What do you do when:
- You are the source for security goals, processes, and reports for 33 different business units?
- Everyone has your mobile number in their cell phone under “crisis management”?
- But you don’t actually own all the resources required to maintain the peace?
You buy a world-class SIEM.
In June, Jamie Rees, the Director of Information Assurance & CISO, Province of New Brunswick, presented “SIEM in Incident response” at the Gartner Security Summit. With availability of this new case study, his wisdom is available to everyone.
The New Brunswick SIEM deployment serves both strategic and tactical goals: it helps Mr. Rees educate the stakeholder organization about risks in the context of each department’s balanced scorecards, and also dig directly into data to assemble cogent pictures of risk and security posture. The combination helps his team of three guide response and priorities during breaking events such as this spring’s Heartbleed announcement. Rees says,
“Very early, we were able to tune McAfee Enterprise Security Manager to help determine if any potential exploit traffic was infiltrating our network. This was a huge boon to our operation because it enabled us to be proactive and have mitigations and workarounds in place before Heartbleed ever became a threat, and we could show management that we were well-prepared.”
Rees is one of the visionary CISOs leading the use of Security Information and Event Management (SIEM) for continuous incident response. This trend was recently validated in a McAfee-cosponsored SANS Institute survey on incident response:
“When asked about the areas of their organizations’ IR process they planned to improve upon over the next 24 months, a full 68% of participants indicated they plan more integration with the SIEM. Improved visibility into threats and vulnerabilities was the second most frequent improvement, cited by 59% of respondents.”
Actually, Rees uses the McAfee Enterprise Security Manager to help with both of the top improvements survey respondents listed – automation and integration of IR processes via SIEM and visibility into threats and vulnerabilities. Here’s his description:
“With McAfee SIEM, we have the ability to generate comprehensive and up-to-the-minute data about our overall security situation, but without the right team, data is just data. We have a fantastic group of security professionals working at all levels in our government, and McAfee SIEM solutions help them use their skills to the utmost to keep our entire network safe.”
The ability to integrate, normalize, correlate, and make sense of vast volumes of data is one reason the McAfee Enterprise Security Manager continues to occupy a leader position in the Gartner Magic Quadrant for SIEM.