Here's the premise that will change the face of network security, compliance, SIEM and IDP forever:
This started as a joke I made on Twitter a few weeks ago, but given the astounding popularity of Cloud-based zaniness currently, I'm going open source with my idea and monetize it in the form of a new startup called CloudCorrelator™.
Here's how it works:
- You configure all your network devices and your management consoles (aggregated or not) to point to a virtual machine that you install somewhere in your infrastructure. It's OVF compliant, so it will work with pretty much any platform.
- This VM accepts Syslog, SNMP, raw log formats, and/or XML and will take your streamed message bus inputs, package them up, encrypt them into something we call the SlipStream™, and forward them off to...
- ...the fantastic cloud-based service called CloudCorrelator™ (running on the ever-popular AWS platform) which normalizes the alerts and correlates them as any SIEM platform does providing all the normal features you'd expect, but in the cloud where storage, availability, security and infinite expandability is guaranteed! The CloudCorrelator™ is open source, of course.
This is where it gets fun...
- Based upon your policies the CloudCorrelator™ sanitizes your SlipStream™ feed and using the Twitter API will allow Twitter followers to cross-correlate seemingly random events globally, using actual human eyeballs to provide the heuristics and fuzzy logic analysis across domains.
Why bother sending your SlipStream™ to Twitter? Well, firstly you can use existing search tools to determine if anyone else is seeing similar traffic patterns across diverse networks. Take TwitterSearch for example. Better yet, use the TweetStat Cloud to map relevant cross-pollination of events.
That zero day just became a non-event.
I am accepting VC, press and alpha customer inquries immediately. The @VirtualSIEM Twitter feed should start showing SlipStream™ parses out of CloudCorrelator™ shortly.