Hunting Today: Using existing technology to hunt cyber threats
The idea of a "hunt team" is becoming quite popular. Everyone building a hunt team wants the best and fastest data stores, visualization engines, and pre-canned data science algorithms to magically (and very quickly) find needles in haystacks. But let’s be honest, we can’t afford to get exactly what we want. And if we could afford it, what we exactly want doesn’t even exist for us to buy at this time. In this talk, we'll look at how you can use visualizations and basic statistics with your existing tools to catch more bad guys.
RecordedJun 23 201528 mins
Your place is confirmed, we'll send you email reminders
John Delk, Chief Product Officer and GM, Security Product Group and Travis Grandpre, Director, Product Marketing, Micro Focus
With the close of the spin-merge of HPE Software with Micro Focus, the two organizations have joined forces to become the seventh-largest pure-play software company in the world.
As one of the largest security providers in the world, both HPE and Micro Focus bring together a portfolio of security solutions that bridges IT and protects what matters most—users, apps, data, and the interactions between them.
Join us for this webinar to hear John Delk, Chief Product Officer, and Security GM, discuss how the new combined security business combines an open architecture to free up access to data and industry-leading analytics to detect known and unknown threats.
Steve Forsyth, ArcSight Product Manager, Micro Focus
Experience leveraging the ArcSight Activate framework to strengthen and enhance your ArcSight Enterprise Security Manager (ESM) SIEM deployment. This webinar will show you how to:
• Increase your effectiveness in managing indicators and warnings
• Understand situational awareness, threat impact and assessments
• Further understand the process refinement required to manage your ArcSight ESM deployment.
This webinar includes a demonstration of acquiring, operating, and expanding an Activate solution within an ESM implementation.
HPE ArcSight offers a cost effective and efficient log management solution to meet your compliance, reporting and data retention needs. The ArcSight Logger is a universal log management solution that unifies search, reporting, alerting, and analysis across any type of enterprise machine data.
ArcSight continues to innovate to provide our customers with the best of breed solutions. Join this webinar to learn about Logger’s new search and reporting capabilities.
Corporate environments are becoming increasingly complex with multiple environments, devices, systems, and networks. Combine complex environments with the world of cyber-security and the corporate threat landscape and you have a troublesome area to focus and maintain security. Security is a primary focus for large enterprises and it is a not an easy task to keep under control. The ever-changing threat landscape is always evolving. New and existing threats continue to emerge and affect corporate networks. While technology continues to develop and be adopted within companies, each device, system, and network increases the risk of security compromise. The powerful ability to scan these devices, systems, and networks in real-time to detect threats and correlate activities by each component is an extreme need within enterprises.
In this webinar, you will learn:
• Importance of understanding the cyber-security threat landscape
• Understanding the complex threat landscape and multiple data inputs
• Power of real-time security event correlation
• ArcSight ESM and how it strengthens SOC teams
Corporate enterprises have increased their focus on cyber-security and the development of SOC organizations within the last 10-15 years. This webinar will discuss the value and benefits of ArcSight's powerful real-time correlation and its importance within a developing SecOps organization and an advanced and mature SOC organization.
With more security threats than ever before, organizations are looking to new ways to secure, manage and monitor their environment. Data sources are increasing and far higher volumes need to be sent to multiple destinations for real-time analytics and archiving. Traditional closed architectures are becoming an impediment to the growth and needs of security operations. Organizations today are, therefore, looking to adopt modern open standards and architectures.
By embracing new, innovative and open standards, security organizations can look to solve complex problems today and equip themselves for the future. Explore how you can expand and grow your capabilities with simplicity, and more importantly in a predictable and cost-effective way.
This webinar will cover the evolving approach to help you solve security issues with modern open architecture solutions. Learn why integration is key and where ArcSight comes in.
Hunt teams are relative newcomers within the security operations domain. Many companies say they are doing “hunt” but when we dig deeper, we find the capabilities are ad hoc, with no measurable indicators of success nor formal organizational support. That means hunt teams are growing in popularity and use, but there is no “gold standard” yet for how they work. With increasing scarcity of skilled resources in cyber security and lack of efficient tools, it is challenging to build successful hunt practices inside an organization.
Join this webcast to:
•Gain a clear understanding of the current challenges of hunt and investigation procedures
•Learn how to build “hunt” capabilities that search for security breaches
•Increase speed, simplicity and effectiveness across the entire workflow of hunt and investigation with ArcSight’s new solution
Mary Writz is a seasoned professional with more than 15 years of experience in cyber security and, under her services leadership role, her team filed 9 patents and built a successful hunt practice with a focus on Big Data, machine learning and visualization. Alona Nadler is a senior product manager for ArcSight with a background in Big Data analytics platform.
