Big Lake = Big Value

“Getting value out of your data lake” For the first time in the security industry, we are seeing security operations teams and data analytics teams working together. This positive development illustrates that security data has value to everyone and can be shared throughout a company. It is important to take control of your data destiny, … Continue reading Big Lake = Big Value

Data Transformers to the Rescue

ETL vs Log Forwarding - Why your security future depends on it! We are now officially in a new era of security engineering.  This era is characterized by big data analytics encompassing AI, machine learning, and data warehousing. In our previous posts, we discussed the need for security operations to have greater visibility into log … Continue reading Data Transformers to the Rescue

Azure Security Data Lake

Harnessing The Power of Big Data Analytics and AI - Security's Future Welcome to the SOCAUTOMATORS series on building a Security Data Lake. This series of blog posts and accompanying videos will help you design your data lake and provide guidance on technically implementing the solution in Azure. Many organizations need to harness the power … Continue reading Azure Security Data Lake

Filling Up the Security Data Lake

Dam the Lake! The foundation of our data “dam” is a pool of information collected from multiple sources. Some data is ingested directly into the data lake storage account. Other data is ingested into the SIEM and later forwarded on to the data lake to meet long-term retention requirements.  Typically, 70% of data ingested into … Continue reading Filling Up the Security Data Lake

What to bring to the Data Lake?

“Yes – it’s more than bathing suit” Security engineering teams need to develop new skills to provide their security analysts with the necessary depth of data and analytics to perform their jobs effectively. Analysts require this data to be readily available in the SIEM during an incident. We must reduce the speed of triage to … Continue reading What to bring to the Data Lake?

Will your SIEM survive?

“The rise of data and the security data lake” There is a long-standing problem in cybersecurity. There is the ever increasing need to log more sources to provide needed visibility to detect threat activity. The need to ingest raw logs has created an ingestion problem. The SIEM was supposed to be the ultimate solution to … Continue reading Will your SIEM survive?

The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

For fans of the weekly Microsoft Security Insights podcast, Frank, Edward, Brodie, and I have some awesome news to share. The popularity of the podcast continues to grow. Not only is the listener audience in an exploding growth spurt, but there are many security experts coming out of the woodwork asking to come on the … Continue reading The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

Quick Tip: Monitoring Log Analytics Issues for Microsoft Sentinel

Log Analytics issues are things that should be an important matter for Microsoft Sentinel customers, since the service runs on top of a Log Analytics workspace. And, as such, there should be a mechanism to monitor when issues have been reported. The Azure Monitor team maintains a status blog: This blog produces alerts when … Continue reading Quick Tip: Monitoring Log Analytics Issues for Microsoft Sentinel