Correlating Real-Time Event Data with SIEM for Forensics and Incident Handling
- Tuesday, October 8th, 2013 at 1:00 PM EDT (17:00:00 UTC)
- Jacob Williams, SANS Analyst, and Bret Lenmark, McAfee
You can now attend the webcast using your mobile device!
As adversaries continue to advance their techniques and the speed at which they execute attacks, the importance of information in combatting these threats is increasingly self-evident. When IT departments are first notified of an intrusion, a security information and event management (SIEM) system is an indispensable tool for distinguishing normal behavior from the abnormal. But SIEM tools often lack the complete context required by an investigator who seeks to distinguish authorized exceptions to policy from actual attacks. Placing incidents in their proper context as they occur requires the fusion of information between endpoint management systems and SIEM systems. Additionally, investigators must be able to interrogate endpoints for detailed information about events, without waiting for the next reporting interval. In this webcast, well examine todays threat landscape and discuss how information fusion and real time endpoint interrogation can make the difference between success and failure.
Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the integration of real-time data with SIEM tools.
Click here to download the associated SANS whitepaper discussing the integration of real-time data with SIEM tools.
Bret is currently responsible for the positioning and messaging of McAfee's flagship security management product ePolicy Orchestrator. He is a 20-year veteran of field sales and product marketing, having worked at HP, Intel and Symantec before coming to McAfee.
Jacob Williams is a SANS Analyst, certified SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development, and digital counter-espionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud-data exfiltration and the tools and guidance to secure client data against sophisticated, persistent attack on-premises and in the cloud.