Hi [[ session.user.profile.firstName ]]

How to Leverage Log Data for Effective Threat Detection

Event logs provide valuable information to troubleshoot operational errors, and investigate potential security exposures. They are literally the bread crumbs of the IT world. As a result, a commonly-used approach is to collect logs from everything connected to the network "just in case" without thinking about what data is actually useful. But, as you're likely aware, the "collect everything" approach can actually make threat detection and incident response more difficult as you wade through massive amounts of irrelevant data. Join us for this session to learn practical strategies for defining what you actually need to collect (and why) to help you improve threat detection and incident response, and satisfy compliance requirements
Recorded Jun 26 2014 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tom D'Aquino, Systems Engineer

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The One Man SOC - How Unified Security Management Simplifies Threat Detection Feb 22 2018 5:00 pm UTC 60 mins
    Sacha Dawes, Principal Product Marketing Manager, AlienVault
    With the proliferation of single-point security solutions, many IT teams are struggling to efficiently monitor the security of their environments, and respond quickly to threats. It can be a real challenge to juggle multiple tools that weren’t designed to work together, which wastes time and resources that small IT security teams can’t afford to lose.

    Watch this webcast to learn how one of AlienVault's customers was able to build a security operations center (SOC) on a budget with the AlienVault toolset, and extend security capabilities via the AlienApps ecosystem.

    In this webcast, we'll cover:

    Essential security capabilities that all IT teams should have, regardless of size
    Challenges of integrating and maintaining multiple security tools
    How AlienVault customer Guy Dulberger operates his "One Man SOC" with the AlienVault toolset
    A demo of how AlienVault Unified Security Management speeds threat detection and incident response

    Hosted By
    Sacha Dawes
    Principal Product Marketing Manager

    Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.
  • The Auditor's Perspective: An Insider's Guide to Regulatory Compliance Recorded: Jan 18 2018 46 mins
    Divya Jeyachandran, Sr. Manager - Payments, Cloud & Technology, Coalfire
    Every business that handles personally identifiable data is subject to privacy regulations and standards, such as PCI-DSS for credit card transaction data, HIPAA for medical records privacy, SOC 2 for any organization that delivers services (including SaaS-delivered solutions) and the European Union’s soon-to-be-enacted GDPR (General Data Protection Regulation). There are also privacy and breach disclosure laws that vary from country to country (even state to state in the US), making it a big challenge to keep up with them all. Failure to comply can result in daily penalties and fines, and a data breach resulting from non-compliance could cost millions in settlements, legal fees, and loss of reputation.

    Join special guest, Divya Jeyachandran of Coalfire and John McLeod, CISO of AlienVault to hear what auditors are looking for and how to best prepare for your next audit.

    Topics covered:

    Overview of common compliance requirements
    Best practices for preparing for and demonstrating compliance
    Keys to overcoming challenges in your on-premises and cloud environments
    How a unified security toolset can greatly simplify this process

    Hosted By
    Divya Jeyachandran
    Sr. Manager - Payments, Cloud & Technology, Coalfire
    Divya is a Senior Manager in the Payments practice at Coalfire focusing on data security in cloud environments. She advises and assesses client environments to meet security and compliance requirements such as the PCI DSS. With 8 years of experience in cloud technology, IT security and audit, and network and systems administration combined with understanding the applicability of regulatory security and compliance requirements towards IT solutions, Divya has been the lead QSA for some of the major cloud service providers and security service providers in the industry.
  • Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits Recorded: Jan 9 2018 37 mins
    Sacha Dawes, Principal Product Marketing Manager, AlienVault
    As you've likely heard, Meltdown and Spectre are vulnerabilities that exist in Intel CPUs built since 1995. Hackers can exploit Meltdown and Spectre to get hold of information stored in the memory of other running programs. This might include passwords stored in a password manager or browser, photos, emails, instant messages and even business-critical documents.

    Join us for a technical webcast to learn more about these threats, and how the security controls in AlienVault Unified Security Management (USM) can help you mitigate these threats.

    You'll learn:

    What the AlienVault Labs security research team has learned about these threats
    How to scan your environment (cloud and on-premises) for the vulnerability with AlienVault USM Anywhere
    How built-in intrusion detection capabilities of USM Anywhere can detect exploits of these vulnerabilities
    How the incident response capabilities in USM Anywhere can help you mitigate attacks

    Hosted By
    Sacha Dawes
    Principal Product Marketing Manager
    Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.
  • CISO Perspective: How using the NIST Cyber Security Framework improves security Recorded: Nov 30 2017 63 mins
    John McLeod, CISO, AlienVault
    The National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) is widely recognized as an effective roadmap for improving threat detection and compliance. However, many smaller IT security teams with limited resources have trouble implementing and maintaining the recommended security controls and processes. That's where AlienVault can help.

