Event logs provide valuable information to troubleshoot operational errors, and investigate potential security exposures. They are literally the bread crumbs of the IT world. As a result, a commonly-used approach is to collect logs from everything connected to the network "just in case" without thinking about what data is actually useful. But, as you're likely aware, the "collect everything" approach can actually make threat detection and incident response more difficult as you wade through massive amounts of irrelevant data.
Join us for this session to learn practical strategies for defining what you actually need to collect (and why) to help you improve threat detection and incident response, and satisfy compliance requirements. In this session, you'll learn:
- What log data you always need to collect and why
- Best practices for network, perimeter and host monitoring
- Key capabilities to ensure easy, reliable access to logs for incident response efforts
- How to use event correlation to detect threats and add valuable context to your logs
Watch It Now!
SVP, Worldwide, Sales Engineering
Tom D'Aquino has been engaged in information security with an emphasis on supporting enterprise SIEM deployments for nearly ten years. His most recent endeavors include educating others in the art of security analysis while evangelizing the benefits of AlienVault's unified approach to information security management aka AlienVault USM. Tom loves to reminisce about the good ol' days of using grep and regex to find suspicious activity in log files and he is always thrilled to brainstorm with you on your own security use cases and initiatives.