For those of us that didn’t know: SIEM = security information and event management. Things like analyzing security logs, failed logins, audits, and much more, I’m sure.
Thanks! That expansion should really be at the very beginning of the GitHub README, and as early as possible on the runpanther.io page. Don't drive away potential customers who don't know your magic phrase.
For what it's worth, the target market for this will all know what SIEM means, and anyone who doesn't know what SIEM means isn't the target market. To a certain extent if you explain what it stands for you might have to explain what it's for and then how to use it... that's probably just beyond the scope of what they intend in the README.
Okay, you're clearly not a marketer, but maybe try to think like one for a moment.
What you've said, in effect, is, "Gee, someone came to the site with some interest (say, from a Hacker News link) but no idea what this secret sauce is. Screw 'em! Gem them out of here!"
Alternatively, if you give them an idea of what they're looking at (and no, I don't think you have to drill down to every tiny detail on the front page), maybe they'll realize, "Hey, that's something I should at least look into."
They shouldn’t look into it though, is the point. He’s not being elitist or gatekeeping. He’s saying that because managing a SIEM is going to be a huge waste of resources for anyone but a dedicated incident response team.
I suspect that a layperson, they might be getting the impression that this will alert them to security incidents. It will not really do that. It is not an intrusion detection system (which also are not very useful, but I digress). It will be 99.9999999% noise, and an experienced team will have a sense of what they should bother paying attention to, and still spend most of their time chasing dead ends.
It would be like if someone announced the release of a compiler, without explaining what a compiler is. Someone might reasonably say, if you don’t know what a compiler is, this isn’t solving a problem that you’re worried about.
I doubt that’s true. There are plenty of people who would like to improve their cloud security but find the tooling very inaccessible. Particularly in small teams which the blog says is a target market.
He’s not wrong, and because of all the snake oil in the security industry, it’s kind of important to point this out and set realistic expectations for investing in these kinds of products. This won’t improve your security. An incident response team will (well, maybe). It’s a tool for incident response teams. It is a money pit to anyone else - even if it’s “free”.
Looking through Panther, I think many of the cloud security tools are useful for the standard cloud engineer. Many of the features I've seen small companies build by hand - usually poorly. And if the autoremediation works as advertised, this tool would drastically simplify some common pain-points (i.e. we all know the practices to avoid, but hooking up the infrastructure to detect and fix it is a time-consuming PITA).
Even if you're too small to have an incident response team, if you work on the cloud, you need to prevent these common security issues. I can't imagine using a tool built for the purpose is more of a money pit than writing it yourself as many cloud engineers end up doing.
https://en.wikipedia.org/wiki/Security_information_and_event...