We frequently see this same mindset cropping up when it comes to businesses taking the plunge on an investment into their security capabilities. Those completely new to it may realise that there is much to learn, and so enlist the help of trainers to show them the long and difficult road to fitness. We’ve all been there the feeling of satisfaction for finally getting around to it, feeling fitter and stronger already, we may even have done some research on the routine we want. As the turn of a new year approaches, so too does the time for gym managers to rub their hands together with glee, watching streams of well-intentioned patrons pour in with wallets in hand, ready to embark on their fitness journey – I did this last year, they say to themselves, but 2017 is the year.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |