This resource is no longer available

Using SIEM to proactively identify potential attacks


Information security teams that have worked with SIEM systems are likely used to using them to gather disparate security data to identify trends and spot dangerous activity. However, leading security organizations are adopting new approaches that take advantage of SIEM technology to spot indicators of potential attacks. In this presentation, learn how SIEM can be used to proactively identify potential attacks by incorporating techniques from artificial intelligence, machine learning and attack modeling; how to configure, tune and manage a SIEM for this purpose; and how to avoid common difficulties such as false positives. Other points of emphasis will include:

  • Discussion of attack pattern recognition; establishing and flagging pattern deviations
  • Comparison of point-based anomaly detection techniques vs. time-series analysis
  • Methods for avoiding unnecessary remediation activities using event pattern circumstance recognition


Andrew Hutchison Information Security Specialist, T-Systems International

Andrew Hutchison is an information security specialist with T-Systems International in South Africa. An information security practitioner with 20 years of technical and business experience, his technical security work has included secure system development, security protocol design and analysis, and intrusion detection and network security solutions.

HP Enterprise Security
21 Feb 2012

This resource is no longer available.