Harnessing SIEM for More Effective Investigations

Presented by

Eric Knight, C|EH | Senior Knowledge Engineer | LogRhythm Inc

About this talk

Security Information/Event Management (SIEM) solutions are being installed by organizations around the world to identify increasingly complicated and frequent threats -- both external and internal. By establishing a well-constructed centralized security intelligence system that collects information from critical infrastructure, SIEMs offer visibility into the security and operational posture of an organizations IT environment. The security state is presented in real time using simple yet powerful dashboards that provide a launching point for investigations. This presentation is meant for those generally familiar with the concepts of SIEM technology that are looking for greater insight into the workings and challenges of deploying a SIEM. Half of this presentation is dedicated to describing the main components of a SIEM deployment and why they are important to handling data related to investigations. SIEMs have multiple logical and physical components that collect, categorize and reduce data into meaningful events to display on the dashboard while retaining the original log data for compliance and possible future use in investigations. Scalability is accomplished using specialized servers, collectors, and host-resident agents. Components that manage the information are also critical, as lost information, improperly collected data and logs that cannot be processed can hamper an investigation. The second half of the presentation will focus on the link between log sources and the SIEM architecture that is needed to provide 360 degree coverage to add greater investigation depth and assurance. Gleaning intelligence from a heterogeneous enterprise requires interaction between many seemingly unrelated log sources. Harnessing the value of log data from a heterogeneous blend of devices, applications and systems requires multiple techniques in both the deployment, tuning and use of SIEM technology.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (857)
Subscribers (47989)
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.