Hi [[ session.user.profile.firstName ]]

Harnessing SIEM for More Effective Investigations

Security Information/Event Management (SIEM) solutions are being installed by organizations around the world to identify increasingly complicated and frequent threats -- both external and internal. By establishing a well-constructed centralized security intelligence system that collects information from critical infrastructure, SIEMs offer visibility into the security and operational posture of an organizations IT environment. The security state is presented in real time using simple yet powerful dashboards that provide a launching point for investigations.

This presentation is meant for those generally familiar with the concepts of SIEM technology that are looking for greater insight into the workings and challenges of deploying a SIEM.

Half of this presentation is dedicated to describing the main components of a SIEM deployment and why they are important to handling data related to investigations. SIEMs have multiple logical and physical components that collect, categorize and reduce data into meaningful events to display on the dashboard while retaining the original log data for compliance and possible future use in investigations. Scalability is accomplished using specialized servers, collectors, and host-resident agents. Components that manage the information are also critical, as lost information, improperly collected data and logs that cannot be processed can hamper an investigation.

The second half of the presentation will focus on the link between log sources and the SIEM architecture that is needed to provide 360 degree coverage to add greater investigation depth and assurance. Gleaning intelligence from a heterogeneous enterprise requires interaction between many seemingly unrelated log sources. Harnessing the value of log data from a heterogeneous blend of devices, applications and systems requires multiple techniques in both the deployment, tuning and use of SIEM technology.
Recorded Jun 4 2009 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Eric Knight, C|EH | Senior Knowledge Engineer | LogRhythm Inc
Presentation preview: Harnessing SIEM for More Effective Investigations

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Life on the Front Lines - Staying Sane in the SOC Sep 16 2020 4:00 pm UTC 60 mins
    Diana Kelley, Microsoft
    Join this episode of The (Security) Balancing Act for an insider's view of life on the front lines of cybersecurity. This panel will look into what it's like to work in and manage a Security Operations Center (SOC), as well as share best practices for keeping your team of front-line defenders sane, empowered and happy, and your organization secure.

    - What kind of people are best suited for work in a SOC?
    - What kind of training / certifications / skills are needed to be successful?
    - How to handle alert fatigue and analyst overload?
    - Is automation (ML & AI) the answer?
    - What do you do when IOCs aren't enough?
    - Hunters vs. responders, what's the difference?
    - How the pandemic is impacting security operations?
    - Building a healthy team culture and managing self-care in the age of breaches
    - What's needed to make life easier for these front-line cyber defenders

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Hacking The Election: The Human Side [Part 2] Aug 28 2020 4:00 pm UTC 60 mins
    David Morris | Barak Engel
    Please join us for a special 2020 Hacking The Election episode where we will go beyond the traditional bits and bytes of hacking the upcoming election.

    In this episode we will explore the other side of Hacking The Election; the Human side, covering such topics as:

    - Manipulating the electorate
    - Seeding mistrust in the election process and results among the voters
    - Fermenting anger and disenfranchisement
    - Polarizing the electorate

    A soft preview of what's to come in the November election.

    - Barak Engel, Founder and Chief Geek, EAmmune
    - Other panelists TBA

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Hacking The Election: The Human Side [Part 1] Aug 20 2020 4:00 pm UTC 60 mins
    David Morris | Lee Imrey | Midori Connolly | Lance James
    In the age of data collection and targeting by the campaigns, what can we learn from Gen Z? When it comes to data sharing, privacy and security awareness, what has changed in the population mindset since 2016? Are the lessons from the Cambridge Analytica scandal still applicable today? A soft preview of what's to come in the November election.

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Supply Chain Security Aug 18 2020 4:00 pm UTC 60 mins
    Diana Kelley | Kiersten Todt | Nick Charpentier
    According to new research from Risk Ledger, 60% of security breaches originate in the organization's supply chain; including third party vendors and applications. No matter what business an organization is in, supply chain security and resilience must be factored into business planning to ensure secure, ongoing operations even during times of crisis and disruption.

