To run a successful SIEM operation, you must develop the necessary people, processes, and long-term commitment beyond just purchasing tools. Key factors include defining clear use cases to solve security problems, establishing processes for configuration, monitoring, analysis, and response, and ensuring the program evolves through continuous review and integration with other technologies. Without the proper planning and operationalization, SIEM implementations are at risk of common pitfalls like remaining input-driven or failing to mature beyond the initial deployment.
So You Got That SIEM. NOW What Do You Do? by Dr. Anton ChuvakinAnton Chuvakin
So You Got That SIEM. Now What Do You Do? Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin)
Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive."
So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful?
At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course! As a bonus track, how to revive a FAILED SIEM deployment you inherited at your new job will be discussed.
Security information and event management (SIEM) solutions have entered the market to provide security intelligence and automate managing terabytes of log data for IT security. SIEM solutions monitor network systems, devices, and applications in real time, providing security intelligence for IT professionals to mitigate threats, correlate events, identify the root cause of security incidents, and meet compliance requirements.
Most organizations think that SIEM solutions have a steep learning curve and are expensive, complex, and hard to deploy. This claim may be true about many SIEM vendors. However, the right SIEM solution is one that can be easily deployed, is cost-effective, and meets all your IT security needs with a single tool.
ManageEngine's SIEM Expert, Joel Fernandes will discuss on 8 things every IT manager should know about choosing an SIEM Solution.
You'll learn how to:
Choose an SIEM solution
Monitor user activity to curb insider threat
Proactively mitigate sophisticated cyber-attacks
Meet IT Compliance Requirements
So You Got That SIEM. NOW What Do You Do? by Dr. Anton ChuvakinAnton Chuvakin
So You Got That SIEM. Now What Do You Do? Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin)
Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive."
So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful?
At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course! As a bonus track, how to revive a FAILED SIEM deployment you inherited at your new job will be discussed.
Security information and event management (SIEM) solutions have entered the market to provide security intelligence and automate managing terabytes of log data for IT security. SIEM solutions monitor network systems, devices, and applications in real time, providing security intelligence for IT professionals to mitigate threats, correlate events, identify the root cause of security incidents, and meet compliance requirements.
Most organizations think that SIEM solutions have a steep learning curve and are expensive, complex, and hard to deploy. This claim may be true about many SIEM vendors. However, the right SIEM solution is one that can be easily deployed, is cost-effective, and meets all your IT security needs with a single tool.
ManageEngine's SIEM Expert, Joel Fernandes will discuss on 8 things every IT manager should know about choosing an SIEM Solution.
You'll learn how to:
Choose an SIEM solution
Monitor user activity to curb insider threat
Proactively mitigate sophisticated cyber-attacks
Meet IT Compliance Requirements
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
Got SIEM? Now what? Making SIEM work for you!
Dr Anton Chuvakin
SANS 2010
Security Information and Event Management (SIEM) as well as log management tools have become more common across large organizations in recent years. SIEM and log management have also been a topic of hot debates. In fact, you organization might have purchased these tools already. However, many who acquired SIEM tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful. Attend this session to learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made.
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
With the fast changing regulatory and threat landscape, organizations need to gain quick knowledge of how log management and SIEM solutions help them meet their compliance and security needs. The 2010 Data Breach Investigations Report highlights this issue, revealing that 86 percent of organizations breached had evidence of the breach in their logs. Had they found this evidence in a timely manner, they likely could have prevented much of the damage associated with a breach from occurring.
In this webcast, security and compliance expert Anton Chuvakin and Tripwire's Cindy Valladares offer practical strategies organizations can apply to meet their compliance needs and improve security with log management and SIEM solutions.
The difference between log management and SIEM solutions and why you need both.
How defining the problem you are trying to solve helps you choose the right solution.
A pragmatic approach to SIEM that ensures a successful compliance audit, but also improves security.
How SIEM and log management requirements tie in to various regulations and standards like PCI, HIPAA and NERC.
Additional steps organizations can take to improve security through the solutions they use for compliance.
Mistakes organizations make that undermine the organization's security.
Learn how solutions in the Tripwire VIA suite are a perfect fit for this pragmatic approach.
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
This presentation will introduce the first ever standard on log management - NIST 800 - 92 guide. It will then offer a guide walk through to highlight the critical areas of standardization. The majority of the remaining time will be spent on explaining how to use the guide in the real world if you are a security manager or a security pro.
Top 10 SIEM Best Practices, SANS Ask the ExpertAccelOps
This is the SANS ask the experts webinar "Putting the top 10 SIEM best practices to work" which discussed the major categories by an expert panel during the Sept. 2, 2010 webcast sponsored and created by AccelOps (copyright) and moderated by Bill Sieglein of the CSO Breakfast Club.
