7/31/2019 Advanced cyber-security intelligence
1/14
Copyright Quocirca 2012
Bob Tarzey
Quocirca Ltd
Tel : +44 7900 275517
Email:[email protected]
Clive Longbottom
Quocirca Ltd
Tel: +44 771 1719 505
Email: [email protected]
Advanced cyber-security intelligence
Real time defence of business data and IT users through the use of next
generation SIEM
July 2012
Traditional IT security defences have been built using point security
products. These are good for protecting against specific threats; for
example firewalls limit access to networks, anti-virus software detects
malware on given devices and encryption protects stored data. However,
cyber security threats have now emerged that can only be detected by
correlating information from a wide range of sources, including point
security products themselves.
Most organisations already have much of the required data to achieve this
but not the tools needed to process it. This has led to the emergence ofnext generation SIEM (security information and event management) tools.
These enable the real time correlation of IT intelligence data and for many
advanced threats to be foiled or pre-empted that would have been
previously undetectable.
This paper presents a value proposition for investing in next generation
SIEM tools.It should be of interest to any business, security or IT manager
that wants to get ahead in the security stakes and make their organisation
less likely to be a victim than the next one.
mailto:[email protected]:[email protected]:[email protected]:%[email protected]:%[email protected]:%[email protected]:%[email protected]:[email protected]7/31/2019 Advanced cyber-security intelligence
2/14
Advanced cyber-security intelligence
Quocirca 2012 - 2 -
Advanced cyber-security intelligence
Real time defence of business data and IT users through the use of next generation SIEMCyber security threats are becoming increasingly complex and can often only be detected by looking at data from multiple
sources. This includes the logs from point security products, information about IT systems and the data that is used to store
knowledge of users and their rights and other contextual information. A correlated view of all this data enables unforeseen
attacks to be thwarted as they happen, as well as providing IT security teams with the insight to do their jobs more effectively
and improve base security.
Many security
threats cannot be
detected with point
products
Point IT security products, such as firewalls, anti-virus software and intrusion prevention
systems, aim to stop individual threats as and where they occur but do not provide the
advanced correlation needed to prevent many advanced cyber security threats. For example, a
user request to attach to the network with a known device may look normal, but would not be
valid if the device had been reported stolen the day before.
IT security has
become a big data
problem
Detecting complex threats in real time requires the cross correlation of large volumes of data in
real time. Those charged with ensuring the security of their organisations assets face a bigdata problem, similar to the broader business intelligence problem that comes with extracting
value from the rapidly increasing volumes of electronically stored information.
Analysing large
volumes of IT
intelligence data
requires new tools
The use of log management andsecurity information and event management (SIEM) tools hasbecome commonplace in larger businesses over the last decadefor reviewing events that havealready occurred. Now the next generation of SIEM tools has emerged. By processing and
correlating data in real time, enforcing pre-programmed rules and observing suspicious activity
these tools enable the mitigation of cyber security threats that may otherwise go unnoticed.
Next generation
SIEM tools need to
make finely balanceddecisions
If the tools are too sensitive then a valid, but unusual, action by a bona fide user may be
blocked, causing frustration and damaging productivity. Next generation SIEM tools not only
detect advanced threats but also enable quick decisions to be made about when to block
access, when to allow it and when to alert security staff. They also provide IT security teamswith the insight needed to know when human intervention is required.
IT intelligence data
can also be used to
improve base
security
It is not just about stopping individual events; the data gathered by such tools can provide a
continuous feed to enable any organisation to improve its security posture and to adjust policy
to allow users to work more effectively and reliably. IT intelligence data can also provide an
insight beyond IT security itself, enabling better management of IT systems and applications to
improve the efficiency of business processes and user productivity.
To justify required
investments it is
necessary to look at
added value as well
as reduced risk
Advanced cyber security intelligence is obviously about reducing risk, but that alone may not be
enough to win the backing for the required investment in next generation SIEM tools. There are
also cost savings that come from avoiding the clean up after cyber security failures and
avoiding potential fines if an event leads to a leak of regulated data. Value must also be added
to the equation; greater overall confidence in IT systems means business processes can be
pushed harder, increasing productivity and freeing IT staff to spend time focussed oninnovation rather than fire fighting.
