Defeating the Insider Threats with SIEM

Brian Albrecht, MIS, CISSP | LogRhythm Inc
To combat increasingly sophisticated and frequent security threats from insiders and outsiders, organizations the world over are deploying Security Information/Event Management (SIEM) solutions By providing a centralized security intelligence gathering system that spans an enterprise’s critical infrastructure, SIEMs can offer deep visibility into suspicious activity and latent operational problems.

This presentation is designed for individuals who are generally familiar with the concepts of SIEM technology, but are looking to improve their understanding and skills for detecting and defeating insider threats.

This session will:

- Cover the main components of a SIEM deployment and explain the role each plays in gathering the data required for investigations.

- Explain how to utilize SIEM technology to detect and eliminate insider threats

- Demonstrate how to use SIEM technology to monitor insider activity including network utilization, web surfing, and data leakage, and changes made to critical files
Aug 26 2009
48 mins
Defeating the Insider Threats with SIEM
SIEM Insider Threats
More from this community:

Cloud Computing

  • Live and recorded (4528)
  • Upcoming (92)
  • Date
  • Rating
  • Views
  • Channel
  • Channel profile
  • 2015 Cyberthreat Defense Report May 26 2015 5:00 pm UTC 45 mins
    Steve Piper, CEO, CyberEdge and Hal Lonas, CTO, Webroot
    This presentation provides key findings from the 2015 Cyberthreat Defense Report from the analyst firm CyberEdge. Based on a survey of IT security decision makers and practitioners across North America and Europe, the report examines the current and planned deployment of security measures, including the use of threat intelligence. It also provides developers of IT security technologies and products with answers they need to better align their solutions with the concerns and requirements of end users.
  • Large Scale, High Performance Visibility Plane for Cloud and Web Service Recorded: May 21 2015 48 mins
    Gordon Beith, Director of Product Management
    This webinar will describe the challenges faced by cloud and web service providers when attempting to monitor, manage, and troubleshoot across large data centers and networks, whether fully owned or hosted. It will describe the benefits of using a unified visibility plane as the solution to address these challenges, in a cost-effective and streamlined manner, whether it is for security, performance, and/or troubleshooting purposes.
  • Preventing Threats using Machine Learning, Contextualization and Predictability Recorded: May 21 2015 36 mins
    David Dufour, Senior Director of Security Architecture, Webroot
    With the rapidly accelerating nature of attacks on network infrastructure and software systems approaches such as static block lists, manual policy configurations and other current prevention techniques have become outdated. Through the use of distributed computing, contextualization and machine learning it is possible to build tools that analyze data across multiple threat vectors allowing for the development of predictive algorithms and a greater understanding of an organizations threat landscape. We will walk through common machine learning techniques, discuss contextualization, how predictive logic works and see a demonstration of contextualized threat intelligence.
  • How Fraudsters Steal Identities Recorded: May 21 2015 53 mins
    Fred Crawley, Managing Editor, Credit Today and David Pope, Marketing Director, Jumio
    This webinar will explore the methods criminals use to perpetrate fraud and steal identities and what you can do to secure your business without taking a hit on transaction completion and revenue.

    We'll cover:

    1. The common approaches used in identity theft and how they apply to e-commerce.

    - the coffee shop wifi hack
    - the local government census
    - social media techniques
    - the offer you can't refuse
    - the catchers supermarkets

    2. Firsthand research from the Jumio team and what they uncovered when they interviewed convicted ex-fraudsters, professional criminologists, law enforcement practitioners and fraud managers to uncover some of the exploits that fraudsters use.
  • Ponemon Institute: The Cost of Time To Identify & Contain Advanced Threats Recorded: May 21 2015 57 mins
    Dr. Larry Ponemon, Ponemon Institute + Arabella Hallawell, VP of Corporate Strategy, Arbor Networks
    The purpose of our study was to better understand the cyber-security challenges facing financial services enterprises as well as both conventional and Internet retail companies.

