Correlating Real-Time Event Data with SIEM for Forensics and Incident Handling
- Tuesday, October 08 at 1:00 PM EDT (17:00:00 UTC)
- Jacob Williams, SANS Analyst, and Bret Lenmark, McAfee
You can now attend the webinar using your mobile device!
As adversaries continue to advance their techniques and the speed at which they execute attacks, the importance of information in combatting these threats is increasingly self-evident. When IT departments are first notified of an intrusion, a security information and event management (SIEM) system is an indispensable tool for distinguishing normal behavior from the abnormal. But SIEM tools often lack the complete context required by an investigator who seeks to distinguish authorized exceptions to policy from actual attacks. Placing incidents in their proper context as they occur requires the fusion of information between endpoint management systems and SIEM systems. Additionally, investigators must be able to interrogate endpoints for detailed information about events, without waiting for the next reporting interval. In this webcast, well examine todays threat landscape and discuss how information fusion and real time endpoint interrogation can make the difference between success and failure.
Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the integration of real-time data with SIEM tools.
Click here to download the associated SANS whitepaper discussing the integration of real-time data with SIEM tools.
Bret is currently responsible for the positioning and messaging of McAfee's flagship security management product ePolicy Orchestrator. He is a 20-year veteran of field sales and product marketing, having worked at HP, Intel and Symantec before coming to McAfee.
Jake Williams is the chief scientist at CSRgroup computer security consultants and has more than a decade of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Before joining CSRgroup, he worked with various government agencies in information security roles. Jake is a two-time victor at the annual DC3 Digital Forensics Challenge and a SANS course author and certified instructor.