For those attending Gartner 2014 Security and Risk Management Summit (June 23-26, 2014 in Washington, DC), here is what I am presenting on:
- SIEM Architecture and Operational Processes
- Network and Endpoint Visibility for Incident Response
- Security Incident Response in the Age of the APT
The sessions in detail:
Security information and event management (SIEM) is a key technology that provides security visibility, but it suffers from challenges with operational deployments. This presentation will reveal a guidance framework offers a structured approach for architecting and running an SIEM deployment at a large enterprise or evolving a stalled deployment.
- How to plan for a SIEM deployment?
- How to deploy and expand your SIEM architecture?
- What key processes and practices are needed for a successful SIEM implementation?
BTW, this session was SUPER-popular at the 2013 Summit and so I am rerunning it more or less intact, with some new data. It is based on my paper “Security Information and Event Management Architecture and Operational Processes.”
As preventative controls keep failing to defend organizations, the new emphasis on comprehensive visibility across networks and endpoints is emerging. This presentation will cover network forensics tools (NFT) and practices as well as endpoint threat detection and response tools (ETDR) and their use for detecting and investigating threats.
- How to use network forensics tools (NFT) for detecting and investigating threats?
- How to use endpoint detection and response tools (ETDR) for detecting and investigating threats?
- What are the key processes related to these tools?
This presentation is based on my papers “Network Forensics Tools and Operational Practices” and “Endpoint Threat Detection and Response Tools and Practices.”
Increased complexity and frequency of attacks, combined with reduced effectiveness of preventative controls, elevate the need for enterprise-scale security incident response. This presentation covers ways of executing incident response in the modern era of cybercrime, APT and evolving IT environments.
- How to prepare for enterprise security incident response?
- What tools, skills and practices are needed for APT IR?
- How to evolve security IR into “continuous IR” or hunting for incidents?
This presentation is based on my paper “Security Incident Response in the Age of APT.”
Come see me at the Summit!
My past Gartner speaking:
- Speaking at Gartner Symposium 2013
- Speaking at Gartner Catalyst Conference 2013
- Speaking at Gartner Security & Risk Management Summit 2013
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.