Methods for Extending Visibility to Servers to Detect APT and Insider Abuse

20:00
 
Share
 

Manage episode 65950041 series 65318
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.
Security and Information Event Managers (SIEM) tools rely heavily on perimeter security logs, like those from firewalls, IPS and router NetFlow, The sharing of these logs with SIEMs have been very successful in identifying sophisticated external attacks in very early stages. Now, for most organizations, the most severe data breaches are coming from privileged insiders or from Advanced Persistent Threats (APT) that imitate the privileged user. In this podcast Caleb talks with experts from Vormetric to explore if it is possible to use the tried and true SIEM and anomaly detection techniques with file system level log information to detect and identify APT and Insider abuse.

84 episodes available. A new episode about every 25 days averaging 29 mins duration .