Methods for Extending Visibility to Servers to Detect APT and Insider Abuse

Broadcast in Technology

Call in to speak with the host

(646) 478-3713

h:127791
s:6285091
archived
Caleb Barlow

Caleb Barlow

×  

Follow This Show

If you liked this show, you should follow Caleb Barlow.

Security and Information Event Managers (SIEM) tools rely heavily on perimeter security logs, like those from firewalls, IPS and router NetFlow, The sharing of these logs with SIEMs have been very successful in identifying sophisticated external attacks in very early stages.  Now, for most organizations, the most severe data breaches are coming from privileged insiders or from Advanced Persistent Threats (APT) that imitate the privileged user.  In this podcast Caleb talks with experts from Vormetric to explore if it is possible to use the tried and true SIEM and anomaly detection techniques with file system level log information to detect and identify APT and Insider abuse.

Comments

 comments