    Join this panel to learn more about:
    - Types of supply chains (hardware, software, services)
    - Common vulnerabilities in the supply chain
    - Assessing where your security gaps lie and addressing the risk
    - Impact of the COVID-19 pandemic on supply chain security
    - Recommendations for improving security in your supply chain and your risk management program
    - Benefits of Supply Chain Risk Management (SCRM)
    - What is the Cybersecurity Maturity Model (CMM), and how it can improve supply chain security
    - Solutions and approaches that can improve supply chain security

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Top Threats Campaigns are Facing and How to Address Them Recorded: Jul 22 2020 60 mins
    David Morris | Mick Baccio | Frank Snyder | Lance James
    As the 2020 U.S. presidential election draws near, let's take a look at the top cyber threats campaigns are facing this election cycle and what can be done to address them.

    The lessons can easily be applied to the private sector and enable organizations to take steps toward better security.

    Join this panel to ask your questions and learn more about:
    - Domain spoofing
    - Email threats
    - Information warfare
    - Cyber attacks

    - Mick Baccio, Splunk
    - Frank Snyder, Yubico
    - Lance James, Unit 221B

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Protecting Your Business from Nation State Attacks Recorded: Jul 21 2020 59 mins
    Diana Kelley | Matt Rider | Etay Maor
    Cyberattacks attributed to foreign governments have been on the rise for years, many against organizations all over the world. These attacks try to steal online account information, infect computers, and compromise the safety of networks. Targets of these attacks include think tanks, university staff, government employees, and even members of organizations focused on human rights issues.

    As these attacks increase in prevalence and sophistication, organizations are taking notice of the threats posed by hostile state actors and state-sponsored cybercriminal groups.

    So, how can businesses protect against them?

    Join today's episode of The (Security) Balancing Act with Diana Kelley to learn whether your business should be concerned about nation state attacks and what to do about it.

    The topics up for discussion will include:
    - State actors & rise in cyber crime
    - How the attackers get in
    - A review of recent nation-state campaigns
    - How does this impact organizations across different verticals (Financial vs Healthcare vs Government)
    - How industry and law enforcement are responding to these attacks
    - How AI and ML may change cybercriminal tactics
    - How to deal with threats from criminals and hostile states

    - Etay Maor, Chief Security Officer, IntSights
    - Matt Rider, International Engineering Director, Rapid7

    We welcome viewer participation and questions during this interactive panel session.
  • [PANEL] Security as a Service Recorded: Jul 13 2020 54 mins
    Stephanie Olsen | Sailaja Kotra-Turner | John Frazier | Jeremiah Dewey, Rapid7
    As in-house security becomes increasingly complex and costly, organizations are in need of a reliable and safe security provider. Join industry experts as they discuss the latest trends in SEaaS, including:

    -Why your organisation needs to move towards SEaaS
    -The different models of security as a service
    - SEaaS solutions and strategies

    Stephanie Olsen, Customer Trust Manager, Product & Application Security, Netflix & WiCyS Silicon Valley Affiliate President
    Sailaja Kotra-Turner, CISO
    John Frazier, Chief Operating Officer, Synoptek
    Jeremiah Dewey, VP Managed Services, Rapid7
  • Securing the Remote Workforce Recorded: Jun 30 2020 59 mins
    Diana Kelley | David Sherry | Lee Imrey | Nathan Howe
    Remote working has been a growing trend for the last few years, especially in the tech sector. However, the COVID19 outbreak has really pushed businesses to adopt or accelerate their remote integration plans. How has this affected security? What are the steps companies need to take to better protect their remote workforce?