Conclusions:
So much criminal activity and political activism has now been displaced from the physical world to cyber space, or at least extended
to cover both, that IT security employees are now in the frontline when it comes to ensuring that the businesses they serve have
the ability to function and that their continued good reputation is ensured. To this end they must be enabled with the tools that
give them a broad insight into IT infrastructure, applications and user activity to protect their business from attacks tomorrow that
no one can envisage today.
7/31/2019 Advanced cyber-security intelligence
3/14
Advanced cyber-security intelligence
Quocirca 2012 - 3 -
Introduction; beyond point security products
Nation states have known for centuries that putting point security measures in place, such as border controls and
passports, to protect their territory, citizens and other assets is not enough. The best levels of protection are only
achieved through proactively monitoring potential enemies and foiling their actions in real-time or, better still, pre-empting them. There will still be security breaches, but the constant gathering and effective use of intelligence
ensures the number is minimised and that those with responsibility for security are able to make better informed
decisions.
Security failures have occurred in the past due to poor correlation of security intelligence. Some analysts consider
that the failure of the FBI and CIA to share intelligence meant the planning for Sept 11th
2001 terrorist attacks in the
USA went undetected1. Even if good intelligence exists, not correlating it well with other information can lead to
poor decision making with the consequent serious results.
Businesses have always had to focus on security too. For example, banks have always worried about armed robbers
walking through the doors of branches; to counter this threat point security products, such as bullet proof glass
screens and video surveillance cameras were installed. However, the effect was to displace the crime elsewhere;
when bank branches had become too hard to raid criminals started to target the vans that moved cash to and fromthem.
The past decade has seen a massive displacement of threats for both governments and businesses from the physical
to the virtual world. The savvy bank robber no longer covers their face with a stocking but hides behind an
anonymising internet proxy or passes themselves off as an insider on IT systems using a stolen identity. The opening
up of the online world is a reality that businesses have not been able to ignore, not least because they need to
exploit the opportunities that abound.
Businesses must also recognise that protection online requires going beyond the use of traditional point IT security
tools. That is not to say they are no longer necessary, but that they do not offer the level of defence required. For
example:
Anti-virus software may not detect a zero day attack on a given server. Correlating server access logs to identify
that the same server is being used to contact many other servers and user end-points on the same private
network and is sending messages home to an unusual IP address would give an early warning that something is
amiss (Figure 1). The recently identified Flame malware worked in a similar way to this.
An intrusion prevention system (IPS) may prevent multiple failed attempts to access a server from a particular
IP address, but may not see that data is already being copied from that server due to a single successful
penetration from the same IP address (Figure 2). Correlating log and event files could identify that two such
events are related and lead to the prevention of a data theft. A so-called advanced persistent threat (APT)
could have this sort of profile.
7/31/2019 Advanced cyber-security intelligence
4/14
Advanced cyber-security intelligence
Quocirca 2012 - 4 -
Recent research conducted by OnePoll2
amongst IT decision makers at UK-basedorganisations suggests some
already understand these deficiencies; around half the respondents believed that it is doubtful breaches can be
prevented or are, indeed, inevitable regardless of the security measures in place (Figure 3). Proactive real time
intelligence gathering and correlation is needed to foil and pre-empt the wide array of increasingly sophisticated
threats. However, many businesses lack the necessary tools and visibility to achieve this; 47% admitted that data is
only analysed after an event has occurred (Figure 4).Good cyber security intelligence is fundamental to preventing advance security threats and enabling security staff to
do their jobs effectively. The real time use of correlated security intelligence can identify activities that may
otherwise go unnoticed and prevent them from happening in the first place. Such intelligence also enables good
decision making; IT staff need to react to fast moving events and be confident to raise the alarm and know how loud
it should be: however, they do not want to be accused of crying wolf.
This paper presents a value proposition for investing in next generation SIEM tools that enable a business to make
use of a wide range of information sources to achieve these goals. It explains how proactive use of IT intelligence
can counter threats as they happen rather than uncovering them after the event. It should be of interest to any
business, security or IT manager that wants to get ahead in the security stakes and make their organisation less
likely to be a victim than the next one.
