Eric Knight C|EH, CISSP is a Senior Knowledge Engineer at LogRhythm Inc. As a preview to his presentation at Hacker Halted USA, Eric will be describing the main components of a SIEM deployment and why they are important to handling data related to investigations. SIEMs have multiple logical and physical components that collect, categorize and reduce data into meaningful events to display on the dashboard while retaining the original log data for compliance and possible future use in investigations. Scalability is accomplished using specialized servers, collectors, and host-resident agents. Components that manage the information are also critical, as lost information, improperly collected data and logs that cannot be processed can hamper an investigation.
Security Information/Event Management (SIEM) solutions are being installed by organizations around the world to identify increasingly complicated and frequent threats — both external and internal. By establishing a well-constructed centralized security intelligence system that collects information from critical infrastructure, SIEMs offer visibility into the security and operational posture of an organizations IT environment. The security state is presented in real time using simple yet powerful dashboards that provide a launching point for investigations.
Date: June 4, 2009
Time: 9:00AM (EST – New York Time)
Register for this FREE the webcast HERE.
HackerJournals