Register now for SANS Cyber Defense Initiative 2016 and save $400.

Webcasts

Correlating Real-Time Event Data with SIEM for Forensics and Incident Handling

You may experience difficulty playing videos on devices running iOS 10. We are working to resolve the issue. We advise using iOS 9 or a non-iOS supported device to play videos.

  • Tuesday, October 8th, 2013 at 1:00 PM (13:00:00 EDT/US Eastern)
  • Jacob Williams, SANS Analyst, and Bret Lenmark, McAfee
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Intel Security

You can now attend the webcast using your mobile device!

Overview

As adversaries continue to advance their techniques and the speed at which they execute attacks, the importance of information in combatting these threats is increasingly self-evident. When IT departments are first notified of an intrusion, a security information and event management (SIEM) system is an indispensable tool for distinguishing normal behavior from the abnormal. But SIEM tools often lack the complete context required by an investigator who seeks to distinguish authorized exceptions to policy from actual attacks. Placing incidents in their proper context as they occur requires the fusion of information between endpoint management systems and SIEM systems. Additionally, investigators must be able to interrogate endpoints for detailed information about events, without waiting for the next reporting interval. In this webcast, well examine todays threat landscape and discuss how information fusion and real time endpoint interrogation can make the difference between success and failure.

Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the integration of real-time data with SIEM tools.

Click here to download the associated SANS whitepaper discussing the integration of real-time data with SIEM tools.

Speaker Bios

Bret Lenmark

Bret is currently responsible for the positioning and messaging of McAfee's flagship security management product ePolicy Orchestrator. He is a 20-year veteran of field sales and product marketing, having worked at HP, Intel and Symantec before coming to McAfee.


Jacob Williams

Jacob Williams is a SANS Analyst, certified SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development, and digital counter-espionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud-data exfiltration and the tools and guidance to secure client data against sophisticated, persistent attack on-premises and in the cloud.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.