Making Log Data Useful: SIEM and Log Management TogetherAnton Chuvakin
Outline for Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin @ Security Warrior Consulting
Security Information and Event Management vs/with Log Management
Graduating from LM to SIEM
SIEM and LM “best practices”
First steps with SIEM
Using SIEM and LM together
Conclusions
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
"You Got That SIEM. Now What Do You Do?" by Dr. Anton ChuvakinAnton Chuvakin
"You Got That SIEM. Now What Do You Do?" by Dr. Anton Chuvakin
Many who acquired SIEM tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful.Here you can learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course!
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Using Logs for Breach Investigations and Incident Response by Dr Anton ChuvakinAnton Chuvakin
Log and logging overview
A brief on Incident response and forensics
Logs in incident investigations
Just what is log forensics?
Conclusions and call to action!
Modern SIEMs support many different business and technical use cases, including security, compliance, big data analytics, IT operations, and others. However, this does not mean that any SIEM solution will satisfy your unique business and technical needs. Not all SIEMs are built equally or optimally to support all use cases, so it’s important to begin your SIEM evaluation by defining your specific use cases or goals.
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
Too often, organizations purchase SIEM and log management solutions to check a compliance checkbox. These organizations miss a huge opportunity to improve security while meeting compliance requirements. In this white paper, security and compliance eWPxpert Dr. Anton Chuvakin explains how to take advantage of this opportunity.
Whitepaper here: http://www.tripwire.com/register/a-pragmatic-approach-to-siem-buy-for-compliance-use-for-security/
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
Got SIEM? Now what? Making SIEM work for you!
Dr Anton Chuvakin
SANS 2010
Security Information and Event Management (SIEM) as well as log management tools have become more common across large organizations in recent years. SIEM and log management have also been a topic of hot debates. In fact, you organization might have purchased these tools already. However, many who acquired SIEM tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful. Attend this session to learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made.
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
With the fast changing regulatory and threat landscape, organizations need to gain quick knowledge of how log management and SIEM solutions help them meet their compliance and security needs. The 2010 Data Breach Investigations Report highlights this issue, revealing that 86 percent of organizations breached had evidence of the breach in their logs. Had they found this evidence in a timely manner, they likely could have prevented much of the damage associated with a breach from occurring.
In this webcast, security and compliance expert Anton Chuvakin and Tripwire's Cindy Valladares offer practical strategies organizations can apply to meet their compliance needs and improve security with log management and SIEM solutions.
The difference between log management and SIEM solutions and why you need both.
How defining the problem you are trying to solve helps you choose the right solution.
A pragmatic approach to SIEM that ensures a successful compliance audit, but also improves security.
How SIEM and log management requirements tie in to various regulations and standards like PCI, HIPAA and NERC.
Additional steps organizations can take to improve security through the solutions they use for compliance.
Mistakes organizations make that undermine the organization's security.
Learn how solutions in the Tripwire VIA suite are a perfect fit for this pragmatic approach.
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
This presentation will introduce the first ever standard on log management - NIST 800 - 92 guide. It will then offer a guide walk through to highlight the critical areas of standardization. The majority of the remaining time will be spent on explaining how to use the guide in the real world if you are a security manager or a security pro.
Top 10 SIEM Best Practices, SANS Ask the ExpertAccelOps
This is the SANS ask the experts webinar "Putting the top 10 SIEM best practices to work" which discussed the major categories by an expert panel during the Sept. 2, 2010 webcast sponsored and created by AccelOps (copyright) and moderated by Bill Sieglein of the CSO Breakfast Club.
Making Log Data Useful: SIEM and Log Management TogetherAnton Chuvakin
Outline for Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin @ Security Warrior Consulting
Security Information and Event Management vs/with Log Management
Graduating from LM to SIEM
SIEM and LM “best practices”
First steps with SIEM
Using SIEM and LM together
Conclusions
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
"You Got That SIEM. Now What Do You Do?" by Dr. Anton ChuvakinAnton Chuvakin
"You Got That SIEM. Now What Do You Do?" by Dr. Anton Chuvakin
Many who acquired SIEM tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful.Here you can learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course!
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Using Logs for Breach Investigations and Incident Response by Dr Anton ChuvakinAnton Chuvakin
Log and logging overview
A brief on Incident response and forensics
Logs in incident investigations
Just what is log forensics?
Conclusions and call to action!
