Professional Documents
Culture Documents
Traffic
When you first deployed, you
probably connected everything
possible to your SIEM. Now you
have an avalanche of data that’s
so overwhelming, you may not
notice a sneaky threat buried in
the ocean of noise.
Focus on the data that actually
matters. Removing devices sounds
counterintuitive, but when sources
deliver data logs that never produce
actionable results, your analysts are
simply chasing their tails.
TIP 1: Plan a small project to test for
sources of time-wasting red flags.
If they’re not evenly distributed,
isolate the sources and reduce their
volume or turn them off.
RESOURCE LINKS: SANS Institute, Automation in the Incident Response Process: Creating an Effective Long-Term Plan;
Ninth Log Management Survey Report, page 18; Mayo Clinic Security Team/RSA Conference, Modern Approach to
Incident Response: Automated Response Architecture
Octane You need to expand the number of threat indicators you are
including while reducing false alarms and useless chatter
generated in your system.
To do that, you need high-quality, vetted data feeds from
a trusted source. Infoblox uses proven automated systems,
with human review, to refine its threat indicator feeds before
they hit your SIEM, allowing you to focus on observed and
verified threats.
RESOURCE LINKS: INFOSEC Institute, Top 6 SIEM Use Cases; SIEM Use Cases for PCI DSS 3.0; Anton Chuvakin/ Gartner
Blog Network, Popular SIEM Starter Use Cases; InfoSec Nirvana, SIEM Use Cases – What You Need To Know; Tom
Chmielarski/RSA, The Importance of Developing Detection Use Cases
Find Your Get the most out of your high performance machine. When it comes to
winning your daily cybersecurity race, your SIEM was designed to get
Drive you around the track fast. Use these best practices to stay out of the
gravel traps, smoothly navigate the chicanes, and accelerate down the
straightaway.
It’s remarkable what you can accomplish with the right combination of
machine, fuel, and driving.
Optimize Your Our threat indicator feeds are refined to give your SIEM the best
performance. Infoblox’s proprietary systems validate and verify
SIEM with indicators against known malicious activities and devious players.
Our Threat Intelligence team reviews, rates, and categorizes
Infoblox Threat anomalous threat indicators before data is injected into the feed.
The resulting data is so highly refined, our false positive rate is less
Indicator Feeds than 0.0001. Our verified, observed threat indicators provide
accurate, actionable data that adds firepower, speed, and pinpoint
reliability to your security.
Let Infoblox Help You
Supercharge Your SIEM
To learn more about Infoblox ActiveTrust, visit our website
at https://www.infoblox.com/products/activetrust/.
About Infoblox
Infoblox (NYSE:BLOX), headquartered in Santa Clara, California, delivers critical network services that protect Domain Name System (DNS) infrastructure,
automate cloud deployments, and increase the reliability of enterprise and service provider networks around the world. As the industry leader in DNS, DHCP, and
IP address management, the category known as DDI, Infoblox (www.infoblox.com) reduces the risk and complexity of networking.
Corporate Headquarters: +1.408.986.4000 1.866.463.6256 (toll-free, U.S. and Canada) info@infoblox.com www.infoblox.com