Analysis Paralysis: Billions of Logs to Incidents That Matter

Presented by

Tony Merritt, SecureWorks Managing Principal

About this talk

Most enterprise organizations have set up a security model that includes a first layer of security event management, responsible for capturing of logs, notification, filtering and some level of correlation. However, with the escalating number of users and logs from more and more devices, making sense of the noise and translating them into incidents that matter can be a daunting task. In this webcast, Tony Merritt, SecureWorks Managing Principal, will cover how to leverage logs and tactics to integrate the proper incident response. Topics covered include: • Sensing: The challenge of ever increasing in-bound noise and priorities • Improving Sensing: What logs and events matter? How do you ensure you have visibility? • Sense Making: Not all logs are created equal. The importance of correlation, business context, rules and use cases to determine if the incident matters. • Decisions Making: An event has passed a threshold of incident viability. How do you connect logs and tactics into actionable response?

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (83)
Subscribers (14651)
Secureworks® (NASDAQ: SCWX) a global cybersecurity leader, enables our customers and partners to outpace and outmaneuver adversaries with more precision, so they can rapidly adapt and respond to market forces to meet their business needs. With a unique combination of cloud-native, SaaS security platform and intelligence-driven security solutions, informed by 20+ years of threat intelligence and research, no other security platform is grounded and informed with this much real-world experience. www.secureworks.com