tISS: Anomalous Behaviour Monitoring

1. tISS: Anomalous Behaviour Monitoring (Report)
2. tISS: Anomalous Behaviour Monitoring (Executive Summary)
3. tISS: Anomalous Behaviour Monitoring (Top Tips)
4. Presentation: Diligenta (Presentation)

The ability to build intelligence from data and enable the Security team to take a proactive, rather than reactive approach to attack or breach mitigation is clearly becoming a priority for corporate IT security professionals - this despite repressed budgets, stretched resources and concerns around accuracy, and how 'anomalous' and 'normal' behaviour can and should be defined.

Do you carry out security monitoring to detect malicious activity? How is this assessed and prioritised? Do you investigate failed attacks and 'near misses'? What plans do you have in place to improve the monitoring you conduct?

Diligenta

The final agenda will be developed through consultation amongst delegates - provisional discussion areas include:

• Presentation: Short experience report by Ken Bunce of Diligenta - 'What we monitor'
• Anomalous Behaviour Monitoring: What and why?
• Elements of the process
• Process: who does what, how and how much?
• Data sources, timescales and correlation; Log management and data retention
• Senior Manager's issues: Cost / benefit, resourcing, ROI, and management reporting
• Automation and analysis: tools and vendors
• When / how to respond: triage and escalation
• In-house or outsource? Working with MSSPs