Modern SIEMs support many different business and technical use cases, including security, compliance, big data analytics, IT operations, and others. However, this does not mean that any SIEM solution will satisfy your unique business and technical needs. Not all SIEMs are built equally or optimally to support all use cases, so it’s important to begin your SIEM evaluation by defining your specific use cases or goals.
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
Too often, organizations purchase SIEM and log management solutions to check a compliance checkbox. These organizations miss a huge opportunity to improve security while meeting compliance requirements. In this white paper, security and compliance eWPxpert Dr. Anton Chuvakin explains how to take advantage of this opportunity.
Whitepaper here: http://www.tripwire.com/register/a-pragmatic-approach-to-siem-buy-for-compliance-use-for-security/
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Is SIEM really Dead ? OR Can it evolve into a Platform ?Aujas
The challenges with SIEM and How it can become an integrated security platform, to provide a framework for managing next generation SOC, and mitigate advanced attacks
Why do many managed services relationships fail? And fail again? Both organizations need to be aligned up front and hold hands during onboarding. This presentation covers the top five focus areas. Many MSSP relationships are doomed at the onboarding stage when an organization first becomes a customer. Given how critical these early stage activities are to your partnership, it's imperative to understand the top five areas of focus: technology deployment (the easy part, getting the tech running); the call tree (who do I wake up at 3 a.m.?); process sync (the fun part: mutual synchronization on who does what and when); access, access, access (you need access to do something); and the context of technology (the need to understand your shop).
What you’ll take away:
Understand proven success criteria for successful outsourcing of security operations
Learn how to align security technologies to security processes, and the key focus areas of security operations
Access to key checklists and charts to drive onboarding of managed services
An understanding of specific terms and conditions that need to be included in data-related contracts under applicable laws
Discover how other organizations have succeeded and failed in MSSP relations
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
World's #1 SIEM technology in GRC (Governance, Risk, Compliance). QRadar Risk Manager provides organizations with a pre-exploit solution that allows network security professionals to assess what risks exist during and after an attack, while also answering many "What if?" questions ahead of time, which can greatly improve operational efficiency and reduce network security risks.
From reactive to automated reducing costs through mature security processes i...NetIQ
Addressing Human Vulnerabilities that Bedevil IT Security:
All systems are susceptible to the social engineering techniques that lie at the root of some or all the well publicized security incidents. But why can’t the industry do more to design out the human vulnerabilities that continue to bedevil even the best security systems?
It is important to understand that good security is ultimately a people issue and that while updating rules in technology to keep pace with threats is reasonably easy, changing human behaviour – and thus reducing the risks of social engineering – is much more difficult to do and maintain consistently.
Automated intelligence and control is the logical next step for how security management solutions solve problems in more complex, fast moving environments. The urgency to make business exception management and end-user policy management more fit for purpose is driven by how regulators are becoming more proactive and demanding.
Information Assurance Metrics: Practical Steps to MeasurementEnclaveSecurity
Show up to a security presentation, walk away with a specific action plan. In this presentation, James Tarala, a senior instructor with the SANS Institute, will be presenting on making specific plans for information assurance metrics in an organization. Clearly this is an industry buzzword at the moment when you listen to presentations on the 20 Critical Controls, NIST guidance, or industry banter). Security professionals have to know that their executives are discussing the idea. So exactly how do you integrate information assurance metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program. Small steps are better than no steps, and by the end of this presentation, students will have a start integrating metrics into their information assurance program.
Security Information and Event Management (SIEM) is a technology for cyber security that provides real-time analysis of security alerts generated by hardware as well as network applications.
SIEM monitoring supports earliest threat detection and fastest security incident response through the real-time collection and historical analysis of security events that are compiled from a broad variety of event and contextual data sources. SIEM tools also support compliance reporting and incident investigation via historical data analysis from the sources.
Monitoring for Operational Outcomes and Application Insights: Best Practices ...Amazon Web Services
There are two goals of monitoring: achieve situational awareness to provide timely and effective responses and gain insights for the business and operations that enable proactive courses of action. In this workshop, we take you through the process of developing and implementing a workload monitoring plan to achieve these objectives. You utilize logs, metrics, dashboards, events, and alarms within the definition of your plan, and then you implement it using AWS tools, services, and features. You also alert on the major categories of events, monitor for operational outcomes, trigger responses, and deliver insights. To participate in this workshop, bring your laptop and have a nonproduction AWS account.
