Some thoughts on PenTests, Vulns and Patching as Use Case Tools
I was shocked when folks didn't think there SIEM had anything to do with with the following. Below I how I summed it up for the big boss. 1) PenTests 2) Vulnerability Testing 3) Patch management 4) Risk Assessments
PenTest - Shows you what your forgot to secure - If you made the mistake before there is a good chance you will make it again. - Give you a list of new use cases for Splunk Vulnerability Testing - Tells you what you forgot to patch, doesn't tell you that you are patched. - Can't test everything and prone to errors. - The data is pumped into Splunk so you can know if you were vulnerable to a exploit Patch Management - This is the act of keeping up with your vendor, have a policy. Long past are the day where we're proud of uptime. Patch! - Splunk keeps track of your patching performance and history Risk Assessments - Tells you where to install Splunk - Tells you where to focus your use case development - Shows your progress on reducing your risk with Splunk KPIs Can you think of any other way of bullet pointing the value of the SIEM on these? I'd love to hear your thoughts.