7/31/2019 Advanced cyber-security intelligence
5/14
Advanced cyber-security intelligence
Quocirca 2012 - 5 -
Sources of IT intelligence data
Businesses have a problem with data; they are increasingly overwhelmed by it and are often unable to extract the
expected value. This applies to both the business data that IT systems are there to gather, manage and provide
access to in the first place, and also the data gathered about the use of business data itself and the IT systems thatprocess and store it. This includes log data and audit trails; the gathering and analysing of all this IT intelligence data
is essential to protecting against advanced security threats.
IT intelligence data is the key to providing the insight that enables proactive threat mitigation and protection of
business data from theft and misuse. By understanding how IT systems are being used and the threats that surround
these systems and their users, the core security and value of IT can be better ensured.
The struggle to get to grips with, and extract value from, overwhelming volumes of business data has been dubbed
the big data issue in recent years. A similar struggle exists with IT intelligence data, which is also generated in large
volumes. For example, the latest high performance network routers and switches may have gigabytes of solid state
storage to hold log information about the millions of packets of data they process per second. Security products are
constantly generating log files too, whilst file servers and databases maintain logs of who has accessed what andwhen. All this can only be made sense of in the context of access rights extracted from identity and access
management systems and other contextual information.
Another complication is introduced by the increasing use of on-demand (cloud-based) services. Information needs
to be gathered from the providers of such services about the traffic flowing to and from them. Furthermore, to
provide pervasive security coverage, security staff also need to be aware of the use of these services directly by lines
of business and employees, something which is increasingly done without the upfront endorsement of the IT
department.
The growing diversity and mobility of devices used to access IT applications and data add more complexity (this
includes the growing use of employee-owned devices). User devices can be both a cause of data leaks and a source
of security threats. Point security products, including data loss prevention (DLP), end-point security tools andencryption can help, but recognising that a known device is being used in an unusual way requires reviewing it in the
context of broader network, geographic and temporal information.
Table 1 lists the range of sources for IT intelligence data. The need to gather, store and process so much IT
intelligence data from so many sources is the reason IT security has become a big data issue. Addressing the
problem requires new tools with the capability to process this data in real time. Some of the vendors of SIEM tools
are now adapting their products to address the problem; so-called next generation SIEM.
7/31/2019 Advanced cyber-security intelligence
6/14
Advanced cyber-security intelligence
Quocirca 2012 - 6 -
Table 1: Sources of IT intelligence data
IT infrastructure
Network devices: logs from routers, switches,
information from network access control (NAC)
tools, NetFlow data
Security devices: logs from firewalls, IPS, other
security appliances
Servers: log files from servers in data centres,
branch offices; physical, virtual and public cloud
based
User end-points: device information, network
context, access history, records of ownership and
records losses
SCADA (supervisory control and data
acquisition) infrastructure: data about the
operation of and access to industrial control
systems, their network mapping and access history
Access data
Databases: access logs
Other data access information: monitoring the use
of content, data from data loss prevention systems
and content filtering systemsBusiness applications: access logs both for on-
premise and on-demand applications
Web access data: includes information about what
is being downloaded to and from web sites; feeds
from DLP tools and web filtering systems
Email records: who has been sending what to
whom?
Vulnerability information
3rd party feeds: from other IT vulnerability
assessment and mitigation systems, e.g. Rapid 7,
Qualys and FireEye
Software integrity information: patch state of
operating systems, firmware, database and
applications, list of known flaws
Known malware: List of known malware that may
be used as part of more complex attacks
User information
User records: data from directories that defines
who are authorised users and what groups they are
assigned to, this includes information about current
and past job roles
Access rights: current access rights for a given user
or group of users
Privileged access rights: records of the temporary
or permanent assignment of privileges to named
users
Guest access rights: information from networkaccess control systems about areas of networks
enabled for guest access
Third party access rights: records of outside
organisations and users that have been authorised to
access infrastructure and applications
Machine access rights: not all access is by
people; software applications and devices are also
regularly assigned access rights, for example to
carry out automated sys-admin tasks
Other data
Change control systems: list approved sys-admin
activities
Locational data: IP and cellular geolocation
where access requests are coming from
Regulatory/standard information: for example
IS0 27001, which many organisations have adopted
as an IT security baseline
Industry bodies: provide advice to members on
known complex attack types and how to coordinate
defence against them
Social media feeds: may identify that a givenorganisation is likely to be subject to attack,
pressure group campaigns etc.
