So, you've got an alarm - or 400 alarms maybe, now what? Security incident investigations can take many paths leading to incident response, a false positive or something else entirely. Join this webcast to see security experts from AlienVault and Castra Consulting work on real security events (well, real at one point), and perform real investigations, using AlienVault USM as the investigative tool. Process or art form? Yes.
You'll learn:
- Tips for assessing context for the investigation
- How to spend your time doing the right things
- How to classify alarms, rule out false positives and improve tuning
- The value of documentation for effective incident response and security controls
- How to speed security incident investigation and response with AlienVault USM
Presenters:
Joe, Tony and Grant, collectively known as "JTaG", have been working with packets one way or another for a combined 50 years. During their tenure at AT&T, they managed IDS for some of the world's largest companies and have used every IDS available from NetRanger to Suricata. They also stood up SIEMs capable of processing billions of events per day in their "Threat Management" SOC environment. These days, they use their powers for good, helping customers of all sizes understand the ever-changing security landscape.