Anton's 2020 SIEM Best and Worst Practices - in Brief

•

0 likes•342 views

This document outlines best and worst practices for security information and event management (SIEM) systems according to Dr. Anton Chuvakin. Some key worst practices include failing to properly define SIEM requirements, assuming the SIEM will run itself without support, and expecting vendors to decide what to log and detect. The best practices include taking a use case approach, starting with simple quick wins, deploying in phases while continually learning and expanding, taking log collection seriously, and preparing to create your own detection content.

Technology

Anton's 2020 SIEM Best
and Worst Practices
Dr. Anton Chuvakin
@anton_chuvakin and https://medium.com/anton-on-security
Chronicle / Google Cloud
(ex-Gartner for Technical Professionals until 2019)

2020 SIEM in Context
What is SIEM today?
Does SIEM matter today?
Do you still need it?
What will happen in the future?

A Recent SIEM Problems Poll
https://twitter.com/securitybrew/status/1283924416888479746

SIEM Worst Practices
1. Skip the SIEM requirements definition phase - just buy something
2. Assume that the SIEM will deploy/manage/run itself and security
value will just materialize
3. Expect that IT and other teams will always support your
SIEM/detection/monitoring project
4. Expect the vendor to decide what you need to log and what to
detect
5. Plan to rely on ML and other “magic” provided in the box

SIEM Best Practices
1. Practice a use case approach, and “output-driven” SIEM
2. Start with “quick wins” and simple use cases
3. Deploy using a phased approach, learn, expand, learn more
4. Take log collection seriously and review often
5. Expect the log/telemetry data grow faster than you expect :-)
6. Prepare to create your own detection content and/or tune
existing content

Just for Laughs - 2011 Version of the Same...
https://www.slideshare.net/anton_chuvakin/five-best-and-five-worst-practices-for-siem-by-dr-anton-chuvakin-8721331

What's hot

Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?

Source Conference

Security operation center (SOC)

Ahmed Ayman

SOC Architecture - Building the NextGen SOC

Priyanka Aash

Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps? Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering: *Developments in the threat landscape driving a shift from preventative to detective controls *Essential security controls needed to defend against modern threats *Fundamentals for evaluating a security approach that will work for you, not against you *How a unified approach to security visibility can help you get from install to insight more quickly

Security Operations Center (SOC) Essentials for the SME

AlienVault

Baselining Logs

Anton Chuvakin

SOC Cyber Security

Steppa Cyber Security

Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin

Anton Chuvakin

The Incident Response Playbook for Android and iOS

Priyanka Aash

SureLog SIEM Jobs

Ertugrul Akbas

In recent years, endpoint security has evolved well beyond signature-based antivirus which proved unable to keep pace with the speed and volume of evolving threats. With the onslaught of new security technologies available, it can be difficult to determine where to begin. In this webinar, 451 Senior Analyst, Adrian Sanabria and Cylance Product Marketing Manager, Steve Salinas will discuss a proven approach to securing your endpoints. Adrian and Steve will present the fundamental steps to securing endpoints: • Step 1: A Better Malware Mousetrap • Step 2: More Resilient Endpoints • Step 3: Stopping Non-Malware Attacks • Step 4: Full System Visibility with Endpoint Detection and Response • Step 5: Dynamic Defense with User Behavior • Step 6: Data Visibility • Conclusion: Malware is Solved! What Now? Endpoint security can be complex. Join us for this webinar to learn how applying a reasoned, results-based approach can help you can take control of your endpoints and silence attackers.