    In this webcast, AlienVault CISO John McLeod will provide insights into how AlienVault approached implementation of NIST CSF and accelerated the process using their own Unified Security Management (USM) platform.

    Join this webcast for:
    - An overview of security controls recommended by NIST CSF
    - Best practices for approaching adoption of NIST CSF
    - How a unified security toolset can greatly simplify this process
    - A demo of the AlienVault Unified Security Management (USM) platform
  • Adding the S to MSP: Making Money in a Competitive Market Recorded: Nov 14 2017 35 mins
    Mike LaPeters, VP Global Channel Sales & Mike Calonica, VP American Sales
    Anybody can deliver technology, but these days Managed Service Providers (MSPs) also need to protect their customers’ networks and data. Cyber threats are a growing concern, and if you can’t provide security, your customers will find a provider who can. That’s why adding security to an MSP’s palette of services isn’t just an option; it’s a must.

    In this webcast, experts from Penton and AlienVault will discuss how to turn your MSP into a profitable MSSP by adding security for customers to protect their business from the scourge of cybercrime. Join this session to learn more about:
    - Current threats and how they are evolving
    - Comprehensive threat protection for the cloud
    - Unified security for detecting threats and responding to incidents
  • How to Solve your Top IT Security Reporting Challenges with AlienVault Recorded: Oct 31 2017 55 mins
    Sacha Dawes Principal Product Marketing Manager, AlienVault
    If you needed to provide reports to management or an auditor to prove that your IT security controls are in place and working, how long would it take you to do that? And, how many different tools would you need to consult? The AlienVault Unified Security Management (USM) platform integrates many of the core security capabilities you need along with built-in reports to help you implement IT security best practice frameworks like the NIST Cybersecurity Framework (CSF), as well as demonstrate compliance with PCI DSS, HIPAA and other regulations.

    Join this webcast to see how the USM platform makes it easy to:
    - Automate log collection, analysis and event correlation in a single console
    - Continuously scan for new assets and vulnerabilities
    - Get alerted of suspicious behavior like privilege escalations, account changes, malware and ransomware threats, and more
    - Simplify compliance with pre-built and customizable reports mapped to numerous regulatory requirements
  • SIEM 2.0 - How Unified Security Management SIEMplifies Threat Detection Recorded: Oct 17 2017 61 mins
    Sacha Dawes, Principal Product Marketing Manager, AlienVault
    SIEM solutions have been widely adopted to help IT teams collect and correlate data from a variety of security point products. However, traditional SIEM deployments require a great deal of time, money & expertise to properly normalize data feeds, create correlation rules to detect threats & continuously tune those rules to limit false positives. And, after all that work is done, it has to be continuously re-done as the network & threat landscape changes.

    AlienVault takes a different approach to SIEM. Join this webcast to learn how AlienVault Unified Security Management (USM) overcomes the most common SIEM challenges with:
    - Built-in capabilities like asset discovery, vulnerability assessment, intrusion detection, orchestrated incident response, and log management
    - Continuously updated correlation directives, vulnerability signatures, incident response guidance, and more
    - Fully integrated, real-time threat intelligence from the AlienVault Labs Security Research Team and the AlienVault Open Threat Exchange (OTX)
    - The ability to monitor on-premises and cloud environments including AWS and Azure, as well as cloud applications like Office 365
  • Standing in the Gap: Ransomware and the Role of the MSP Recorded: Sep 28 2017 33 mins
    Garrett Gross, Director of Field Enablement, AlienVault
    Ransomware continues to be one of the most intrusive and pervasive threats today. With organizations of every size and vertical being a potential target, the opportunity exists for traditional MSPs to offer security-as-a-service to help customers protect, detect and respond to such threats.

    But, just how bad is the ransomware threat? It's worse than you may think and organizations are not doing enough to combat it.

