Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.


To attend this webcast, login to your SANS Account or create your Account.

Correlating Real-Time Event Data with SIEM for Forensics and Incident Handling

  • Tuesday, October 08, 2013 at 1:00 PM EDT (2013-10-08 17:00:00 UTC)
  • Jacob Williams, Bret Lenmark


  • Mcafee LLC

You can now attend the webcast using your mobile device!



As adversaries continue to advance their techniques and the speed at which they execute attacks, the importance of information in combatting these threats is increasingly self-evident. When IT departments are first notified of an intrusion, a security information and event management (SIEM) system is an indispensable tool for distinguishing normal behavior from the abnormal. But SIEM tools often lack the complete context required by an investigator who seeks to distinguish authorized exceptions to policy from actual attacks. Placing incidents in their proper context as they occur requires the fusion of information between endpoint management systems and SIEM systems. Additionally, investigators must be able to interrogate endpoints for detailed information about events, without waiting for the next reporting interval. In this webcast, well examine todays threat landscape and discuss how information fusion and real time endpoint interrogation can make the difference between success and failure.

Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the integration of real-time data with SIEM tools.

Click here to download the associated SANS whitepaper discussing the integration of real-time data with SIEM tools.

Speaker Bios

Bret Lenmark

Bret is currently responsible for the positioning and messaging of McAfee's flagship security management product ePolicy Orchestrator. He is a 20-year veteran of field sales and product marketing, having worked at HP, Intel and Symantec before coming to McAfee.

Jacob Williams

Jacob Williams is a SANS Analyst, certified SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development, and digital counter-espionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud-data exfiltration and the tools and guidance to secure client data against sophisticated, persistent attack on-premises and in the cloud.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.