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
20 years of SIEM was prepared for the SANS webinar https://www.sans.org/webcasts/anton-chuvakin-discusses-20-years-of-siem-what-s-next/ and offers Anton's reflection on SIEM past and future
Log management and compliance: What's the real story? by Dr. Anton ChuvakinAnton Chuvakin
Title: Log management and compliance: What's the real story? by Dr. Anton Chuvakin
One of the problems in making an Enterprise Content Management (ECM) strategy work with compliance initiatives is that compliance needs accountability at a very granular level. Consequently, IT shops are turning to log management as a solution, with many of those solutions being deployed for the purposes of regulatory compliance. The language however, regarding log management solutions can sometimes be vague which can lead to confusion. This session will lend some clarity to the regulations that affect log management. Topics will include:
Best practices for how to best mesh compliance ECM and compliance strategies with log management
Tips and suggestions for monitoring and auditing access to regulated content, with a focus on Microsoft Sharepoint logging.
An examination of a handful of the regulations affecting how organizations view log management and information security including The Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, The North American Electric Reliability Council (NERC), HIPAA and the HITECH Act.
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinAnton Chuvakin
... aka “Teachings of Don PCI”
Presentation title: What PCI DSS Taught Us About Security
Brief abstract: This presentation will derive some useful lessons from our industry experience with PCI DSS. Organization can use these lessons to improve their security programs and reduce risk as well.
PCI DSS and Logging: What You Need To Know by Dr. Anton ChuvakinAnton Chuvakin
PCI DSS and Logging: What YOU Need To Know by Dr Anton Chuvakin
Logging is a critical element in your security program, and it features prominently in PCI. Many merchants, including Higher Ed institutions, can have difficulty implementing all the requirements. In this session one of the leading Logging and SEIM experts will map the PCI DSS logging requirements to a set of actionable procedures and tasks that you can use to achieve and maintain compliance. Bring your questions!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Elevating Tactical DDD Patterns Through Object Calisthenics
Generic siem how_2017
1. How to Run a SIEM
Operation?
Dr Anton Chuvakin
@anton_chuvakin
2. Disclaimer: HISTORICAL INTEREST ONLY
This material is at least several years old and
is preserved here for HISTORICAL INTEREST
ONLY
Advice may not reflect current conditions
(but then again, it may reflect yours…)
3. • You can buy a SIEM tool — but you cannot buy a security monitoring
capability or a SIEM operation.
• You have to buy the tools, grow the people and mature
the processes.
• Security monitoring is an eternal commitment, not a project. You start
today and you end ... never!
Program, NOT a Project!
4. • Key processes and practices are needed for a successful SIEM
implementation
• Avoid common mistakes that plague SIEM operations
• Other technologies to be linked with SIEM to make your SOC better
Outline
5. Security Information and Event Management (SIEM)
Reminder
SIEM
Analysis
Repository
Query Reports
Data Collection
SIM
Incident
Management
CorrelationNormalization
Real-Time
Monitoring
SEM
Threat Intelligence
Data
Asset
Vulnerability
User
Context
Network Firewall
Application FirewallApplication
Database
Server
Network Device
NIDS/NIPS
Endpoint Protection
Data Loss Prevention
File Integrity Monitor
Event Data
Log Management Lives Here Too
7. USE CASES!
Taking aspirin is about the headache, not about low aspirin
content in your blood!
What problem are you trying to solve?
8. • Threat Oriented: Use cases implemented to identify a specific threat or
threat actor.
• Control Oriented: Use cases required as a control from a framework or
other regulatory document.
• Asset Oriented: Use Cases about activities touching specific data assets
– payment card data, patient information, product designs
Identifying Use Cases
9. 1. Authentication monitoring by using login logs.
2. Compromised- and infected-system tracking; malware detection by
using outbound firewall logs, NIPS and proxy logs.
3. Validating IDS/IPS (IDS/IPS) alerts by using context data.
4. Monitoring for suspicious outbound connectivity and data transfers.
5. Tracking system changes and other administrative actions across internal
systems and matching them to allowed policy.
6. Tracking of Web application attacks and their consequences by using
Web server, WAF and application server logs.
Top Starter Use Cases
10. Prioritizing Use Cases
Importance Feasibility
Problems you want
solved first
Problems you can easily
solve with available tools,
data and vendor content
Go here first!
11. SIEM Use Case Example: Authentication
Abuse Tracking
Step Details
Use-Case Selection Focus on tracking authentication across systems to detect
unauthorized access.
Data Collection Have a list of systems: Servers, VPN concentrators, network
devices, and others.
Log Source Configuration Contact the team that operates the systems and make them
modify the logging configurations.
SIEM Content Preparation Review vendor's content, check it for suitability; modify the
reports and rules until satisfied.
Definition of Operational Processes Review operational processes (e.g., a process for suspending
or disabling user accounts).
Refinement of the Content Review dashboards and test rules to see whether incidents
will be detected.
12. Use Output-Driven SIEM: Start Backwards!
Data Sources,
Logs, Flows,
Context, Etc.
SIEM Tool
Alerts,
Actions,
Reports,
Investigation
14. Essential SIEM Operational Processes
Collector and log source configuration
SIEM uptime and performance monitoring
Escalation and collaboration
Content tuning and customization process
Analyst training
SIEM program checkpoint
15. • Incident response
• Security:
• Detection focus:
• Alert triage process
• Activity baselining process
• Response focus:
• Indicator analysis process
• Remediation process
• Compliance:
• Report review process
• Report refinement based on changing
requirements process
• Compliance issue remediation process
More Essential SIEM Processes
Mature security operations only: Data exploration process/"hunting"
16. Suggested SIEM Alert Workflow
Individual Alert
Investigate
Out of Baseline Issue:
Unknown Status
Routine Entry:
Follows Daily Baseline
Known Bad Issue:
Documented as
Indication of Problems
Unknown
(After Analysis)
GoodBad
Verify Impact/
Prioritize
Additional
Investigation
(Not to Incident)
Document
as "Good";
Tune Rules
Accordingly
Incident Response Workflow
No Action Required
17. SIEM Skills for Success
"Run"
Skill Set
"Tune"
Skill Set
SIEM
Win!
"Watch"
Skill Set
18. Core SIEM Team Skills
Shorthand Description Common Job Titles for This Role
Run Maintain an SIEM product in operational
status, monitor its uptime, optimize
performance, deploy updates, and perform
other system management tasks
SIEM administrator and SIEM engineer
Watch Use the SIEM product for security monitoring,
investigate alerts and review activity reports
Security analyst, SIEM analyst, and incident
responder
Tune Refine and customize SIEM content and
create content specific to new use cases
Content developer and SIEM consultant
20. • Use cases are not “set and forget”.
• Many situations where a use case has to be reviewed:
• New tool implementation review
• Periodic review (quarterly)
• Triggered by:
• Performance issues
• Effectiveness issues (False positives, False negatives, number of alerts)
• Changes to business, enviroment, threats or technology
Reviewing Your SIEM Use Cases
22. SIEM Maturity Roadmap
State
No. Maturity Stage Key Processes That Must Be in Place
1 SIEM deployed and collecting some log data • SIEM infrastructure monitoring process
• Log collection monitoring process
2 Periodic SIEM usage, dashboard/report review • Incident response process
• Report review process
3 SIEM alerts and correlation rules enabled • Alert triage process
4 SIEM tuned with customized filters, rules, alerts,
and reports
• Real-time alert triage process
• Content tuning process
5 Advanced monitoring use cases, custom SIEM
content use cases
• Threat intelligence process
• Content research and development
23. Sample Metrics For Use Case Management
Metric
Use Cases in Production vs Use Cases Waiting for Implementation
Number of Use Cases reviewed per time period
Number of Use Cases optimized/changed per time period, including reasons for changes.
Number of Use Cases removed per time period, including reasons for removal
Number of Use Cases implemented per monitoring tool
Number of Use Cases not implemented due to Technology limitations
24. SIEM and Friends
TI SIEM Detection
SIEM
Alerts
EDR
Confirmed
alert
SIEM UEBA
New
insight
25. • Deploy User and Entity Behavior Analytics (UEBA) — "add-on" SIEM brain
for user-centric analysis:
• Detect compromised accounts "automatically"
• Enrich alerts with user behavior profiles
• Utilize vendor-provided anomaly algorithms
• Eventually refine/define own algorithms
Quick Win: Graduating Beyond SIEM
26. • Have to solve security problems that SIEM is suboptimal for?
• Want to apply more algorithms to log, flow and context data?
• Have higher volume or diversity of data?
• Need to postprocess alerts?
SIEM and/or/vs/with Security Analytics?
28. • Planning:
• Skip the planning stage and just buy some SIEM tool
• Define the need for a SIEM in vague terms
• Fail to define the initial deployment scope, starter use cases
• Operation:
• Assume that the SIEM effort would run itself, skimp on the people side
• Practice “input-driven” SIEM
• Not refining the evolving requirements
Top SIEM Pitfalls
29. Think "security monitoring capability," not "SIEM box."
SIEM requires "care and feeding" to give value:
• Prepare to be involved with the tool indefinitely.
Use "output-driven" SIEM approach.
Define processes and dedicate personnel to use the tool:
• Define/Refine and incident response process.
Follow the maturity levels — or suffer!
Review your route beyond SIEM — UBA, analytics, etc.
Advice