Choose from Eight InfoSec Courses at SANS Las Vegas 2018. Save $200 thru 12/27.

SANS 2018

Orlando, FL | Tue, Apr 3 - Tue, Apr 10, 2018
Event starts in 109 Days
 

Stuck in the Box, a SIEM's Tale

  • Justin Henderson
  • Wednesday, April 4th, 7:15pm - 8:15pm

Organizations often spend excessive amounts of money on SIEM products only to end up with a log collection box when they thought they purchased a tactical detection system. Most organizations find themselves with a SIEM but unsure how to use its capabilities. Point solutions are quick to defend deficiencies by stating each environment is different so you, the customer, must tell them what you want the SIEM to do and then they'll help with professional services or by replacing your current SIEM with something "better and more advanced." This is complete hogwash. Organizations tend to have a lot of overlap such as the use of Windows systems or network protocols such as DNS. As such there are high fidelity detects that can be implemented in every organization.

Enough is enough. If you are looking for techniques and methods to get value out of your current SIEM or are interested in seeing how a new open source big data solution such as the Elastic Stack, formerly ELK, most likely can beat what you have today then this talk is for you. Fact is that it is time to think outside the box. Come find out how one organization spent fourteen months deploying a top magic quadrant SIEM solution to have it beaten by ELK in two weeks.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Tuesday, April 3
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Tuesday, April 3rd, 8:00am - 8:30am Special Events
Threat Hunting via Windows Event Logs Eric Conrad Tuesday, April 3rd, 7:15pm - 9:15pm Keynote
Wednesday, April 4
Session Speaker Time Type
Stuck in the Box, a SIEM's Tale Justin Henderson Wednesday, April 4th, 7:15pm - 8:15pm SANS@Night
Infosec Rock Star: Geek Will Only Get You So Far Ted Demopoulos Wednesday, April 4th, 7:15pm - 8:15pm SANS@Night
Malware Vaccination: Its Potential and Limitations Lenny Zeltser Wednesday, April 4th, 7:15pm - 8:15pm SANS@Night
Hacking Dumberly, Just Like the Bad Guys Tim Medin and Derek Banks Wednesday, April 4th, 7:15pm - 8:15pm SANS@Night
So, You Wanna be a Pentester? Adrien de Beaupre Wednesday, April 4th, 8:15pm - 9:15pm SANS@Night
Let's Go Hunting Bad Guys John Strand Wednesday, April 4th, 8:15pm - 9:15pm SANS@Night
Secure DevOps: A Puma's Tail Aaron Cure Wednesday, April 4th, 8:15pm - 9:15pm SANS@Night
Thursday, April 5
Session Speaker Time Type
The 14 Absolute Truths of Security Keith Palmgren Thursday, April 5th, 7:15pm - 8:15pm SANS@Night
Defeating Advanced Adversaries - Dismantling their attacks one step at a time Erik Van Buggenhout Thursday, April 5th, 7:15pm - 8:15pm SANS@Night
An Evening of Hacking the Internet of Things (IoT) James Lyne, Stephen Sims, Jim Shewmaker, and Guests Thursday, April 5th, 7:15pm - 10:00pm Special Events
The Seven Deadly Sins of Incident Response Jake Williams Thursday, April 5th, 8:15pm - 9:15pm SANS@Night
Three Keys for SecDevOps Success Frank Kim Thursday, April 5th, 8:15pm - 9:15pm SANS@Night
Saturday, April 7
Session Speaker Time Type
Speaking to the Board on Cybersecurity Lance Spitzner Saturday, April 7th, 7:15pm - 8:15pm SANS@Night
Securing Your Kids Lance Spitzner Saturday, April 7th, 8:15pm - 9:15pm SANS@Night