Correlating Real-Time Event Data with SIEM for Forensics and Incident Handling
As adversaries continue to advance their techniques and the speed at which they execute attacks, the importance of information in combatting these threats is increasingly self-evident. When IT departments are first notified of an intrusion, a security information and event management (SIEM) system is an indispensable tool for distinguishing normal behavior from the abnormal. But SIEM tools often lack the complete context required by an investigator who seeks to distinguish authorized exceptions to policy from actual attacks. Placing incidents in their proper context as they occur requires the fusion of information between endpoint management systems and SIEM systems. Additionally, investigators must be able to interrogate endpoints for detailed information about events, without waiting for the next reporting interval. In this webcast, we'll examine today's threat landscape and discuss how information fusion and real time endpoint interrogation can make the difference between success and failure.
Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the integration of real-time data with SIEM tools.
Click here to download the associated SANS whitepaper discussing the integration of real-time data with SIEM tools.
""
