Event logs provide valuable information to troubleshoot operational errors, and investigate potential security exposures. They are literally the bread crumbs of the IT world. As a result, a commonly-used approach is to collect logs from everything "just in case". But, the "collect everything" approach can actually make threat detection and incident response more difficult as you wade through massive amounts of irrelevant data.
Join us for this session to learn:
- What log data you always need to collect and why
- Best practices for network, perimeter and host monitoring
- Key capabilities to ensure easy, reliable access to logs for incident response efforts
- How to use event correlation to detect threats and add valuable context to your logs
We'll finish up with a brief demo of how AlienVault Unified Security Management can deliver actionable insights from your logs.
Watch It Now!
SVP, Worldwide, Sales Engineering
Tom D'Aquino has been engaged in information security with an emphasis on supporting enterprise SIEM deployments for nearly ten years. His most recent endeavors include educating others in the art of security analysis while evangelizing the benefits of AlienVault's unified approach to information security management aka AlienVault USM. Tom loves to reminisce about the good ol' days of using grep and regex to find suspicious activity in log files and he is always thrilled to brainstorm with you on your own security use cases and initiatives.