What is a SIEM and Why do you Need One?
Mary Frantz Chief Information Security Officer; Founder, Prescryptive Health, Inc.; Enterprise Knowledge Partners, LLC
Achieving a baseline configuration that detects attacker activity is one of the most effective defenses against cyber-attacks and data breaches. In fact, according to industry reports in healthcare and payment cards, ineffective logging, monitoring and the inability to correlate event logs to tell a story within and across platforms is the primary reason such attacks are successful. As a result, statutory and regulatory compliance have strengthened the need for logging, monitoring and retention of event logs. However, many organizations are complying with only minimum requirements, have not implemented their systems effectively, and do not appreciate the enterprise value of systems designed to collect and correlate event logs. During this hour-long discussion, Mary Frantz – primary technical cyber expert in the Equifax, Yahoo and many other high-profile breaches – provides a product-agnostic look at the capabilities of enterprise SIEMs, what to look for, how to implement and use them effectively, and how they can benefit the entire organization – not just security.