Methods for Extending Visibility to Servers to Detect APT and Insider Abuse

Security and Information Event Managers (SIEM) tools rely heavily on perimeter security logs, like those from firewalls, IPS and router NetFlow, The sharing of these logs with SIEMs have been very successful in identifying sophisticated external attacks in very early stages.  Now, for most organizations, the most severe data breaches are coming from privileged insiders or from Advanced Persistent Threats (APT) that imitate the privileged user.  In this podcast Caleb talks with experts from Vormetric to explore if it is possible to use the tried and true SIEM and anomaly detection techniques with file system level log information to detect and identify APT and Insider abuse.