Weather: unusual weather conditions in a certain
area may account for observed large scale changes
in user activity
Time: accurate coordination is not possible without
good timekeeping; an accurate source of time is
needed across different systems and often needs to
be added to records to make them useful
7/31/2019 Advanced cyber-security intelligence
7/14
Advanced cyber-security intelligence
Quocirca 2012 - 7 -
Next generation SIEM defined
The capability to collect and analyse IT intelligence data has been available for a number of years, enabled by tools
for log file management, security event management (SEM), security information management (SIM) and file
integrity monitoring. One of the reasons that log management tools, in particular, emerged was that, due to thegrowing volumes of log data being generated, log files were being overwritten, especially on old devices with limited
storage; maintaining a central database is the only way to ensure log data is available in the long term for
compliance purposes.
In 2005, Gartner coined the term SIEM (security information and event management) to characterise products that
brought many of these capabilities together into an integrated product set. SIEM tools were mainly about taking a
retrospective view of what had happened for compliance and governance purposes. Pulling together information
from disparate sources could show auditors who had been accessing what and when. However, this was all after the
event; more timely use of IT intelligence data could prevent unwanted events happening in the first place. This
required an upgrade of existing SIEM tools to enable the real time processing ofbig data.
This has led to the emergence of next generation SIEM tools that can do just this; analyse and correlate IT
intelligence in real time. This includes data currently being generated and the huge volumes of existing log andevent data. By doing this it is possible to recognise and stop advanced threats as they happen. Of course, more than
fast processing is required; the tools must have the intelligence to evaluate irregularities and decide whether they
represent true threats or not; this is important as over sensitivity will lead to annoying disruptions in the day-to-day
use of IT and damage productivity.
Table 2 lists the capabilities to be expected in next generation SIEM tools.
Table 2: features of next generation SIEM tools
The ability to process and analyse large volumes of IT intelligence data in real time
Advanced correlation engine to process information from disparate sources The ability to enforce advanced rules that link disparate events and prescribe what should happen if
there is an anomaly
The intelligence and insight to act and prevent security breaches as they happen
The ability to adapt and improve future responses
The use of data from external sources to provide information on the new types of threat that have
been observed elsewhere
The capacity for the long term storage of IT intelligence data in a central repository
Intuitive interface to enable IT security staff with the insight into historic data and what is happening
now
7/31/2019 Advanced cyber-security intelligence
8/14
Advanced cyber-security intelligence
Quocirca 2012 - 8 -
Applying next generation SIEM through advanced correlation
The key to understanding the value proposition for investing in next generation SIEM is to understand the insight
provided by correlating IT intelligence data. This includes finding links between seemingly disparate events and the
ability to apply policy in real time by linking existing logs, records of past events and other data with currentactivities. The ability to do this provides a new level of security that no individual security device or measure can
offer stand-alone. This is best illustrated through a series of examples of advanced cyber security threats and how
they can be countered through such correlations using
next generation SIEM.
Impossible access requests: it may be normal for a
known user to access a given application remotely and
out of office hours, but not if the request is coming from
a location where they cannot physically be (Figure 5).
Correlating each access request against the previous
successful access request and checking the geographic
location of the devices used can identify a physicallyimpossible event such as a user having moved from
London to Paris in the space a few minutes or hours,
even if the bona fide users job role could see them
legitimately in both locations. Mobile network service
providers use similar techniques for detecting fraud in
their networks.
Non-compliant movement of data: it might be usual for
an employee to access customer information; it may also
be usual for them to download it to a file for reporting
reasons. However, for them to copy the data to a non-
compliant location, for example a cloud storage resourcein a certain country, should raise an alarm (Figure 6).
