IMPORTANT: Remember to RSVP and pay at http://www.issala.org/events/rsvp-options/
Joe Magee - Using SIEM as a Platform for Real-Time Threat Detection
SIEM has long been known as a strong platform for monitoring security controls and alerting on policy violations, but for a variety of reasons, its not gotten golden reviews for real-time threat detection. Yes, SIEM has some limitations that need to be overcome for real-time threat detection, but it also has some very strong advantages. This presentation will talk about SIEM’s limitations, and will present a model for how to push the envelope. What internal data sources are needed? What external threat intelligence should be used? How can we marry the two through specialized use case development? In addition to providing a conceptual model, the presentation will walk through some real-world examples of how SIEM has successfully been used to expedite detection and analysis of cyberthreats, and to streamline response processes.
Joseph Magee is the Chief Technology Officer and co-founder of Vigilant, where is in charge of research and development for security monitoring solutions, most recently for Vigilant’s Collective Threat Intelligence™ services. He has been an industry leader in advancing the use of SIEM for business loss prevention and threat detection. Previously, he was Chief Security Officer at Top Layer Networks, and cut his teeth in the high-risk world of on-line trading, serving as information security architect for Datek Online. Joe is an active member of SecurityMetrics.org and other industry organizations that directly contribute to the development of security monitoring best practices and standards. He attended Drexel University, where he studied Commerce & Engineering, and Management of Information Systems.
Corero Network Security, an organization’s First Line of Defense, is the leading provider of Distributed Denial of Service (DDoS) defense. As the First Line of Defense, Corero’s products and services stop DDoS and malicious server targeted attacks, protecting IT infrastructure and eliminating costly downtime. The First Line of Defense eradicates DDoS activity by filtering and removing attack traffic before it hits the network, as a result existing network security infrastructure such as firewalls and Intrusion Prevention Systems (IPS), which do not effectively stop these attacks, can carry out the tasks for which they were built. Customers include enterprises, service providers and government organizations worldwide.