As end users grapple to keep their organizations secure, the burden is on them to make sense of the massive volume of security event data they must sift through to identify and investigate suspicious events.
Why? Event producers, including Operating System vendors, application developers and device manufacturers, bring their solutions to market with no standard language to capture how events are described, logged, and exchanged. To make matters worse, every Security Information and Event Management vendors (SIEM) vendor who collects data for log management, correlation, aggregation, auditing, and incident handling, applies their own definitions to describe data fields and event profiles.
This may not have been a big issue when security teams could manage security events in silos. The nature of attacks was such that monitoring networks for firewall breaches was one process, and updating security patches on endpoints was another.
Today, attacks are taking place across multiple vectors over longer periods of time. Security teams are correlating data for sophisticated views across the entire IT landscape. Multiple levels of end users are responsible for security management, from basic monitoring and escalation, to complex forensics and historical investigations.
In many organizations, a SIEM solution is the central collection and distribution system for security event data, and should therefore, play a pivotal role in driving cohesion between event producers and event consumers.
Sensage has embraced the MITRE Event Taxonomy, Field Dictionary and CEE Event and Event Profile Schema as the foundation for the Security Intelligence Service. Within the SIS community, the MITRE CEE framework and terminology will provide a common language to accelerate the sharing of security best practices, queries, metrics, and templates for dashboards and reports.
Learn about the MITRE CEE community: http://cee.mitre.org/