There may be no malicious intent here; perhaps this is
an example of a line-of-business commissioning its own
cloud resources (an increasingly common practice). This
requires rules that understand user access rights and
compliance rules and the ability to correlate these in real
time with attempts to copy data and the location of the
target storage service.
Absence of an event: SCADA systems are often
controlled using human machine interfaces (HMI); this
requires someone to be present, which, with a physicalsecurity measure in place, should be preceded by a
record of the employee involved having used an ID
badge to enter the premises in question. So, if an action
is logged on an HMI system at a remote location that is
not preceded by a valid record of physical entry, then
either someone has gained unauthorised access or the
HMI has been hacked remotely. An advanced correlation
rule that looks for the presence of the badge reader log
within a specified time prior to and HMI access request
enables such a breach to be detected (Figure 7).
7/31/2019 Advanced cyber-security intelligence
9/14
Advanced cyber-security intelligence
Quocirca 2012 - 9 -
Anomalous sys-admin activity: if a system
administrator account has been compromised there
may be an attempt to create a new account for future
use. Correlating this activity with a change control
system will identify that the creation of such accounts
has not been authorised (Figure 8).
Unexpected access routes: some databases are only
normally accessed via certain applications, for example
credit card data is written by an e-commerce
application and only read by the accounts application;
access attempts via other routes should raise an alarm
if the tools are in place to correlate such events and
observe that a rule about the normal access route is
being broken (Figure 9).
Sys-admin failures: next generation SIEM is not just
about preventing security breaches, it can also help
ensure sys-admin tasks are complete; for example a
backup process is started, but no log for backup
completed is generated (Figure 10). Searching logs and
correlating them to check the various events in the
backup process have all happened ensures that the
task has been successfully completed.
7/31/2019 Advanced cyber-security intelligence
10/14
Advanced cyber-security intelligence
Quocirca 2012 - 10 -
Taking action
Detecting a threat in real time or in advance is all well and good, but what action should be taken? In some cases an
immediate and drastic action to block access to an individual or stop an application or process may be justified, but
this is not always the case. If security settings are over sensitive then this can lead to annoying disruptions to thevalid use of IT. Poor intelligence may lead security staff to hit the panic button too soon or too late. There may also
be good reasons for taking another course on certain occasions; for example, letting a criminal action continue long
enough to gather forensic evidence for a prosecution.
Furthermore, it may not be possible to stop complex attacks, such as those that form part of an APT, by taking any
one single action; this may require putting the whole organisation on alert including taking proactive PR measures to
limit reputational damage. If an attack is part of a broader campaign against an organisation then countermeasures
may be required at all sorts of levels beyond IT systems, including in the news rooms and law courts, and there must
be a team armed with necessary intelligence to coordinate this. Sonys slow and awkward response to an attack by
the hacking organisation Anonymous in 2011 is an example of an organisation failing to achieve these goals.
What should be done in all cases is that an alarm is raised to security staff, so that even if automated actions are nottaken they are in a position to intervene and make executive decisions as quickly as possible. They can also be better
informed when making those decisions. Over time, next generation SIEM tools can provide even greater insight as
they can adapt; recognising if anything similar has been seen before, what happened on the last occasion, the action
that was taken and what was the outcome.
Businesses know they cannot fend off every attack; 28% of respondents were so gloomy in the OnePoll research
that they said it is doubtful that breaches can be prevented (see Figure 3). Thankfully, many more are less
pessimistic, but even they must plan for falling foul of an advance cyber security attack at some point. Planning for
this means ensuring there is immediate access to the information required to provide forensic support for the clean-
up. However one of the main aims of having advanced cyber security tools in place should be to stop attacks in real
time or pre-empt them by improving an organisations overall security posture. To this end many IT security
managers will need to make the case for investment new or upgraded technology.
7/31/2019 Advanced cyber-security intelligence
11/14
Advanced cyber-security intelligence
Quocirca 2012 - 11 -
Conclusion: a total value proposition for next generation SIEM
Quocircas total value proposition (TVP) analysis looks
at the expected return from any given investment in
terms of risk reduction, cost saving and value creation.There are a number of factors in all three areas that
can be put into a proposition for the investment in
next generation SIEM.