    Join this episode as we explore the security challenges in the time of COVID, why a strong security culture is important, and what steps to take today.
    - What are the security challenges associated with remote working
    - Examples of changes in cyber-attacks during COVID
    - Managing patching, VPNs, and backups for large and small remote workforces
    - How to maintain auditability and visibility
    - How to enable and keep your remote team secure
    - ​Tips for training end users to help themselves
    - Why a strong security culture matters now more than ever

    - David Sherry, CISO, Princeton University
    - Lee Imrey, Cybersecurity Advisor, Splunk
    - Nathan Howe, Head of Transformation Strategy, EMEA, Zscaler

    This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.
  • Building and Testing End User Training Programs Recorded: Jun 25 2020 56 mins
    Keyaan Williams, Founder and Managing Director Company NameCyber Leadership and Strategy Solutions, LLC (CLASS-LLC)
    Join Keyaan Williams, Founder and Managing Director of Cyber Leadership and Strategy Solutions, LLC (CLASS-LLC), to discuss how to build, test, and manage an end user training program to strengthen your overall security posture.
  • SIM Swapping Digital Identities Recorded: Jun 18 2020 49 mins
    David Morris | Allison Nixon | Cody Hussey
    This Election Hacking episode will explore the recent wave of SIM swap attacks in the context of MFA compromise, account hijacking and data theft ahead of the 2020 election.

    Can SIM swapping be used to target and steal identities of high-value individuals in the 2020 elections (e.g. campaign staff, influencers, local election officials)?

    Join this panel to learn more about:
    - Why attackers are focusing on identities
    - SIM swap attacks and two-factor authentication
    - Phishing - most commonly used for SIM swapping
    - Other ways attackers can get the victim's info
    - What can be done to protect digital identities
    - Early SIM-swapping attack warning signs

    - Allison Nixon, Chief Research Officer at Unit 221B
    - Cody Hussey, Security & Privacy Advocate, Solutions Engineer at Yubico

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Cloud Controls and Cyber Attack Prevention Recorded: Jun 18 2020 61 mins
    Jo Peterson, Stan Lowe, Tyler Cohen, Mark Lynd & Paul Love
    Gartner predicts that by 2021, over 75% of midsize and large organizations will have adopted multi-cloud or hybrid IT strategy. The corporate perimeter has been redefined.

    In this session, we’ll discuss:

    Six major cloud security threats along with risk mitigation and avoidance tactics
    Best practices to help secure cloud deployments
    Shared Responsibility Model for Cloud Security

    Jo Peterson, Vice President, Cloud and Security Services
    Stan Lowe, Global Chief Information Security Officer, Zscaler
    Tyler Cohen Wood, Cyber Security Expert, Former Senior Intelligence Officer
    Mark Lynd, Head of Digital Business at NetSync
    Paul Love, SVP Chief Information Security & Privacy Officer, Co-Op Financial Services
  • Data Privacy in 2020 and Beyond Recorded: Jun 17 2020 60 mins
    Mali Yared, Robert Razavi, Baber Amin, Lori Robinson & Elliot Dellys
    Is your organization aware of the main differences in data regulations around the world?

    Join this panel of industry leaders for an interactive Q&A roundtable to get a comprehensive look into the different data privacy and security requirements. The panel will also discuss what to expect in 2020 and beyond.

    Viewers will learn more about:
    - What's new on the data privacy and compliance landscape
    - Main differences between data regulations around the world and what this means for your organization
    - Expert recommendations regarding best tools and practices for achieving and maintaining compliance
    - The future of data privacy
    - What to expect in 2020 and beyond

    Mali Yared, Practice Director, Cybersecurity and Privacy, Coalfire (Moderator)
    Robert Razavi, Senior Security Architect CTO Office, IBM Canada
    Baber Amin, CTO West, Ping Identity
    Lori Robinson, Sr. Director, Product & Market Strategy, SailPoint
    Elliot Dellys, Director, Strategic Consulting, Trustwave
  • Insider Threats Recorded: Jun 16 2020 60 mins
    Arun Kothanath, Shahrokh Shahidzadeh, Eitan Bremler, John Pepe & Jeremiah Dewey
    There have been countless insider threat breaches recently, it’s no surprise that research suggests that up to 60% of cyberattacks are due to insider threats. With so much at stake, it's vital for organizations to protect against insider threats.

