WEBCASTING
  |  
Presenting a webcast?
 

Harnessing SIEM for More Effective Investigations

Security Information/Event Management (SIEM) solutions are being installed by organizations around the world to identify increasingly complicated and frequent threats -- both external and internal. By establishing a well-constructed centralized security intelligence system that collects information from critical infrastructure, SIEMs offer visibility into the security and operational posture of an organizations IT environment. The security state is presented in real time using simple yet powerful dashboards that provide a launching point for investigations. This presentation is meant for those generally familiar with the concepts of SIEM technology that are looking for greater insight into the workings and challenges of deploying a SIEM. Half of this presentation is dedicated to describing the main components of a SIEM deployment and why they are important to handling data related to investigations. SIEMs have multiple logical and physical components that collect, categorize and reduce data into meaningful events to display on the dashboard while retaining the original log data for compliance and possible future use in investigations. Scalability is accomplished using specialized servers, collectors, and host-resident agents. Components that manage the information are also critical, as lost information, improperly collected data and logs that cannot be processed can hamper an investigation. The second half of the presentation will focus on the link between log sources and the SIEM architecture that is needed to provide 360 degree coverage to add greater investigation depth and assurance. Gleaning intelligence from a heterogeneous enterprise requires interaction between many seemingly unrelated log sources. Harnessing the value of log data from a heterogeneous blend of devices, applications and systems requires multiple techniques in both the deployment, tuning and use of SIEM technology.

Presenter

Eric Knight, C|EH | Senior Knowledge Engineer | LogRhythm Inc

Tags

Click below for related webcasts. ,

Start Date Time

Jun 04 2009

Channel

EC-Council | Security Channel

Flash is required to view this webcast/channel:
You need version 9.0.115.0 or later of the free Flash player from Adobe to use this content.
To download and install the free player from Adobe's web site click here.