The case certainly needs to be made. 52% of
respondents to the OnePoll research stated that the
proportion of IT budget spent on security had not gone
up in the last five years (Figure 11). However,
respondents felt that the emergence of new
regulations is one of the best ways of engaging with
senior level management involved in the IT security
decision making process (Figure 12).
Financial risk is also a good way to get the ear of those
who control the purse strings; 77% stated that the
growing threat of data breach penalties could help
motivate and increase spending (Figure 13). But once
the discussion is underway, a more positive case can
and should be made for the investment in proactive
cyber security intelligence.
This discussion should focus on reduction of business
risk, the control of business cost and the creation of
business value.
Risk reduction
From the evidence presented in this report it should be
clear where next generation SIEM tools could help
reduce risk. These include:
Insight into risks that cannot be seen using point
security tools
IT security teams empowered with the information
to act (or take no action) with confidence
Improved base security
Rapid response to limit reputational damage
Cost saving
Security failures can be an expensive business,
investing upfront to avoid them is far better than
unbudgeted spending to clear up the mess after the
event:
Avoidance of penalties for data breaches
Automation of time-consuming data analysis
Less money and time spent cleaning up incidents after they have happened
7/31/2019 Advanced cyber-security intelligence
12/14
Advanced cyber-security intelligence
Quocirca 2012 - 12 -
Value creation
The more confidence a business has in the use of IT the better positioned it is to exploit the huge business value that
it provides:
Better protection of IT assets means higher availability
More IT staff time is freed up to focus on core value
There is more confidence to innovate with IT in the knowledge that its use is more secure
Confidence to fully exploit business processes
An open communications environment for employees, partners and customers where the business is protected
from the potentially harmful actions of users, be they intentional or accidental
So much criminal activity and political activism has now been displaced from the physical world to cyber space, or at
least extended to cover both, that IT security staff are now in the front line when it comes to ensuring that their
businesses can continue to function and ensuring its continued good reputation. To this end they must be enabled
with the tools that give them a broad insight into IT infrastructure, applications and user activity to protect their
business from attacks tomorrow that no one can envisage today.
References
1Wedge: From Pearl Harbor to 9/11, The Secret War Between the FBI and CIA, Mark Riebling, 1994 (updated 2002)
2OnePoll research commissioned by LogRhythm, into 200 UK-based at businesses with more than 1,000 employees
(Spring 2012)
7/31/2019 Advanced cyber-security intelligence
13/14
About LogRhythm
LogRhythm is the leader in cyber threat defence, detection and response. The companys SIEM 2.0 security
intelligence platform delivers the visibility, insight and remediation required to detect the previously
undetectable and address the mutating cyber threat landscape. LogRhythm also provides unparalleled
compliance automation and assurance as well as operational intelligence to Global 2000 organisations,government agencies and mid-sized businesses worldwide.
For more information on LogRhythm please visit http://www.logrhythm.com, follow on Twitter: @LogRhythm
or read the LogRhythm blog.
LogRhythm Inc.
4780 Pearl East Circle,
Boulder CO., 80301
Get Directions
LogRhythm Ltd.