    Attend this webinar to learn:
    - The state of ATs and DDoS attacks in the two verticals
    - How companies deal with advanced threats and denial of service attacks
    -Industry differences: financial services vs. retail companies
  • Data Sovereignty and the Cloud Recorded: May 21 2015 48 mins
    Holger Mueller, VP & Principal Analyst, Constellation Research and Todd Partridge, Director of Product Marketing, Intralinks
    Cloud computing has broken down traditional geographic borders, and defining data ‘location’ has become more complex. Global enterprises embracing the cloud must deal with the compliance and risk challenges that arise when information is distributed across multiple physical, logical, and legal locations.

    Join our guest Holger Mueller, Vice President and Principal Analyst, Constellation Research, and Todd Partridge, Product Marketing Director, as they explore the challenges of information governance in the cloud:

    - The critical emerging topic of data sovereignty and jurisdiction
    - How governments are responding in different ways to the questions of data privacy and ownership
    - What organizations must do to address the varying requirements and regulatory environments
  • Data Security: 3 Ways to Protect Your Company from the Inside Out Recorded: May 20 2015 42 mins
    Guest Speaker: Chris Berube, Director of IT at Law Offices of Joe Bornstein
    There seems to be news of a major data breach in the headlines almost every week. Conventional wisdom suggests that securing the network and perimeter of an IT environment should be enough to protect a company from a breach – but what if that breach originates internally? How can a situation like this be averted? Today companies need to protect themselves from the inside out by first recognizing which of their data is sensitive and then ensuring that it’s properly secured.

    Join us and learn how Chris Berube, Director of IT at Law Offices of Joe Bornstein, has rethought information security in order to protect his company from the inside out.

    We’ll discuss how to:
    1.Identify files which contain sensitive information
    2.Audit user files to track suspicious activities
    3.Monitor proactively when secured data has been moved to public shares
  • Leveraging Next-Gen SIEM For Security Intelligence: A Buyer’s Perspective Recorded: May 19 2015 47 mins
    Paul Lynch, Director of Data Security & Networks, American Board of Internal Medicine
    Chartered with securing both the PII of over 250,000 physicians and a vast amount of highly valued intellectual property amidst a rapidly evolving threat landscape, Paul Lynch, Director of Data Security and Networks at the American Board of Internal Medicine (ABIM), recognized the need to move beyond a traditional SIEM, and employ a more holistic approach to Security Intelligence.

    In this CISO Executive Network webinar, Mr. Lynch will share with you the path he took to go from defining ABIM’s core security intelligence requirements to making his ultimate selection. The path included establishing a detailed score card for evaluating various SIEM solutions, moving from eight vendors’ to a short list of four, then testing and ultimately selecting a unified platform for ABIM.

    Whether you have an existing SIEM platform and are overwhelmed by its complexity, inadequate visibility to today’s advance threats or the manpower required to manage it, or you’re considering deploying SIEM for the first time, you’ll benefit greatly by joining us for this webinar.

