This resource is no longer available
Using SIEM to proactively identify potential attacks
Information security teams that have worked with SIEM systems are likely used to using them to gather disparate security data to identify trends and spot dangerous activity. However, leading security organizations are adopting new approaches that take advantage of SIEM technology to spot indicators of potential attacks. In this presentation, learn how SIEM can be used to proactively identify potential attacks by incorporating techniques from artificial intelligence, machine learning and attack modeling; how to configure, tune and manage a SIEM for this purpose; and how to avoid common difficulties such as false positives. Other points of emphasis will include:
- Discussion of attack pattern recognition; establishing and flagging pattern deviations
- Comparison of point-based anomaly detection techniques vs. time-series analysis
- Methods for avoiding unnecessary remediation activities using event pattern circumstance recognition
SpeakerAndrew Hutchison Information Security Specialist, T-Systems International
Andrew Hutchison is an information security practitioner with 20 years of technical and business experience in areas like secure system development, security protocol design and analysis, intrusion detection and network security solutions. He has held executive responsibility for information security in a large enterprise, establishing its chief security officer role, and has experience in deploying and operating SIEM systems in a managed service provider environment. He is an adjunct professor of computer science at the University of Cape Town in South Africa.