Name
F8. SIEMs Can Suck…and Other Stories From the Security Sarlacc Pitt
Date & Time
Thursday, May 11, 2017, 11:15 AM - 12:15 PM
Speakers
Brian Contos - Verodin
Brian Contos
Description
Presented by Verodin - Like many of you, I’ve been installing, integrating, tuning, and operating SIEMs for way to long. One thing people like us know for certain is that from log collection and transmission to rule correlation and alerts – SIEMs sometimes suck. Without a doubt the biggest issue I’ve encountered is metadata creation i.e. rules correctly firing following an incident. When it comes to SIEMs I’ve always wanted a way to quickly and easily validate that they’re working, optimize my rules, and tune them to do precisely what I want. But SIEMs, like many security controls, can be a Sarlacc Pitt that few escape – but I’m still pulling for a certain bounty hunter with Mandalorian armor.
 
Continuously validating that you’re receiving logs following an attack, rules are firing based on that attack, and your SIEM remains effective over time are areas where Security Instrumentation Platforms or SIPs can really help. SIPs can be used to safely execute real attacks within your production environment while integrating with your defensive stack to determine if your firewalls, IPS, DLPs, endpoint security solutions, log mangers, SIEMs and related security solutions are working the way you want.
 
SIPs allow you to know the answer to questions such as – when under an attack am I: blocking, detecting, logging, correlating, alerting, and responding. And if you’re not doing some of these things, SIPs can help provide a prescriptive approach to closing the gaps.
 
 
Location Name
Room 712
Full Address
Colorado Convention Center
700 14th Street
Denver, CO 80202
United States
Category
Vendor Track
Learner Objectives
Following this presentation, you will be able to:
  • Describe how SIPs operate and how they help to optimize SIEMs
  • Contrast multiple real-life case studies for SIEMs and other security controls
  • Recognize through a live demo how SIPs are used to validate and instrument SIEMs by safely launching attacks, integrating with SIEMs following an attack, determining what was blocked, detected, and correlated, and leveraging prescriptive, evidence-based results for tuning
  • Construct solutions that leverage SIPs within your own organization
 
Speaker Bio(s)
Brian Contos has over two decades of experience in the security industry. He is a seasoned executive, board advisor, security company entrepreneur and author. After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including:  Riptech, ArcSight, Imperva, McAfee and Solera Networks.
 
Brian has worked in over 50 countries across six continents. He is a strategic board advisor for multiple companies including Cylance and Appdome. He has authored several security books, his latest with the former Deputy Director of the NSA, spoken at leading security events globally and is a Distinguished Fellow with the Ponemon Institute. Brian frequently appears in the news and has been featured in CNBC, C-SPAN, Fox, NPR, Forbes, Wall Street Journal, The London Times and many others. He most recently appeared in a cyberwar documentary alongside General Michael Hayden (former Director NSA and CIA).
Sorting Order
8