Just a quick post about my upcoming presentation at Source Boston 2011 – one of the most fun security conferences around!
The details are quoted from the conference site:
So You Got That SIEM. Now What Do You Do?
Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin)Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive."
So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful?At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course! As a bonus track, how to revive a FAILED SIEM deployment you inherited at your new job will be discussed.
Dr. Anton Chuvakin is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books "Security Warrior" and "PCI Compliance." Currently he runs his consulting practice focused on SIEM, log management as well as compliance.
So, if you are around Boston on April 20-22 – see you there!