Presented by: Ashwin Swamy, Omega ATC & Thomas Duncan, Omega ATC
Today, the majority of advanced cybersecurity teams collect events using multiple layers (user access, antivirus, UTM/NextGen Firewall, Intrusion Detection, DNS blackhole, etc.), all fed into a security information and event management (SIEM) or log management platform. Unfortunately, the complexity of today’s methods for threat detection has yielded increasingly large sets of discrete alerts without any correlation across threat vectors. As a result, the large number of false positives has led to exhaustion within security teams as they try to keep up.
The future of SIEM will call for smart approaches to correlating events across layers and vectors in order to effectively detect advanced persistent threats (APT) and filter out false positives. The result of this new approach will allow security teams to better prioritize and triage security alerts.
In this webinar, we discuss:
- The difference between typical layered security and layered security that uses event correlation
- Case studies in real, everyday business environments that involve visual exploratory data analysis (EDA) and data science techniques
- How data science will impact the future of SIEM platforms and threat management
- How smarter SIEM tools can be used to address PCI DSS Requirement 10.6 - “review logs and security events for all system components to identify anomalies or suspicious activity"
As part of this presentation, Thomas and Ashwin will use widely available open source tools and libraries.
Download a PDF of this webinar presentation: