About the author:
Andrew Hutchison is an information security specialist with T-Systems International and an adjunct professor of computer science at the University of Cape Town in South Africa.
In this part:
The threat landscape of an enterprise can be hard to profile and address. Enterprise risk can be mitigated through the use of security information and event management (SIEM) technology in the enterprise. In this webcast presentation, viewers will get a primer on using SIEM as a component of enterprise threat detection, including:
- The evolving threat landscape for enterprises
- Strategies for addressing the threats
- SIEM as component for threat detection
- Case studies of SIEM deployments for threat detection
- Evolving opportunities for SIEM enrichment
- SIEM roadmap for enterprises
The effectiveness of a SIEM implementation can be enhanced before it even begins by developing a clear plan of the systems that will interface with the SIEM and how that interaction will occur, and the types of threats that can be mitigated. After initial SIEM establishment there is a "fine-tuning" phase during which the information collected needs to be reviewed and visualized. From an operational point of view, integration with existing systems and processes is also required. This technical tip will detail how to approach and manage each step of this process, with a special emphasis on:
- Achieving high SIEM coverage;
- Identifying areas to “zoom in” on, and;
- Maximizing response value.
Deploying a SIEM is just the first step in the process of maximizing threat detection. A SIEM needs to be integrated, operationalized and optimized as enhancements emerge. This podcast takes listeners through a count-down of the "steps to success" in deploying SIEM systems in an enterprise, with the goal of enhancing threat management.
Quiz: Using SIM for threat monitoring
Take this five-question quiz to test your knowledge of our lesson on using SIM for threat monitoring.