Today, the majority of advanced cybersecurity teams collect events using multiple layers (user access, antivirus, UTM/NextGen Firewall, Intrusion Detection, DNS blackhole, etc.), all fed into a security information and event management (SIEM) or log management platform. Unfortunately, the complexity of today’s methods for threat detection has yielded increasingly large sets of discrete alerts without any correlation across threat vectors. As a result, the large number of false positives has led to exhaustion within security teams as they try to keep up.
The future of SIEM will call for smart approaches to correlating events across layers and vectors in order to effectively detect advanced persistent threats (APT) and filter out false positives. The result of this new approach will allow security teams to better prioritize and triage security alerts.
In this webinar, we discuss:
As part of this presentation, Thomas and Ashwin will use widely available open source tools and libraries.
Download a PDF of this webinar presentation: