Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

SIEM State of the Art at the 2018 Cybersecurity Summit (Wash DC, Sept 25-27)

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
0 0 2,272

SIEM State of the Art at the 2018 Cybersecurity Summit.png Now more than ever, you need to know the security threat landscape that impacts your business health, possibly already infiltrating your business today. It’s easy to become numb to the noise we hear every day, but the impact is real. Another statistic, another headline. Are you comfortable enough to sleep at night? Not limited to pages of fiction, the threats are at our doorstep, case in point: 

  • This month Google added a new feature to alert administrators if a user’s account appears to be targeted by a government-backed attack. This is a wake-up call, if it's common enough to include this feature in, standard, and
  • Across the pond, TSMC, the Taiwanese iPhone chipmaker, had to shut down several factories this month due to a WannaCry variant spreading across their network. 

Fortunately, Micro Focus ArcSight monitors for ransomware and has packages specific to WannaCry. Connectors can also be deployed to ingest data from cloud services like Google’s G-Suite. All events can be correlated against threat intelligence feeds, most of which are already compatible with ArcSight ESM. 

But what this all does is highlight that reliable, comprehensive security intelligence, enabling a fast response, are critically important concerns for IT leaders to resolve—are you ready? Consider…

  • Threat detection must now be at the forefront of the security analyst mindset
  • Automation and scalability are needed to reduce TCO for manageability
  • Extensibility must support wide-ranging data sources and complimentary tools, and
  • Avoiding apathy and becoming a statistic is not an option, plain and simple. What can you do? 

At the Micro Focus Cybersecurity Summit in September, customers, partners, and Micro Focus subject matter experts will be gathering to share best practices with use cases and technical knowledge to help close these gaps! Topics include:

The critically of comprehensive threat detection

How can SecOps teams detect, identify and investigate threats with more simplicity and context? What data can help them scrutinize threats quickly and lead to timely quarantine and mitigation? As threats to global enterprises continue to evolve and become more complex, innovative tooling is required to assist SecOps organizations. With innovative tooling, more analytics and insights are a necessity. Micro Focus will feature a session to discuss the current and future state of investigating threats and how analytics can become a vital part of every SecOps organization to strengthen their cybersecurity posture. Moreover, Security Orchestration and Automation (SOAR) provides more time for your team to concentrate on the strategic insights of business and build a deeper layer of defense, as well as help connect the dots between activities and better inform security team members in the event of an incident. This session will discuss how SOAR can help your organization quickly respond to alerts and respond to incidents. 

Key sessions on this topic will include:

  • Detecting and investigating threats: SecOps and analytics
  • Effective incident response: Security Orchestration and Automation (SOAR) 

Automation and scaling to reduce cost of ownership

Time-saving, intelligent analytics, including threat detection and pattern recognition, can drive down cost of ownership. Simply put, as companies grow exponentially in locations, employees, networks, systems and devices, gaining visibility and understanding of the security and threat landscape has become tougher to manage. You need a portfolio of security-awareness products that provide detailed visibility, analysis and orchestration for solving threat-landscape challenges. Micro Focus will feature a session on how we are enabling customers and their SecOps organizations to be aware of internal and external threats, known and unknown malicious events and data across their global networks. Enterprise security challenges evolve daily and come from many angles, locations, devices, networks and bad actors. Threat awareness must occur rapidly and globally. SecOps organizations struggle to keep up with data, events and incidents. 

In addition ArcSight offers distributed correlation, allowing individual ArcSight ESM appliances to correlate events and incidents without a central master appliance. SecOps organizations can scale horizontally to address the challenges of a global company instead of the traditional, centralized correlation in one location. Through distributed correlation, SecOps departments can protect their networks and environments rapidly—up to 100,000 events per second—and share an event and incident workflow that lets security analysts quarantine and mitigate threats quickly. This session will provide insights to help increase your SOC efficiency.

Key sessions on this topic will include:

  • Global protection and awareness through data analytics, threat detection and pattern recognition
  • Distributed correlation and orchestration for the global enterprise through ESM 7.0

SIEM extensibility to ensure total coverage on security event insights and support global enterprise solutions

SecOps organizations are always looking for tools that enhance their security posture. Security analysts need tools to simplify how they perform their day-to-day duties of protecting their networks and global environments. Ideally, simplification entails a single tool that provides every needed service with an open architecture platform that integrates with multiple tools, platforms and services. ArcSight is that open architecture platform through ADP, ESM and Investigate. This session at the Summit will better inform how you can utilize APIs to integrate your services and tools into ArcSight to enhance your SecOps organization. In addition… 

The words “consuming data” and “simple” may never have been placed in the same sentence. The amount of data within a global enterprise is enormous, and the varying formats of data ingested into SecOps organizations can be in the hundreds and thousands. SecOps teams need to accept and aggregate all that data, and somehow make sense of it to gain visibility into their environment. The ArcSight Data Platform can easily ingest data from Smart Connectors and translate the information into a format familiar for Splunk, allowing enterprises to utilize best-of-breed tools for cybersecurity data analysis to protect their global enterprise and reduce operating costs. This session will focus on how ArcSight and partners Dimension Data have combined the specialties of ArcSight and Splunk to provide a powerful data analytics tool with full visibility. Splunk users won’t want to miss this session! 

Key sessions on this topic will include:

  • ArcSight is an open architecture for SecOps
  • Data simplicity: ArcSight Data Platform and Splunk enhance enterprise data via Common Event Format 

Lastly, Apathy! Don’t become another statistic

There’s really no excuse—join us in Washington, DC, to learn more and get ahead of today’s threats. For further information, learn more at the Micro Focus Cybersecurity Summit homepage  and register today! See you in DC.

 

Stay up to date on the Summit by following Micro Focus Security on Twitter and using the hashtag #MicroFocusCyberSummit.

About the Author
Data Security (Voltage) and SOC (ArcSight) Solutions. Encryption and key management, data privacy, security operations and general security topics.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.