Filtering Off

(Past Event)

tISS: Anomalous Behaviour Monitoring

Workshop

When:
01 May 2012
(Past)
Ref:
W1024

Event output

  1. Presentation: Diligenta (Presentation)

Request Output Report

Click the button below and we'll inform you when the output report is available to download.
How ready are you for an attack?  Would you spot it?

Summary:

The ability to build intelligence from data and enable the Security team to take a proactive, rather than reactive approach to attack or breach mitigation is clearly becoming a priority for corporate IT security professionals - this despite repressed budgets, stretched resources and concerns around accuracy, and how 'anomalous' and 'normal' behaviour can and should be defined.

Do you carry out security monitoring to detect malicious activity? How is this assessed and prioritised? Do you investigate failed attacks and 'near misses'? What plans do you have in place to improve the monitoring you conduct?

Speakers:

Diligenta

Objectives:

To understand, through the sharing of experience amongst corporate IT peers, how peer organisations are using Anomalous Behaviour Monitoring and how this is being managed in practice in the enterprise today.

Who should attend:

Corporate security professionals, strategists and managers responsible for security management in enterprise IT.

Agenda:

The final agenda will be developed through consultation amongst delegates - provisional discussion areas include:

  • Presentation: Short experience report by Ken Bunce of Diligenta - 'What we monitor'
  • Anomalous Behaviour Monitoring: What and why?
  • Elements of the process
  • Process: who does what, how and how much?
  • Data sources, timescales and correlation; Log management and data retention
  • Senior Manager's issues: Cost / benefit, resourcing, ROI, and management reporting
  • Automation and analysis: tools and vendors
  • When / how to respond: triage and escalation
  • In-house or outsource? Working with MSSPs