Learn more about ArcSight workshops coming to a city near you. Understand what’s new with ArcSight, and see some of the dynamic hands-on labs we will be running including topics such as discovering multi-stage attacks using your ArcSight ESM. Register now to see what the buzz is all about.
Nathan Burke, VP of Marketing, Hexadite and Steven Forsyth, RnD Manager, HPE Security ArcSight
The effectiveness of a security system depends on how quickly it detects and responds to threats. Is your security system able to tackle security challenges in near real time, while reducing false positives so analysts can focus on critical events and Indicators of Compromise (IOC’s)?
HPE Security ArcSight ingests large volumes of security events and correlates against IOC’s in real time to identify potential threats. Hexadite Automated Incident Response Solution (AIRS) takes these security alerts in real time and performs investigation and remediation at scale.
Learn how the combination of these two systems gives you the ability to:
• Gain visibility across the entire IT footprint
• Detect security threats in real-time
• Automate incident investigation
• Perform automated or semi-automated remediation actions
Travis Grandpre, HPE Director of ArcSight Product Marketing and Justin Kelso, HPE ArcSight
As organizations scale, growing in size across physical and virtual borders, they rely on intelligent security operations to maintain the integrity of their security posture. Critical to building Intelligent Security Operations is the ability to gain visibility across boundaries, which means insight into not just networks and IT, but also operational data and IoT devices. This kind of visibility requires managing and maintaining the integrity of millions of events per second that are required to provide credible insights powering the Intelligent Security Operations.
But visibility without context can become a distraction to resource constrained security operations’ intent on focusing on what matters and remediating threats. Providing context to the collected data through real-time correlation and analytics generated alerts helps to prioritize security analyst tasks, optimizing resources and saving time. Machine learning enrichment of data through the addition of user, entity and security context, helps security operations teams to run efficiently.
These capabilities together empower you to track alerts and investigate threats at the speed of the attacker.
Learn how ArcSight plans to lay the foundation for intelligent security operations by providing an open architecture to leverage your data for better detection, investigation and response to threats, while maintaining integrity.
Michael Mackrill, Security & Intelligence Operations Consulting
SIEMs have been around for years and many companies are wondering if they actually got a return on their investment. Meanwhile, multiple vendors are claiming that their latest tool can do everything that a SIEM can and more! Can the SIEM survive?
We believe that the SIEM is not dead. SIEM is evolving. It must be remembered though that a SIEM is a living, breathing creature that must be cared, fed and interacted with in order to thrive. SIEMs have gotten more robust and can be used to interact with other security programs in ways that they couldn’t a few years ago. Companies need to utilize the SIEM as their central pane of glass to see the threats to their environment and use integration with other tools to help ensure the security of their electronic data.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute
On average, the 58 United States companies participating in the 2015 Cost of Cyber Crime study lost $15 million due to cyber crime, an increase of 19 percent from $12.7 million in last year's study. And other countries are close behind. These are results from the recently completed Ponemon Institute 2015 Cost of Cyber Crime study. You know the risks, but you need the data to plan your defenses and demonstrate the cost of inaction.
For a fuller look at these and other findings from the institute’s study, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, to learn:
-What cyber crimes are most common and most costly
-The hidden internal and external costs you incur
-What security defenses are most effective in reducing losses
-How businesses with a strong security posture drive down costs
Analytics, as they pertain to the security space, are a new horizon for most. With the universal rise in interest in applying analytics to security data and use cases many organizations are overwhelmed by the difficulties surrounding those technologies. Whether it is the cost and rarity of expert manpower, scale and speed of the data, or the immaturity of many of the technologies; many organizations need help making sense of this new frontier and how and where to apply it to their data sets. HPE Security ArcSight has taken the lead in making this emerging technology more readily consumable through the targeted use of analytics for particular datasets and use cases. In this vein HPE Security ArcSight has launched two security analytics offerings: User Behavior Analytics, and DNS Malware Analytics. Please join us in this webcast to learn more about these technologies and how they are making big impacts for security organizations of all sizes.
Protect your business with security analytics and compliance solutions
Your organization, regardless of its size, must turn security and log data into actionable intelligence to make smarter, more efficient decisions. This channel features presentations that help answer your security questions. For example, you can learn how to manage business risk, monitor your IT infrastructure and automate compliance. Take your security knowledge a step forward with best practices in the latest security trends like Big Data Security Analytics, combating Advanced Persistent Threats and understanding the costs of cyber crime.