451 and Cylance - The Roadmap To Better Endpoint Security

Adrian Sanabria

Something Fun About Using SIEM by Dr. Anton Chuvakin

Anton Chuvakin

End-User Case Study: Five Best and Five Worst Practices for SIEM Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr. Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM implementation will help maximize security and compliance value, and avoid costly obstacles, inefficiencies, and risks

Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin

Anton Chuvakin

Top 10 SIEM Best Practices, SANS Ask the Expert

AccelOps

As threats evolve, it is essential to move beyond looking at events toward developing behavioral analysis capabilities. Knowing not only the components but also the rhythms of your environment becomes crucial to enable earlier detection of attackers. This session will review the threat and risk landscape today, recommend approaches to bolster your security control monitoring, apply situational awareness and kill chain techniques, and walk through the construction of two specific use cases. They are 1) detecting compromised accounts via remote access behavior analysis and 2) detecting malicious activity (attacker or insider) by detecting and tracing network jumpers from corporate to guest networks. The session will discuss the design approach and searches used in these two use cases so that you can build other use cases to improve your security capability and posture.

Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk

Andrew Gerber

"You Got That SIEM. Now What Do You Do?" by Dr. Anton Chuvakin Many who acquired SIEM tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful.Here you can learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course!

"You Got That SIEM. Now What Do You Do?" by Dr. Anton Chuvakin

Anton Chuvakin

With the fast changing regulatory and threat landscape, organizations need to gain quick knowledge of how log management and SIEM solutions help them meet their compliance and security needs. The 2010 Data Breach Investigations Report highlights this issue, revealing that 86 percent of organizations breached had evidence of the breach in their logs. Had they found this evidence in a timely manner, they likely could have prevented much of the damage associated with a breach from occurring. In this webcast, security and compliance expert Anton Chuvakin and Tripwire's Cindy Valladares offer practical strategies organizations can apply to meet their compliance needs and improve security with log management and SIEM solutions. The difference between log management and SIEM solutions and why you need both. How defining the problem you are trying to solve helps you choose the right solution. A pragmatic approach to SIEM that ensures a successful compliance audit, but also improves security. How SIEM and log management requirements tie in to various regulations and standards like PCI, HIPAA and NERC. Additional steps organizations can take to improve security through the solutions they use for compliance. Mistakes organizations make that undermine the organization's security. Learn how solutions in the Tripwire VIA suite are a perfect fit for this pragmatic approach.

Leveraging Compliance for Security with SIEM and Log Management

Tripwire

Title: Log management and compliance: What's the real story? by Dr. Anton Chuvakin One of the problems in making an Enterprise Content Management (ECM) strategy work with compliance initiatives is that compliance needs accountability at a very granular level. Consequently, IT shops are turning to log management as a solution, with many of those solutions being deployed for the purposes of regulatory compliance. The language however, regarding log management solutions can sometimes be vague which can lead to confusion. This session will lend some clarity to the regulations that affect log management. Topics will include: Best practices for how to best mesh compliance ECM and compliance strategies with log management Tips and suggestions for monitoring and auditing access to regulated content, with a focus on Microsoft Sharepoint logging. An examination of a handful of the regulations affecting how organizations view log management and information security including The Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, The North American Electric Reliability Council (NERC), HIPAA and the HITECH Act.

Log management and compliance: What's the real story? by Dr. Anton Chuvakin

Anton Chuvakin

NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...

North Texas Chapter of the ISSA

As today’s cyber-attackers become more sophisticated and nefarious, organizations must adopt the right mix of conventional and next-generation security tools to effectively defend their infrastructure from advanced threats. The Critical Security Controls effort is a growing movement that has been helping government agencies and large enterprises prioritize their cyber security spending accordingly. By leveraging NetFlow and other types of flow data, Lancope’s StealthWatch System delivers continuous network visibility to fulfill a number of the highest priority controls, enhancing timely detection of targeted threats and improving incident response. Learn the latest about the Critical Security Controls and hear how the StealthWatch System fits in.

The Critical Security Controls and the StealthWatch System

Lancope, Inc.

What Is Next-Generation Endpoint Security and Why Do You Need It?

Priyanka Aash

What's hot (20)

Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?

