Panel: David J. Bianco, FireEye; Martin Holste, FireEye; Michael Reeves, FireEye; Ryan Stillions, FireEye
Moderated by Richard Bejtlich, Chief Security Strategist, FireEye.
When you think of “event data”, chances are good that you think of SIEM. If so, you may be missing out on much of the value of your logs for detecting, investigating and responding to security events.
Based on extensive real-world experience with large organizations, the Enterprise Security Monitoring (ESM) philosophy extends current host-, network- and event-based collection strategies, bringing data from all three domains under one roof for a unified view of what’s going on inside your organization.
In this session, our panelists will discuss key aspects of the ESM approach, including:
• Data collection priorities based on your organization’s security goals
• Enterprise-scale collection strategies
• Deriving context from events
• Integrating threat intelligence to improve detection and speed response
• Increasing your adversaries’ costs using the “Pyramid of Pain” and “Detection Maturity Level” models
This will be a very interactive session, with plenty of audience interaction. We welcome the tough questions. Come learn about a better way of fully leveraging the data you are already collecting to better protect your organization!