Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=MjBt6-Y2oNc


Duration: 43:16
733 views
9

Chris Crowley, Summit Chair, SANS Institute

PANELISTS:
Craig L. Bowser, Sr. Security Engineer, Dept. of Energy
Justin Henderson, Instructor & Course Author, SANS Institute
Dave Herrald, Staff Security Strategist, Splunk

SIEMs have been a central tool of SOCs for at least a decade. There are currently a significant number of vendors in this space, each of whom offer different strengths that appeal to different organizations. While there are many measures that can be used to compare each vendor (i.e. Gartner magic quadrant, Proof of Concepts, or personal experiences), we want to focus on what they all do: help SOCs monitor and find “bad.” This will show that even if your SIEM doesn’t look like someone else’s SIEM, you can monitor and detect the bad guys just as well as anyone else. To demonstrate this fact, we will take several SMEs, knowledgeable on different SIEM vendors, and give them two use cases each. They will demonstrate how each SIEM can be configured to monitor for an alert on that specific activity in an enterprise. This will include information about the level of effort needed, the data sources required, and a list of steps that you can use for implementation in your environment. The goal of this is not to bash competitors, but to encourage SOCs not to view their tool as a handicap, but to be inspired to find creative solutions.



Other Videos By SANS Institute


2018-11-29SANS Webcast - Zero Trust Architecture
2018-11-29Kolide & OSQuery: How to Build Solid Queries and Packs for Detection and Threat Hunting
2018-11-29SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
2018-10-24Practical Advice for Submitting to Speak at a Cybersecurity Conference
2018-10-23How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
2018-10-23The Science of Security: The Psychological Impacts of Security Awareness Programs
2018-10-23The Dark Arts of Social Engineering – SANS Security Awareness Summit 2018
2018-10-15SANS Webcast - YARA - Effectively using and generating rules
2018-10-15SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
2018-10-15SANS Webcast - Perimeter Security and Why it is Obsolete
2018-10-05Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
2018-09-25Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
2018-09-25Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
2018-09-24SANS Institute - 2018 Security Awareness Report Webcast Sneak Peek
2018-08-28You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
2018-08-17Introduction to Malware Analysis
2018-08-17SANS vLive Evening Classes - LEG523
2018-08-17SANS vLive Evening Classes - SEC504
2018-08-17Introduction to Linux
2018-06-14Jumping Air Gaps – SANS ICS Summit 2018
2018-06-12A Sneak Peak at the New ICS410


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
security operations summit
cyber security summit
SIEM
SIEM Training
SANS Summit