Security operation center (SOC)

SOC Architecture - Building the NextGen SOC

Security Operations Center (SOC) Essentials for the SME

Baselining Logs

SOC Cyber Security

Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin

The Incident Response Playbook for Android and iOS

SureLog SIEM Jobs

451 and Cylance - The Roadmap To Better Endpoint Security

Something Fun About Using SIEM by Dr. Anton Chuvakin

Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin

Top 10 SIEM Best Practices, SANS Ask the Expert

Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk

"You Got That SIEM. Now What Do You Do?" by Dr. Anton Chuvakin

Leveraging Compliance for Security with SIEM and Log Management

Log management and compliance: What's the real story? by Dr. Anton Chuvakin

NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...

The Critical Security Controls and the StealthWatch System

What Is Next-Generation Endpoint Security and Why Do You Need It?

Similar to Anton's 2020 SIEM Best and Worst Practices - in Brief

Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin

Anton Chuvakin

Join Mike Rothman, Analyst & President of Securosis and Ted Julian, VP of Product Management and co-founder of IBM Resilient, for a webinar on common automation use cases for the Security Operations Center (SOC). Security Orchestration, Automation and Response (SOAR) tools are garnering interest in enterprise security teams due to tangible short-term benefits. Watch the recording: https://event.on24.com/wcc/r/2007717/385A881A097E8EFCE493981972303416?partnerref=LI

Automation: Embracing the Future of SecOps

IBM Security

There are many SIEM solutions available. And some ML or AI modules/tools/Add-ons available on the market. Some of those ML/AI tools available are using pure statistics for outlier detection apart from current hot topic ML, AI algorithms. What is tactical SIEM? if you are spending 80 percent of your time within a SIEM tool doing alert review and analysis, then you are on the right track. If you are an organization that is instead focusing heavily on collecting more data sources, applying patches, or running compliance reports, then your SIEM implementation may not be tactical. [2] So correlation/alert is the heart of SIEM. Some SIEM solutions have strong correlation engine and some others are weak relatively. Some SIEM correlation engines are just filters and some of them are no more than Esper CEP query. Correlation is the key factor for SIEM success. So the emphasis is correlation engine.

Which generation of siem?

Ertugrul Akbas

Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx

Vikas Singh Yadav

McAfee SIEM solution

hashnees

The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking. The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.

Scot Secure 2019 Edinburgh (Day 2)

Ray Bugg

So You Got That SIEM. Now What Do You Do? Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin) Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful? At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course! As a bonus track, how to revive a FAILED SIEM deployment you inherited at your new job will be discussed.

So You Got That SIEM. NOW What Do You Do? by Dr. Anton Chuvakin

Anton Chuvakin

IBM Security Strategi Talare: Peter Holm, Sweden Country Manager Security Systems, IBM och Kaja Narum, Integrated Business Unit Leader Security, IBM Security Operations Center behind the curtain Talare: Marcus Hallberg, Technical Solution Specialist, IBM Security From Log to SIEM ... and Incident Response Talare: Marcus Hallberg, Marcus Hallberg, Technical Solution Specialist, IBM Security och Victor Grane, Techical Sales, IBM Security IoT Security Talare: Torbjörn Andersson, Senior Security Consultant, IBM Presentationerna hölls på Watson Kista Summit 2018

Kista watson summit final public version

IBM Sverige

The Security Challenge: What's Next?

Cognizant

Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM

Rich Saglimbene

20 Years of SIEM - SANS Webinar 2022

Anton Chuvakin

SIEM technology has been around for years and continues to enjoy broad market adoption. Companies continue to rely on SIEM capabilities to handle proactive security monitoring, detection and response, and regulatory compliance. However, with today’s staggering volume of cyber-security threats and the number of security devices, network infrastructures and system logs, IT security staff can become quickly overwhelmed. Gartner projects that by 2020: -- 50% of new SIEM implementations will be delivered via SIEM as a service. -- 60% of all advanced security analytics will be delivered from the cloud as part of SIEM-as-a-service offerings.

Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...