    Key themes to be covered include:
    • SIEM for Security vs. IT Operations – understanding and prioritizing your options
    • Establishing a score card to evaluate vendors and solutions
    • How to leveraging market research and outside perspectives to inform your decision
    • Considering total cost of ownership (price, deployment, implementation, usability, management)
  • IDS for Security Analysts: How to Get Actionable Insights from your IDS Recorded: May 19 2015 59 mins
    Joe Schreiber, AlienVault; Grant Leonard, Castra Consulting; Tony Simone, Castra Consulting
    The fun with IDS doesn't stop after installation, in fact, that's really where the fun starts. Join our panel of IDS experts for an educational discussion that will help you make sense of your IDS data, starting from Day 1. We will discuss signature manipulation, event output, and the three "P's" - policy, procedure and process. We won't stop there either! You'll find out the meaning behind the terms all the cool kids are using like "False Positives" and "Baselining". We'll round it out with more information about how IDS interacts with the rest of your IT applications and infrastructure. If you installed an IDS and are wondering what to do next then signup now!Asset Discovery - creating an inventory of running instances
    Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks
    Change Management - detect changes in your AWS environment and insecure network access control configurations
    S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance
    CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior
    Windows Event Monitoring - Analyze system level behavior to detect advanced threats
    We'll finish up with a demo of AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.
  • Key Security Insights: Examining 2014 to predict what's coming in 2015 Recorded: May 14 2015 52 mins
    Ken Dang, Product Marketing Manager, Dell Security
    It’s clear that cyber-crimes are alive and well on the global stage and will only continue to be pervasive as long as organizations prolong taking the necessary defense measures to stop threats from slipping through the cracks. In this Dell Security Annual Threat webcast, we’ll present the most common attacks Dell SonicWALL observed in 2014 and the ways we expect emergent threats to affect small and medium businesses, as well as large enterprises, throughout 2015. Our goal is not to frighten, but to inform and provide organizations of all sizes with practical advice that will help them adjust their practices to more effectively prepare for and prevent attacks, even from threat sources that have yet to emerge.
  • Cloud Access Security—Keep Sensitive Data Safe and Compliant in the Cloud Recorded: May 14 2015 48 mins
    Albert Biketi, VP and general manager of HP Atalla and HP Security Voltage
    The exploding use of cloud applications like Office 365, Google Apps, and SalesForce CRM is giving enterprises unprecedented agility. But it also brings new challenges in ensuring data security and demonstrating compliance. In this webinar HP Atalla shows why many enterprises are turning to HP Cloud Access Security Protection platform to protect sensitive data in SaaS cloud deployments.
  • Do You Even CISO? Recorded: May 14 2015 48 mins
    Eric Cowperthwaite, VP of Advanced Security and Strategy and Mike Boyd - CISO, Providence Health & Services
    Being a CISO (Chief Information Security Officer) is hard. Endless responsibilities, never ending demands, restless nights’ sleep, and always playing catchup. Come hear a current and former CISO tell stories of some of their more interesting experiences, challenges, successes and complete failures.
  • The Factors & Technologies that Drive Data Security Confidence in UK Firms Recorded: May 14 2015 60 mins
    Bob Tarzey, Analyst and Director, Quocirca
    What are the factors and technologies that engender UK Firms with the highest levels of confidence in their data security measures?

    Attend this webinar with Bob Tarzey, Analyst and Director at Quocirca, as he reviews new research that examines:

    - The confidence levels amongst UK businesses about the security of their sensitive business data
    - The three key factors that drive the highest confidence levels
    - The security technologies that help deliver these high confidence level - with the specific technologies that enable the management of complex information supply chains
    - The measures firms at the bleeding edge take to make sharing data in the cloud more secure
  • Security Ratings by the Numbers: Taking Mountains of Data to Create Risk Metrics Recorded: May 13 2015 38 mins
    Mike Woodward, Program Director of Data, BitSight
    Every day BitSight processes and synthesizes tens of billions of events into easy-to-understand, high-quality security ratings. These ratings empower organizations to confidently assess and manage their security performance and that of peers, vendors, insureds, and acquisition targets.

    Join Mike Woodward, BitSight’s Program Director of Data, to learn how the data scientists and researchers at BitSight collect, analyze, and process all of this data to produce actionable and insightful Security Ratings.

    Attendees will also learn:

    How BitSight calculates ratings using a wide variety of risk vectors including security events, diligence factors and user behaviors

    The importance of comprehensive network footprint maps in producing industry standard security ratings

    Why monitoring performance over time can be beneficial for identifying trends and new risk indicators

    The ways customers are using Security Ratings to manage third party risk, benchmark security performance, assess and negotiate cyber insurance premiums, and remediate security risk involved in mergers and acquisitions.
  • Five Approaches to Increase Visibility and Control in Modern Data Center Network Recorded: May 13 2015 49 mins
    Warren Wu, Sr Director, Product Marketing, Data Center
    Data centers are rapidly consolidating infrastructure for greater efficiency, while evolving to deliver greater agility and scale for the business. At the same time, advanced threats are breaching the perimeter and roaming freely, putting more data at risk. In this webinar we compare five different architectures for pushing security from the edge deeper into the network, and review the corresponding requirements for network security solutions to properly secure next-generation data centers, cloud, and software-defined networking (SDN) environments.
  • Selecting a SIEM: Experiences from the Trenches Recorded: May 13 2015 55 mins
    Justin Everett: Williams Companies Dave Wiseman: Saint Luke's Health System.VP and Chief Information Security Officer:
    Today’s cyber threat landscape demands a fresh look at security intelligence. Whether you have a first generation SIEM (e.g., ArcSight, enVision, Q1 Labs, etc.) in place today and are concerned about blind spots or are overwhelmed by its complexity, or you’re considering deploying a SIEM for the first time, this panel discussion will give you practical insights from SIEM veterans that will help you refine your security intelligence strategy.