    Hear from industry expert Nick Cavalancia and Garrett Gross, Director of Field Enablement, from AlienVault as they discuss:

    - The current state of the ransomware threat
    - Common ransomware scenarios, responses, and outcomes
    - The opportunity that exists for MSPs to stand in the gap
  • How Smart Security Teams Use Cyber Threat Intelligence Recorded: Sep 19 2017 58 mins
    Sacha Dawes, Principal Product Marketing Manager, AlienVault
    As malware and ransomware become more commercialized, and the evolution of threats accelerates, it’s hard for organizations to keep up – even when they have multiple security products deployed. The latest SANS Cyber Threat Intelligence Survey showed that organizations using threat intelligence can gain dramatic improvements in visibility into threats, to enable a faster and more accurate response.

    Join AlienVault for this practical session to learn how smart security teams are integrating cyber threat intelligence into their day to day operations. You'll learn:
    - What threat intelligence is, and how it speeds threat detection and incident response
    - Key questions to help you evaluate threat intelligence sources and plan for integrating it into your operations
    - How AlienVault USM Anywhere integrates threat intelligence with other security capabilities to save valuable time
    - A demo of AlienVault USM Anywhere showing how threat intelligence adds valuable context to alarms
  • Tracking Access, Sharing and Administration of Files in SharePoint Online Recorded: Sep 14 2017 83 mins
    Sacha Dawes, Principal Product Marketing Manager, AlienVault. Randy Smith, CEO, Monterey Technology Group, Inc.
    Cloud-based file applications like SharePoint and OneDrive for business mean any document in your company is seconds away from being shared to the world with a unique URL that takes people directly to the file.

    Given this, how do you remain compliant and exert some level of control and accountability over your organization’s documents?

    In this webinar, Randy Smith of Ultimate Windows Security will zero in on how the UAL can answer these questions:

    -Who viewed this file?
    - Who was been downloading an abnormal amount of files?
    -When was this file downloaded and by whom?
    -…and more!

    Sacha Dawes of AlienVault will then show you how AlienVault Unified Security Management (USM) accomplishes all of this and more – such as enriching audit events with geo location based on the ClientIP field, and enabling alerting and reporting on SharePoint and OneDrive events.
  • AlienVault Partner Program: An Intro to AlienVault USM Recorded: Aug 17 2017 60 mins
    Mike LaPeters, VP Global Channel Sales & Garrett Gross, Director of Field Enablement
    Watch our partner webcast to learn about our award-winning, easy-to-sell AlienVault® USM™ platform and the AlienVault Partner Program. SIEM solutions integrate and analyze the data produced by other security technologies but unfortunately most mid-market organizations don't have the resources and time to create and maintain the data correlation rules that make SIEM solutions useful. This offers an opportunity for you to capitalize on the benefits of AlienVault USM. Once your prospects understand our approach to unified security management, it becomes a very quick sales cycle.

    An intro to AlienVault USM
    How to identify prospects quickly with a simple set of questions
    How to sell the benefits of USM for easier and faster threat detection
  • How to Grow and Accelerate your Managed Security Business Recorded: Aug 17 2017 33 mins
    Garrett Gross, Director Field of Enablement
    Security continues to be one of the top three IT concerns for SMB, mid-market and large enterprise customers. Security and Cloud continue to be the top two industry/market spend opportunities for the channel to invest in, according to CompTIA’s 2016 Annual IT Report. The opportunity for MSPs to become Managed Security Service Providers (MSSPs) is exploding – as is the opportunity for MSSPs to strengthen and expand their bottom line and market share. If you are interested in expanding your current MSP practice with security offerings, please watch this “How-to" discussion on building and growing an MSSP. We discuss best practices and illustrate what “best in class” looks like when it comes to:

    Common security challenges for the mid-market
    Considerations when selecting security vendor partners and ensuring a profitable practice
    Operational, financial, and process considerations that are key to a successful MSSP
    Essential skills critical to build successful MSSPs
    Solutions, business resources, tools, and programs available to enable the success of an MSSP
    In addition, we discuss some common mistakes MSSPs make and how to avoid those when building your practice.
  • Threat Intelligence: The MSP’s Secret Weapon Recorded: Aug 17 2017 34 mins
    Garrett Gross, Director Field of Enablement
    One of the biggest challenges when creating a managed security offering is developing threat intelligence and instrumenting it with existing security controls. This challenge is magnified exponentially as a company's client base grows and needs evolve.

    In this session, you’ll learn about the benefits of building your service offering around a unified security platform and how integrated threat intelligence accelerates the detection process. We’ll also recommend how MSSPs can leverage open threat sharing communities and custom intelligence development to maximize revenue and differentiate themselves from the competition.