    Join this interactive panel of industry experts as they discuss:

    - How to protect your organisation from insider threats
    - Latest technologies and solutions
    - Benefits of early and timely detection

    Arun Kothanath, Chief Security Strategist, Clango (Moderator)
    Shahrokh Shahidzadeh, CEO, Acceptto
    Eitan Bremler, Co-Founder & VP Corporate Development, Safe-T
    John Pepe, Regulatory Technology and Counsel, Proofpoint
    Jeremiah Dewey, VP of Managed Services, Rapid7
  • The Evolving Email Environment Recorded: Jun 11 2020 47 mins
    Dan Fein, Director of Email Security Products, Darktrace
    As organizations’ business patterns evolve in the face of remote working, emails continue to constitute the connective tissue of companies globally. Over the past few months, cyber-criminals have consistently exploited this reliance on the inbox in a number of different ways.

    Join Dan Fein, Darktrace’s Director of Email Security Products, as he deep dives into the threats organizations face in today’s ever-evolving digital environment: the decreasing lifespan of attack campaigns, the rise of fearware in phishing attacks, and the surge of domain creation. He will explore how technological advancements like offensive AI will be leveraged against organizations in the email environment, and how only cyber defenses with a holistic understanding of the entire digital workforce can successfully detect and respond to such threats.

    This webinar will focus on:

    •The rise of opportunistic email attacks

    •Real-world examples of these cyber-threat trends

    •Use cases of novel email threats neutralized by AI
  • Roadmap to building a successful Information Security Program. Recorded: Jun 4 2020 62 mins
    Alex Leon, CISO at Dime Community Bank
    Building an information security program that meets the business needs of your organization and its continuance, while protecting the institution’s assets, is a venture all CISO’s have to endure. During this webinar, a bank CISO with over 25 years of experience in the Financial Services industry will share his knowledge on how to build a successful program for various size organizations. This session will cover the GRC framework (Governance, Risk and Compliance) will blend with the Cybersecurity framework (Identify, Protect, Detect, Respond and Recover) creating a unique formula for success.

    Alex Leon is the CISO at Dime Community Bank, a $6 Billion institution located in Brooklyn, New York. Alex has over 25 years of experience working in the Financial Services industry, including 18 years at Citibank and 4 years at Mitsubishi UFJ Trust and Banking. He has experience working in all 3 Lines of Defense (IT/IS, Risk, Audit). He has some of the most recognized Information Security certifications such as: C|CISO, CISSP, CISM, CISA, CRISC, CGEIT, CBCP, CTPRP and CSX-f. Alex has a Master of Science in IT Management from Colorado Technical University; and also earned a CISO Executive Program Certification from Carnegie Mellon University’s Heinz College of Information Systems and Policy. He is a Cybersecurity Advisory Board Member at Rutgers University, New Jersey. Alex is the first CISO at Dime Community Bank and reports directly to the Chief Risk Officer. He briefs the Bank’s Board of Directors at least quarterly. In his free time he shares his knowledge and industry experience with those entering the cybersecurity field. He is a Learning Tree Cybersecurity Instructor and enjoys skydiving during the summer months.
  • Election Threats: Ransomware at the State & Local Level Recorded: May 21 2020 58 mins
    David Morris | Lee Imrey | Brett Foy | Lance James
    Crippling ransomware attacks are on the rise and U.S. cities are falling victim at alarming rates. The public sector is especially vulnerable because state and local governments tend to have outdated computer systems and maintain sensitive data which is highly desirable to attackers.

    Join this episode of the Election Hacking series to learn more about the ransomware threat to state and local governments and what this means for the 2020 U.S. presidential election.
    - The year of ransomware
    - How cities and states are coping with the scourge of ransomware
    - The ransomware dilemma: Pay the ransom or fight the infection
    - How AI is enabling - and helping fight - ransomware attacks
    - Ransomware as a threat to democracy

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    - Lee Imrey, Cybersecurity Advisor, Splunk
    - Brett Foy, Global Vice President, Engineering, Datrium
    - Lance James, CEO of Unit 221B

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Cybersecurity Strategy and Leadership for the SMB Recorded: May 20 2020 56 mins
    Diana Kelley | Susan Whittemore | Jay Ryerse | Courtney Radke
    Smaller businesses have a common problem when it comes to cybersecurity - limited expertise, resources and budget.