Sirius

MITRE-Module 5 Slides.pdf

ReZa AdineH

I’ll be covering things like: - Some of the various types of penetration testing jobs - Education/Certification/Experience/Skill requirements - Should I have a degree – if so what type? - Should I have certifications – if so which ones? - Should I have work experience – if so what type? - What skills should I have prior to applying? - Do I need to be a good programmer? - Where can I get these skills if I’m not currently working in the field? - Security clearance requirements - What are good key words to use when searching IT job sites for pentesting jobs? - What to expect during the interview process - I’m not in the US, where can I find pentester work abroad? - How much money can I expect to make as a pentester? - The good the bad and the ugly…what the work is actually like day-in and day-out

So you wanna be a pentester - free webinar to show you how

Joe McCray

IT security

Steven Aiello

How does product management have more complexity while building a healthcare SAAS product? Where is the underlying technology for artificial intelligence and machine learning? Yogesh will go over the procedure and documentation involved in product development when FDA clearance and approval is required before the market launch of a product. He'll also discuss the validation and verification processes required to get the product FDA cleared. Main takeaways: -AI and ML-based SAAS healthcare products -Emphasis on collaborating with your data science team -The process and relevant documentation to get FDA clearance -The importance of QMS in the healthcare SAAS product life-cycle

How to Launch Healthcare Products by Stealthmode Health PM

Product School

Accelerating OT - A Case Study

Digital Bond

Why so many SIEM Implmentations Fail

Rita Barry

Ciso organizational priorities to build a resilient bimodal it

Chandra Sekhar Tondepu

SIEM Primer:

Anton Chuvakin

Similar to Anton's 2020 SIEM Best and Worst Practices - in Brief (20)

Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin

Automation: Embracing the Future of SecOps

Which generation of siem?

Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx

McAfee SIEM solution

Scot Secure 2019 Edinburgh (Day 2)

So You Got That SIEM. NOW What Do You Do? by Dr. Anton Chuvakin

Kista watson summit final public version

The Security Challenge: What's Next?

Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM

20 Years of SIEM - SANS Webinar 2022

Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...

MITRE-Module 5 Slides.pdf

So you wanna be a pentester - free webinar to show you how

IT security

How to Launch Healthcare Products by Stealthmode Health PM

Accelerating OT - A Case Study

Why so many SIEM Implmentations Fail

Ciso organizational priorities to build a resilient bimodal it

SIEM Primer:

More from Anton Chuvakin

Future of SOC: More Security, Less Operations

Anton Chuvakin

SOC Meets Cloud: What Breaks, What Changes, What to Do? originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?

SOC Meets Cloud: What Breaks, What Changes, What to Do?

Anton Chuvakin

Meet the Ghost of SecOps Future by Anton Chuvakin Meet the Ghost of SecOps Future Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats. But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response. Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today. Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms

Meet the Ghost of SecOps Future by Anton Chuvakin

Anton Chuvakin

SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...

Anton Chuvakin

SOC Lessons from DevOps and SRE by Anton Chuvakin

Anton Chuvakin

Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth

Anton Chuvakin

Can We REALLY 10X the SOC? by Dr Anton Chuvakin Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk. https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda

10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin

Anton Chuvakin

SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends

Anton Chuvakin

SOCstock 2021 The Cloud-native SOC

Anton Chuvakin

Modern SOC Trends 2020

Anton Chuvakin

Tips on SIEM Ops 2015

Anton Chuvakin

Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin

Anton Chuvakin

On Content-Aware SIEM by Dr. Anton Chuvakin

Anton Chuvakin

Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin

Anton Chuvakin

PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin

Anton Chuvakin

How to Gain Visibility and Control: Compliance Mandates, Security Threats and...

Anton Chuvakin

Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...

Anton Chuvakin

Zero Day Response: Strategies for the Security Innovation in Corporate Defens...

Anton Chuvakin

What PCI DSS Taught Us About Security by Dr. Anton Chuvakin

Anton Chuvakin

PCI DSS and Logging: What YOU Need To Know by Dr Anton Chuvakin Logging is a critical element in your security program, and it features prominently in PCI. Many merchants, including Higher Ed institutions, can have difficulty implementing all the requirements. In this session one of the leading Logging and SEIM experts will map the PCI DSS logging requirements to a set of actionable procedures and tasks that you can use to achieve and maintain compliance. Bring your questions!

PCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin

Anton Chuvakin

More from Anton Chuvakin (20)

Future of SOC: More Security, Less Operations

SOC Meets Cloud: What Breaks, What Changes, What to Do?

Meet the Ghost of SecOps Future by Anton Chuvakin

SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...

SOC Lessons from DevOps and SRE by Anton Chuvakin

Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth

10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin

SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends

SOCstock 2021 The Cloud-native SOC

Modern SOC Trends 2020

Tips on SIEM Ops 2015

Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin

On Content-Aware SIEM by Dr. Anton Chuvakin

Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin

PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin

How to Gain Visibility and Control: Compliance Mandates, Security Threats and...

Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...

Zero Day Response: Strategies for the Security Innovation in Corporate Defens...

What PCI DSS Taught Us About Security by Dr. Anton Chuvakin

PCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin

Recently uploaded

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Histor y of HAM Radio presentation slide

vu2urc

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Real Time Object Detection Using Open CV

Khem

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...

HTML Injection Attacks: Impact and Mitigation Strategies

GenAI Risks & Security Meetup 01052024.pdf

Histor y of HAM Radio presentation slide

Boost PC performance: How more available memory can improve productivity

Partners Life - Insurer Innovation Award 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Real Time Object Detection Using Open CV

Scaling API-first – The story of a global engineering organization

Boost Fertility New Invention Ups Success Rates.pdf

🐬 The future of MySQL is Postgres 🐘

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Axa Assurance Maroc - Insurer Innovation Award 2024

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Advantages of Hiring UIUX Design Service Providers for Your Business

How to Troubleshoot Apps for the Modern Connected Worker

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Artificial Intelligence: Facts and Myths

Tech Trends Report 2024 Future Today Institute.pdf

Data Cloud, More than a CDP by Matt Robison

Anton's 2020 SIEM Best and Worst Practices - in Brief

1. Anton's 2020 SIEM Best and Worst Practices Dr. Anton Chuvakin @anton_chuvakin and https://medium.com/anton-on-security Chronicle / Google Cloud (ex-Gartner for Technical Professionals until 2019)

2. 2020 SIEM in Context What is SIEM today? Does SIEM matter today? Do you still need it? What will happen in the future?

3. Best / Worst Practices?

4. A Recent SIEM Problems Poll https://twitter.com/securitybrew/status/1283924416888479746

5. SIEM Worst Practices 1. Skip the SIEM requirements definition phase - just buy something 2. Assume that the SIEM will deploy/manage/run itself and security value will just materialize 3. Expect that IT and other teams will always support your SIEM/detection/monitoring project 4. Expect the vendor to decide what you need to log and what to detect 5. Plan to rely on ML and other “magic” provided in the box

6. SIEM Best Practices 1. Practice a use case approach, and “output-driven” SIEM 2. Start with “quick wins” and simple use cases 3. Deploy using a phased approach, learn, expand, learn more 4. Take log collection seriously and review often 5. Expect the log/telemetry data grow faster than you expect :-) 6. Prepare to create your own detection content and/or tune existing content

7. Q&A

8. Just for Laughs - 2011 Version of the Same... https://www.slideshare.net/anton_chuvakin/five-best-and-five-worst-practices-for-siem-by-dr-anton-chuvakin-8721331

Editor's Notes

https://blogs.gartner.com/anton-chuvakin/2017/08/14/lets-define-siem/
Other write-ins: Log collection challenges Mismatched expectations

Anton's 2020 SIEM Best and Worst Practices - in Brief

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Anton's 2020 SIEM Best and Worst Practices - in Brief

Similar to Anton's 2020 SIEM Best and Worst Practices - in Brief (20)

More from Anton Chuvakin

More from Anton Chuvakin (20)

Recently uploaded

Recently uploaded (20)

Anton's 2020 SIEM Best and Worst Practices - in Brief

Editor's Notes