    Attend this Webchat and you will also learn:

    The importance of developing a comprehensive understanding of not only the different data types collected for analysis, but also the ways in which the data types interact with each other
    The need for an intelligent approach to identifying the latest threats to achieve the broadest view of threat vectors, attacker techniques and effective defenses
    Why the use of coordinated rule set updates is key to maximizing the effectiveness and efficiency of threat intelligence
    and to ensuring that your clients are protected no matter how (and how often) their business grows and needs change
  • A Step-By-Step Guide to Building a Profitable Security Practice Recorded: Aug 17 2017 33 mins
    Garrett Gross, Director of Field Enablement
    As your clients work on their 2017 budgets, they will be paying a lot of attention to security. It’s probably the top priority for most of them. Threat profiles have expanded, new attack vectors have emerged and legacy systems simply can’t keep up. It’s not nearly enough to sell some security software or deploy a few firewalls. For IT service providers, this presents both a challenge and an opportunity. On one hand, your customers need new security solutions that you haven’t delivered before. But on the other hand, your customers want to pay you for services that will increase both your revenues and profits.

    Given that your customers will want their security challenges addressed immediately, you need to rapidly develop the skills and services required to get the job done.

    In this fast-paced session, join experts from AlienVault and MSPmentor to outline a step-by-step process you can follow to build a thriving, profitable security practice. Key topics to be addressed include:

    The five vital technology tools you need to run an effective security practice
    A detailed profile of the target customers most likely to adopt IT services to help accelerate your sales process
    A map for building and pricing your security service packages to meet customers’ needs (and for building your profits)
  • Use of Managed Security Service Providers (MSSPs) - Benefits, Challenges and Tre Recorded: Aug 17 2017 55 mins
    Garrett Gross Director, Field Enablement
    Research shows that about half of organizations deploy a mix of in-house and outsourced IT security. Companies turn to outsourced and managed security services providers to alleviate the pressures they face, such as assessing and remediating against new types of attacks, protecting their organization against data theft, and addressing skills shortages and filling resource gaps. The 2017 Spotlight Report covering MSSP usage revealed the latest data points and trends in how organizations are leveraging Managed Security Services Providers (MSSPs) to augment, or in some cases completely outsource their security programs.

    In this session you'll learn about key findings from this survey including:

    The predominant driver for organizations to consider managed security services
    The most critical capabilities organizations look for in MSSPs
    The most requested security services offered by MSSPs
    Key benefits respondents have achieved by partnering with an MSSP

    Whether you are evaluating using an MSSP, or are an MSSP yourself, join us to gain valuable insights into how MSSPs are helping their clients. We'll also provide an overview of how our report sponsor, AlienVault, enables the threat detection capabilities of many MSSP's with their unified threat detection platform, AlienVault USM
  • How to Simplify PCI DSS Compliance with a Unified Approach to Security Recorded: Aug 15 2017 59 mins
    Sacha Dawes, Principal Product Marketing Manager, AlienVault
    Demonstrating compliance with PCI DSS is far from a trivial exercise. The 12 requirements of PCI DSS often translate into a lot of manual and labor-intensive tasks in order to access the necessary data and reports from many different systems and tools. And, even after compliance is achieved, many teams struggle to maintain the processes and reporting between audits. Join us for this webcast covering what capabilities are needed for PCI DSS compliance, and how to simplify implementation with a unified security toolset like AlienVault Unified Security Management.

    We'll cover:
    - What core security capabilities you need to demonstrate compliance
    - The top challenges in meeting and maintaining compliance with PCI DSS
    - Best practices to help you plan and prepare for an audit
    - How AlienVault Unified Security Management simplifies threat detection, incident response, and compliance
  • How to Implement Effective Security Monitoring for AWS Recorded: Aug 15 2017 51 mins
    Ryan Leatherbury, AlienVault, Product Manager
    Building your own secure services on AWS requires properly using what AWS offers and adding additional controls to fill the gaps. This webcast will cover AWS Security best practices and how AlienVault can help you take these best practices further to get complete visibility into the security of your AWS environment. Plus, CeloPay, an AWS and AlienVault customer, will share how they were able to improve threat detection and compliance for their AWS environment using AlienVault.
    In this webcast, we'll cover:
    AWS security monitoring best practices to help you implement a secure, scalable solution
    How the AWS security monitoring capabilities of the AlienVault solution complement AWS security features
    Real-world examples from AWS and AlienVault customer CeloPay on benefits gained from AlienVault
    A short demo of key AWS security monitoring use cases made easy with AlienVault
  • Stop Malware in its Tracks with Security Orchestration Recorded: Jul 18 2017 60 mins
    Sacha Dawes, Principal Product Marketing Manager, AlienVault
    Security professionals are locked in a vicious cycle, with malicious actors spinning out new threats daily and security teams racing to keep up. Reducing the time to detect and defend against malware is critical. What if you could identify and block threats earlier? With the security orchestration capabilities in AlienVault USM Anywhere, you can.