Siena Court
The Broadway
Maidenhead Berkshire SL6 1NJ
United Kingdom
LogRhythm Asia Pacific Ltd
8/F Exchange Square II
8 Connaught Place, Central
Hong Kong
Phone: (303) 413 - 8745
Fax: (303) 413-8791Phone: +44 (0)1628 509 070
Fax: +44 (0)1628 509 100
Phone: +852 2297 2812
Fax: +852 2297 2289
LogRhythm France SARL
171 bis, Boulevard Charles de Gaulle
92200 Neuilly sur Seine
LogRhythm Germany GmbH
Landsberger Strasse 302,
D - 80687 Mnchen
Phone +33 1 40 88 11 80 Phone +49 89 90405 245
http://logrhythm.com/Applications/SIEM.aspxhttp://logrhythm.com/Applications/SIEM.aspxhttp://www.logrhythm.com/http://www.logrhythm.com/http://www.logrhythm.com/http://maps.google.com/maps?q=4780+Pearl+East+Circle+Boulder+CO+80301&hl=en&ll=40.021305,-105.242339&spn=0.005866,0.011834&sll=40.021152,-105.241951&layer=c&cbp=13,161.97,,0,0&cbll=40.021438,-105.242276&hnear=4780+Pearl+E+Cir,+Boulder,+Colorado+80301&t=h&z=17&iwloc=A&panoid=y13M0968Anuf4ToLwaNzPwhttp://maps.google.com/maps?q=4780+Pearl+East+Circle+Boulder+CO+80301&hl=en&ll=40.021305,-105.242339&spn=0.005866,0.011834&sll=40.021152,-105.241951&layer=c&cbp=13,161.97,,0,0&cbll=40.021438,-105.242276&hnear=4780+Pearl+E+Cir,+Boulder,+Colorado+80301&t=h&z=17&iwloc=A&panoid=y13M0968Anuf4ToLwaNzPwmailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]://maps.google.com/maps?q=4780+Pearl+East+Circle+Boulder+CO+80301&hl=en&ll=40.021305,-105.242339&spn=0.005866,0.011834&sll=40.021152,-105.241951&layer=c&cbp=13,161.97,,0,0&cbll=40.021438,-105.242276&hnear=4780+Pearl+E+Cir,+Boulder,+Colorado+80301&t=h&z=17&iwloc=A&panoid=y13M0968Anuf4ToLwaNzPwhttp://www.logrhythm.com/http://logrhythm.com/Applications/SIEM.aspx7/31/2019 Advanced cyber-security intelligence
14/14
Advanced cyber-security intelligence
About Quocirca
Quocirca is a primary research and analysis company specialising in the
business impact of information technology and communications (ITC).
With world-wide, native language reach, Quocirca provides in-depth
insights into the views of buyers and influencers in large, mid-sized and
small organisations. Its analyst team is made up of real-world
practitioners with first-hand experience of ITC delivery who continuously
research and track the industry and its real usage in the markets.
Through researching perceptions, Quocirca uncovers the real hurdles to
technology adoption the personal and political aspects of an
organisations environment and the pressures of the need for
demonstrable business value in any implementation. This capability to
uncover and report back on the end-user perceptions in the market
enables Quocirca to provide advice on the realities of technology
adoption, not the promises.
Quocirca research is always pragmatic, business orientated and
conducted in the context of the bigger picture. ITC has the ability to
transform businesses and the processes that drive them, but often fails to
do so. Quocircas mission is to help organisations improve their success
rate in process enablement through better levels of understanding and
the adoption of the correct technologies at the correct time.
Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC
products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of
long term investment trends, providing invaluable information for the whole of the ITC community.
Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that
ITC holds for business. Quocircas clients include Oracle, Microsoft, IBM, O2, T -Mobile, HP, Xerox, EMC, Symantec
and Cisco, along with other large and medium-sized vendors, service providers and more specialist firms.
Details of Quocircas work and the services it offers can be found athttp://www.quocirca.com
Disclaimer:
This report has been written independently by Quocirca Ltd. During the preparation of this report, Quocirca has
used a number of sources for the information and views provided. Although Quocirca has attempted wherever
possible to validate the information received from each vendor, Quocirca cannot be held responsible for any errors
in information received in this manner.
Although Quocirca has taken what steps it can to ensure that the information provided in this report is true and
reflects real market conditions, Quocirca cannot take any responsibility for the ultimate reliability of the details
presented. Therefore, Quocirca expressly disclaims all warranties and claims as to the validity of the data presented
here, including any and all consequential losses incurred by any organisation or individual taking any action based
on such data and advice.
All brand and product names are recognised and acknowledged as trademarks or service marks of their respective
holders.
REPORT NOTE:This report has been writtenindependently by Quocirca Ltd
to provide an overview of theissues facing organisationsseeking to maximise theeffectiveness of todaysdynamic workforce.
The report draws on Quocircasextensive knowledge of thetechnology and businessarenas, and provides advice onthe approach that organisationsshould take to create a moreeffective and efficient
environment for future growth.
http://www.quocirca.com/http://www.quocirca.com/http://www.quocirca.com/http://www.quocirca.com/Top Related