Network IDS is one of the most effective tools for sniffing out attackers in your network. However, correlation of IDS events is needed to minimize noise and focus on the alerts that really matter. Most SIEM solutions ship with a set of "out of the box" correlation directives. But without specific knowledge of which IDS tool and signature set you're using, those rules are all but useless. Writing your own correlation directives is certainly an option, but that requires a great deal of time and expertise to do effectively, and re-do as the network and threats change.
Join this webcast to learn:
- Why "one size fits all" SIEM correlation directives are ineffective
- How a unified SIEM + IDS solution simplifies threat detection and investigation
- Why real-time threat intelligence is essential to detect modern threats
Watch It Now!
VP, WW Sales Engineering
Tom D'Aquino has been engaged in information security with an emphasis on supporting enterprise SIEM deployments for nearly ten years. His most recent endeavors include educating others in the art of security analysis while evangelizing the benefits of AlienVault's unified approach to information security management aka AlienVault USM. Tom loves to reminisce about the good ol' days of using grep and regex to find suspicious activity in log files and he is always thrilled to brainstorm with you on your own security use cases and initiatives.