    USM Anywhere is a security monitoring platform that unifies security visibility across your cloud and on-premises assets. New AlienApps™ extend the capabilities of USM Anywhere by interacting with other IT security and IT operations products like Cisco Umbrella, Palo Alto Networks and Service Now to centralize the orchestration of incident response activities.

    Join us for this webcast to learn:

    - What security orchestration means, and why it has become essential for fast, efficient incident response
    - How USM Anywhere can automate incident response activities, saving valuable time
    - How AlienApps help you reduce the friction of integrating and orchestrating across your security point solutions

    About the Presenter:
    Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space.
  • Petya Variant Ransomware: How to Detect the Vulnerability and Exploits Recorded: Jun 27 2017 32 mins
    Sacha Dawes, Principal Product Marketing Manager. Chris Doman, Threat Engineer
    As you've likely heard, a variant of the Petya malware is spreading rapidly and is known to have affected organizations worldwide, regardless of size. This variant of Petya follows a similar attack method to last month's WannaCry ransomware, though it uses the PsExec and WMI services for distribution.

    Once compromised, the ransomware will overwrite the Master Boot Record (MBR), encrypt individual files that match a list of file extensions (including documents, archives, and more), and after a reboot of the system will present the user a message requesting a ransom in Bitcoin to decrypt the system. As with WannaCry, the ETERNALBLUE exploit toolkit (which was released by the Shadow Brokers group in April 2017) is suspected to be a key part of the attack.

    Join us for a 30-minute technical webcast to learn more about this Petya variant, and how the unified security controls in AlienVault USM Anywhere can help you quickly identify vulnerable systems and attacks.

    You'll learn:

    What the AlienVault Labs security research team has uncovered about this threat
    How to scan your environment (cloud and on-premises) for critical vulnerabilities with AlienVault USM
    How AlienVault USM leverages threat intelligence for early detection of threats like this variant of Petya
    How built-in response orchestration capabilities in AlienVault USM can stop the threat from spreading
  • The Shadow Brokers: How to Prepare for What’s Next After WannaCry Recorded: Jun 20 2017 46 mins
    Peter Ewane, AlienVault Security Researcher
    The Shadow Brokers are a hacking group who have published several leaks containing hacking tools from the National Security Agency (NSA), resulting in high profile malware attacks like the recent WannaCry ransomware attacks. So, what can we expect next as a result of the leaked hacking tools? The AlienVault Labs security research team has been analyzing the leaked information in an effort to understand potential attack vectors, and create the necessary threat intelligence updates for AlienVault products.

    Join us for a live, technical webinar on Tuesday, June 20th to learn more about the Shadow Brokers and what the AlienVault Labs team has uncovered about potential threats posed by the leaked tools.

    You’ll learn:
    A brief history of Shadow Brokers activity
    Analysis of the leaked hacking tools and exploits and their potential impact
    How to use information related to Shadow Brokers available in the Open Threat Exchange
    An overview of threat intelligence updates made to AlienVault products
Security intelligence from leading industry visionaries
AlienVault has simplified the way organizations detect and respond to today’s ever evolving threat landscape. Our unique and award winning approach, trusted by thousands of customers, combines the essential security controls of our all-in-one platform, AlienVault Unified Security Management, with the power of AlienVault’s Open Threat Exchange, the world’s largest crowd-sourced threat intelligence community, making effective and affordable threat detection attainable for resource constrained IT teams. AlienVault is a privately held company headquartered in Silicon Valley and backed by Trident Capital, Kleiner Perkins Caufield & Byers, Institutional Venture Partners, GGV Capital, Intel Capital, Jackson Square Ventures, Adara Venture Partners, Top Tier Capital and Correlation Ventures.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How to Leverage Log Data for Effective Threat Detection
  • Live at: Jun 26 2014 6:00 pm
  • Presented by: Tom D'Aquino, Systems Engineer
  • From:
Your email has been sent.
or close