    Watch a moderated panel discussion featuring security experts who will discuss:

    -Cyber security dynamics fueling the need for improved Security Intelligence
    -Visibility and functional gaps to be aware of in first generation SIEMs
    -Selecting a SIEM: Key considerations and requirements
    -Migration considerations when moving to a new SIEM
    -Assessing the staffing requirements for a new SIEM deployment

    Justin Everett: Security Analyst, Williams Companies
    Dave Wiseman: Director of Information Security, Saint Luke's Health System
    VP and Chief Information Security Officer, Fortune 500 Healthcare Services Company"
  • Dynamic IAM: Adaptive Risk-based Access to Web Apps and Data Recorded: May 13 2015 43 mins
    Richard Walters, General Manager & VP of IAM, Intermedia
    Alongside the increased adoption of cloud and mobility technologies in the enterprise environment, there is a general expectation to have 24x7 access to web applications and data from personal and company-owned mobile devices and from any location. During this webinar, we’ll show you how to implement a new approach to identity and access management that’s device and location aware.

    We’ll cover:

     How to addresses the authentication and authorization management challenges associated with the way people work today.

     How to enable cloud adoption with more flexible policies to automatically adapt and securely respond to changes in user types and behaviour.

     How to automate the selection and changing of passwords that’s long, strong and unique across all accounts.
  • From Complex to Chaotic: How Cloud Computing is Complicating NW Security Recorded: May 13 2015 48 mins
    Jon Oltsik, Sr. Principal Analyst, Enterprise Strategy Group & Reuven Harrison, CTO & Co-Founder, Tufin
    New IT initiatives (like cloud computing) are making network security operations increasingly difficult. In spite of heroic efforts by the security team, network security operations issues are fast approaching a breaking point with teams struggling to keep up as organizations increase their use of hybrid (public & private) cloud.

    In this 45 minute webinar, you'll learn about the current network security operations transition, the challenges accompanying it and how to overcome these challenges.
  • Copyright Regime vs. Civil Liberties Recorded: May 13 2015 47 mins
    Rick Falkvinge, Founder of the Swedish and first Pirate Party
    The copyright monopoly debate has gotten exactly nowhere since the
    days of Napster. There's still a copyright industry that insists on
    control of the net in the name of lost profits. But what does this do
    to the net? More to the point, why are we letting a literal cartoon
    industry have any say at all in regulation of our most important piece
    of infrastructure?

    In this presentation, Rick Falkvinge, founder of the Swedish and first
    Pirate Party, examines how the entire copyright industry position is a
    red herring, which is (or should be) completely irrelevant to
    policymaking on net issues. He brings up the concept of Analog
    Equivalent Rights, and painfully points out that some of the most
    crucial civil liberties of our parents are currently not being passed
    on to our children, because doing so would interfere with profits of
    entertainment companies.

    There's nothing wrong with profit as such. But no entrepreneur should
    get to dismantle civil liberties just because they can't make money
  • New Thinking About Identity Management Recorded: May 12 2015 60 mins
    Penny Crossman, Banking Technology News, Stephen Lange Ranzini, University Bank, Thomas Hardjono
    From massive security breaches to redundant entering of information to the privacy concerns raised by data brokers, it is clear that today's identity infrastructure is ill-suited for the digital age.

    How can identity management be retooled to serve the (sometimes conflicting) imperatives of security, privacy, convenience and compliance?

    Hear from FinTech industry experts from American Banker and learn:
    - What it will take to cross the digital chasm 
    - What role can and should financial service providers play in the transformation

    Find out how to retool your identity management by registering for this live webinar.
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Defeating the Insider Threats with SIEM
  • Live at: Aug 26 2009 2:00 pm
  • Presented by: Brian Albrecht, MIS, CISSP | LogRhythm Inc
  • From:
Your email has been sent.
or close
You must be logged in to email this