    The board is asking for, clients are demanding to know whether the company is secure, IT team can't articulate the cybersecurity program, because there isn't one.

    Cybersecurity is sometimes an afterthought for a start-up, or delegated to one engineer. There's a tendency to think of cybersecurity as a set of tactical, technical implementations to cover obvious threats rather than a business problem.

    We'll discuss the role of the CISO in terms of providing the leadership and strategy for a cohesive, risk based program. Ideally, the role is not a technician.

    With an ever-evolving threat landscape and a growing business, where does a business start to build and maintain an affordable program? We'll discuss a baseline program, technologies required, focusing on fewest technologies for maximum benefit.

    This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.
  • [PANEL] How to Simplify Cyber Risk Management? Recorded: May 13 2020 62 mins
    Kalani Enos (Immersion Security), Terence Jackson (Thycotic), Rick Holland (Digital Shadows), Joseph Carson (Thycotic)
    In today’s multi-cloud and hybrid environments, CISO's are struggling to secure assets, manage security policies across clouds, monitor and mitigate risks, while also supporting the business. How are CISOs solving the challenge of complexity?

    Join this panel of experts to learn how to simplify cyber risk management as well as maximize the value of your team and technology.
    - Risk scoring and security controls
    - How to identify risks for organizations and their third-party vendors
    - How to prevent, detect, and respond to, privacy and network security incidents
    - Best of vulnerability and risk management in a multi-vendor environment
    - Best practices and use cases across industries

    Kalani Enos, Partner/VCISO/Threat Analysis, Immersion Security (Moderator)
    Terence Jackson, Chief Information Security Officer, Thycotic
    Rick Holland, CISO, Vice President Strategy, Digital Shadows
    Joseph Carson, Chief Security Scientist, Thycotic
  • Threat Hunting and Modern Security: 3 Fundamental Flaws Recorded: May 7 2020 60 mins
    Alex Humphrey, Senior Security Consultant, CRITICALSTART
    As threats and attacks evolve, many organizations find that traditional methods and products are limited in their scope and effectiveness. Compounding the problem, the growing cybersecurity skills shortage means many companies don’t have a dedicated team that can view and respond to threats 24/7 or support their growing remote workforce. Join us on May 7th to stay engaged and connected on the 3 fundamental flaws of threat hunting in this new day and age.
  • Back to the Office – Or Not? Next Steps in Pandemic Technology Response Recorded: May 1 2020 62 mins
    Dan Lohrmann | Earl Duby | Vinod Brahmapuram | Scott Larsen
    As the United States enters a new phase in Covid-19 response, how are businesses and governments responding? What lessons have been learned, and what next steps are organizations taking? How can technology and cybersecurity mistakes be avoided?

    Join this webinar for the latest coronavirus playbook roundup and recommendations on how to address the next phase of the outbreak. Learn the scope of the unprecedented challenges organizations are currently facing. Hear from industry leaders on how they are addressing the COVID-19 security and technology challenges.

    By popular demand, this webinar is a follow-up to the immensely successful BrightTALK session held on March 13 at the beginning of this emergency. That webcast (link in Attachments): Coronavirus Actions and Risks for Tech and Security Leaders, was viewed thousands of times, and numerous attendees asked for this update.

    Topics will include:
    - Policy, technology and process steps to take today to protect your workforce and organization.
    - Lessons learned from more staff working from home (telework)?
    - What mistakes can be avoided as staff prepare to go back to offices –and how?

    We will close with a Q/A session with the audience.

    - Dan Lohrmann, Chief Security Officer & Chief Strategist at Security Mentor Inc.
    - Earl Duby, CISO at Lear Corporation
    - Vinod Brahmapuram, CISO at State of Washington Government
    - Scott Larsen, CISO of a large healthcare provider
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Harnessing SIEM for More Effective Investigations
  • Live at: Jun 4 2009 1:00 pm
  • Presented by: Eric Knight, C|EH | Senior Knowledge Engineer | LogRhythm Inc
  • From:
Your email has been sent.
or close