Stop The Madness!

This March watch the games while we watch your SIEM.

March Madness, that one time of year when casual college basketball fans pretend to become expert bracketologists.  Where else can you find the sleep deprived and bleary-eyed fumbling about for coffee and any other stimulant to justify staying up until 2AM to watch the end of a basketball game?  The answer?  In information security. 

Case in point; last Sunday, while Oregon and St. Josephs were playing, one of our client’s HP ArcSight ESM environments had a significant issue.  At 11:45PM EDT, their ESM started slowing down, but did not crash.  Within 30 seconds of this event, ThetaPoint was alerted and 4 minutes after that one of our Senior Security Engineer’s was actively working this issue.  At the client site, the after hours SOC team notices that their Active Channels are running very slowly but have not yet realized that those same Active Channels have stopped returning data.  Within 2 minutes of the engineer taking the alert, the root cause was identified and remediation steps were taken.  Three minutes later all services were back online and the afterhours SOC operations team continues on without ever knowing that there was a problem.  For those of you doing the math, that is a total of 10 minutes for an MTTR, and all before the client actually knew that there was a serious issue.

Most organizations struggle with the care and feeding of their SIEMs.  In some instances, it is because the original justification and design for that SIEM was regulatory compliance but now it is being used for other needs.  Other times, the organization just does not have the skillsets/resources required to run the SIEM, or underestimated the amount of time and energy required to effectively run it.  The reality is, we need to stop this madness!

Basketball players spend the entire off-season working out, eating properly, and preparing themselves mentally for the madness that is the NCAA Basketball Tournament.  However, they do not do it alone, they rely on coaches, nutritionists, psychologists, massage therapists and personal trainers to help them achieve peak performance.

Your SIEM is no different.  If you want it to achieve peak performance (AKA Maximum ROI), you should rely on the experts to help you.  At ThetaPoint, we pride ourselves on our expertise in your SIEM.  And, as the above instance outlined, we identify and resolve problems quickly end efficiently, many times before the client even realizes that there is a problem with our global 7×24 monitoring.

So while you are watching the Sweet 16 and Elite 8 this weekend, think about having the experts at ThetaPoint watch your SIEM and get it performing in tip-top shape.  Because nobody likes to be awakened for this the middle of the night, unless of course you are a ThetaPoint Senior Systems Engineer!

About ThetaPoint, Inc.

ThetaPoint is a leading provider of strategic consulting and managed security services.  We help clients plan, build and run successful SIEM and Log Management platforms and work with the leading technology providers to properly align capabilities to clients needs.  Recognized for our unique technical experience, in addition to our ability to quickly and rapidly solve complex customer challenges, ThetaPoint partners with some of the largest and most demanding clients in the commercial and public sector.  For more information, visit or follow us on Twitter or Linked-In

No Comments

Leave a Comment