Brian Albrecht, MIS, CISSP | LogRhythm Inc
To combat increasingly sophisticated and frequent security threats from insiders and outsiders, organizations the world over are deploying Security Information/Event Management (SIEM) solutions By providing a centralized security intelligence gathering system that spans an enterprise’s critical infrastructure, SIEMs can offer deep visibility into suspicious activity and latent operational problems.
This presentation is designed for individuals who are generally familiar with the concepts of SIEM technology, but are looking to improve their understanding and skills for detecting and defeating insider threats.
This session will:
- Cover the main components of a SIEM deployment and explain the role each plays in gathering the data required for investigations.
- Explain how to utilize SIEM technology to detect and eliminate insider threats
- Demonstrate how to use SIEM technology to monitor insider activity including network utilization, web surfing, and data leakage, and changes made to critical files