SOC Best Practices: ArcSight User Conference Presentation

imageimage        image

Rocky DeStefano (Decurity) and Gabriel Martinez (NetWitness) will be presenting a new demonstration related to SOC Best Practices at the ArcSight User Conference  The goal of the presentation is to illustrate how two leading vendors ArcSight and NetWitness and their flagship products can work together in the right environment to help reduce network security incident identification time.

Session Title: Best Practices in Security Operations, reducing mean-time to incident identification
Tools Highlighted: ArcSight ESM v4.x and NetWitness

Session Abstract:  Using real-world examples from customer Security Operations Centers Rocky and Gabe will illustrate the integration of processes and technologies, including ArcSight ESM and NetWitness to help security analysts more quickly identify, scope and understand the impact of the network security incidents.  We’ll show you how these tools and processes work together seemlessly to help your SOC quickly identify common Network Security issues. 

Why you should attend: Using these best practices we’ve observed a reduction in network security incident identification times from timeframes that had been measured in days/weeks/months to new incidents identified and handled in a period of time now measured in seconds/minutes. 

Who should attend?: SOC Analysts, SOC Manager, Incident Response Team member/leads, CISO, anyone interested in reducing the time and effort required to identify network security Incidents.

Presentation Format:  Right now we are planning a “Live” Demo but we’ll see either way there will be a “Web-based Recording” available after the conference.

Presentation Date/Time:  Exact Presentation date/time still TBD but it will be during the ArcSight User Conference Sep 7-10 at the Hilton Alexandria Mark Center, Alexandria, VA

Presenters:  Gabriel Martinez, Director, Customer Engineering, NetWitness and Rocky DeStefano, President, Decurity

UPDATE1:  We are scheduled to present on Wednesday Sep 10th at 0930-1020.  We’ll both have live demo’s we can show during the rest of the week in a more informal setting!
Note:  The presentation is labeled as “Basic” - The only thing “basic” about what we are presenting is the simplicity in operations - content is analyst focused.  We’ll make it easy, but advanced users should certainly attend.
 
UPDATE2:  In addition to catching up with everyone!  I’m actually going to do my best to watch a couple of presentations.. Here is a summary of what I think looks very interesting:
SN6 Content Exchange, Gabe Coelho-Kostolny - VERY Interested in this - You all will know why VERY, VERY SOON.
SN2 Fraud Monitoring,Colby DeRodeff and Brian Contos - Colby and Brian always put on a solid presentation and all the buzz recently around ArcSight is in the Fraud arena.
SN18 Cross-Industry Example of Fraud Brian Contos, Raju Gottumukkala - Keeping with the Fraud theme.
CSN3 Implementing an Enterprise SOC: War Stories from the Trenches, Tom Jacobsen - Good Operations Center, looking for solid lessons learned.
CSN9 Industrial Strength ArcSight Tools, Paul Melson - Paul is an advanced and vocal user - see his blog here.

Hope to see you at the ArcSight User Conference!

- Rocky

Posted by Rocky on 08/13 at 11:51 AM

Name:

Email:

Location:

URL:

Smileys

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below:


Next entry: DHS CBP Laptop/PDA/Phone Search - Questions

Previous entry: The SIEM is not the End of The Journey