Analysis Paralysis: Billions of Logs to Incidents That Matter
Speaker: Tony Merritt, SecureWorks Managing Principal
Duration: 1 hour
Most organizations have set up a security model that includes a first layer of security event management, responsible for capturing of logs, notification, filtering and some level of correlation.
However, with the escalating number of users and logs from more and more devices, making sense of the noise and translating them into incidents that matter can be a daunting task.
In this webcast, Tony Merritt, SecureWorks Managing Principal, will cover how to leverage logs and tactics to integrate the proper incident response.
Topics covered include:
- Sensing: The challenge of ever increasing in-bound noise and priorities
- Improving Sensing: What logs and events matter? How do you ensure you have visibility?
- Sense Making: Not all logs are created equal. The importance of correlation, business context, rules and use cases to determine if the incident matters.
- Decisions Making: An event has passed a threshold of incident viability. How do you connect logs and tactics into actionable response?