October Lunch Meeting- Using SIEM as a Platform for Real-Time Threat Detection

IMPORTANT: Remember to RSVP and pay at http://www.issala.org/events/rsvp-options/

Joe Magee - Using SIEM as a Platform for Real-Time Threat Detection

Presentation Abstract:

SIEM has long been known as a strong platform for monitoring security controls and alerting on policy violations, but for a variety of reasons, its not gotten golden reviews for real-time threat detection. Yes, SIEM has some limitations that need to be overcome for real-time threat detection, but it also has some very strong advantages. This presentation will talk about SIEM’s limitations, and will present a model for how to push the envelope. What internal data sources are needed?  What external threat intelligence should be used?  How can we marry the two through specialized use case development?  In addition to providing a conceptual model, the presentation will walk through some real-world examples of how SIEM has successfully been used to expedite detection and analysis of cyberthreats, and to streamline response processes.

Speaker Bio:
Joseph Magee is the Chief Technology Officer and co-founder of Vigilant, where is in charge of research and development for security monitoring solutions, most recently for Vigilant’s Collective Threat Intelligence™ services. He has been an industry leader in advancing the use of SIEM for business loss prevention and threat detection. Previously, he was Chief Security Officer at Top Layer Networks, and cut his teeth in the high-risk world of on-line trading, serving as information security architect for Datek Online. Joe is an active member of SecurityMetrics.org and other industry organizations that directly contribute to the development of security monitoring best practices and standards. He attended Drexel University, where he studied Commerce & Engineering, and Management of Information Systems.

Sponsor:


Corero Network Security, an organization’s First Line of Defense, is the leading provider of Distributed Denial of Service (DDoS) defense. As the First Line of Defense, Corero’s products and services stop DDoS and malicious server targeted attacks, protecting IT infrastructure and eliminating costly downtime. The First Line of Defense eradicates DDoS activity by filtering and removing attack traffic before it hits the network, as a result existing network security infrastructure such as firewalls and Intrusion Prevention Systems (IPS), which do not effectively stop these attacks, can carry out the tasks for which they were built. Customers include enterprises, service providers and government organizations worldwide.

Join or login to comment.

  • Karen M.

    It was an awesome event! Great turnout and great participation!!

    October 17, 2012

  • Stan S.

    SUper meeting. 90 people attended!!!!

    October 17, 2012

  • Richard G.

    great meeting!

    October 17, 2012

  • A former member
    A former member

    Speaker was great and ISSA-LA set a new lunch time attendance record! Kudos to the ISSA-LA Board members!

    October 17, 2012

  • Barry

    !

    October 9, 2012

89 went

People in this
Meetup are also in:

Sometimes the best Meetup Group is the one you start

Get started Learn more
Rafaël

Rafaël, started French Conversation Group

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy