Wednesday, 9/16: Breakout Sessions

Document created by jmerrill on Aug 24, 2009Last modified by RKingsland on Jul 8, 2014
Version 6Show Document
  • View in full screen mode

Have a question? Ask the presenters!

Please tag your inquiry with the session # so that your

question may be routed to the appropriate presenter.

Primer: SELECT Query FROM Viewer WHERE ArcSight
Speaker: Brock Pearson, Instructional Designer-ArcSight
This primer session will focus on Query Viewers. The function and best use of Query Viewers will be explained. We will go into detail on viewing results from Query Viewers as well as defining and comparing baselines.
Level: Basic

Next-Generation Windows Unified SmartConnector
Speaker: Rusha  Mistri, Senior Software Engineer-ArcSight
Learn about the next generation platform-independent Windows Unified ArcSight SmartConnector that surpasses the Windows Domain Event Log connector. This presentation will highlight the support for collecting and parsing system and application events with a new FlexConnector-like parser framework; support for Windows Server 2008 and Vista events; multi-threaded SID translation; NTLMv2 authentication; localized security events; and more. Attendees will see a rich set of features and learn how to make the best use of the Windows Unified ArcSight SmartConnector in their environment.
Level: Intermediate

Deep Dive into ArcSight ESM Rules
Speaker: Rob Block, Senior Software Engineer-ArcSight
This presentation highlights the capabilities of rules. It explores advanced features including negated aliases, rule scheduling, and active list use cases. These features provide a powerful arsenal of tools to capture and correlate security information.
Level: Advanced

How it Works: Assets, Zones, Networks and Customers
Speaker: Fabian Libeau, EMEA Marketing Director-ArcSight
ArcSight ESM excels in its ability to assign information to the monitored environment. This presentation will show how this works, covering both challenges and solutions. Included in this session are connector map files and variables in filters.
Level: Basic

Content Exchange in ESM
Speaker: Gabriel  Coelho-Kostolny, Product Manager-ArcSight
This presentation will provide a detailed examination of different ways to move content into and out of ESM. We will dig into the advanced use of archives and packages, how resources are represented in archives, and how you can leverage archives and packages to move your data in and out of ESM. We will also discuss other methods for getting information into ESM, such as active list data import, archive generation and using scanners for updating your asset model.
Level: Intermediate

From Water to Wine (Use Cases to Content)
Speakers: Lisa Huff, ArcSight Enterprise Specialist Manager-ArcSight
and Terry Bishop, Enterprise Specialist, EMEA-ArcSight
Learn the best practice approach to building use cases, starting from requirements gathering through use case build out. We will take you through all the steps to build out a real use case right before your eyes, including deliverables such as reports and dashboards.
Level: Basic

Building Operations Synergy with ESM Console Integration
Speaker: Dhiraj Sharan, Software Development Manager-ArcSight
ArcSight ESM Console is used as the centralized management console for security information and event management. Wouldn’t it be great if it could be extended to show snap in views or to launch contextual actions with any other external application being used in the SOC or NOC? In this session, you will see how to integrate in the ESM console contextual views and actions from TRM, NCM and Logger. You will also learn how to integrate any third-party tool or interface with the ESM Console.
Level: Intermediate

Activity Profiler: Monitoring and Profiling User Activity for Role Modeling and Security
Speaker: Suranjan Pramanik, Senior Software Engineer-ArcSight
Unearth new capabilities added to ArcSight Pattern Discovery to monitor user activity. Pattern Discovery is now part of the new ArcSight IdentityView offering and brings new value to monitoring user activity for identity management, security and fraud prevention deployments.
Level: Advanced

Fundamentals of Logger Reporting
Speaker: Shivdev Kalambi, Senior Software Engineer-ArcSight
Learn the skills you will need in order to create powerful, custom-tailored reports pertinent to your business. This session is for the new and existing Logger customers using the reporting features. Attendees will gain an understanding of the reporting architecture and report construction as well as scheduling and distribution of reports. Find out how to maximize the value of reports within your organization.
Level: Basic

Monitoring Multiple Regulations
Speaker: Ansh Patnaik, Director of Industry Solutions-ArcSight
The cost and complexity of compliance is managed most effectively through a common set of organized controls. Multiple regulations will likely apply to the same computer systems and network configurations, as well as enterprise identity and access controls, so a consolidated approach is a best practice. This presentation will provide concrete steps to centrally manage compliance across federal regulations such as SOX, NERC, HIPAA, FISMA, as well as State breach and privacy laws. Learn how regulations map to one another and how significant time and cost can be saved on your next audit cycle.
Level: Basic

ArcSight TRM Integration with ESM and Logger
Speakers: Dhaval Shah, Software Development Manager-ArcSight and Roopak Patel, Senior Product Manager-ArcSight
ArcSight Threat Response Manager provides a solution that goes beyond monitoring by taking steps to mitigate threats to your network. Leveraging integration with ESM and the new TRM driver development kit, we will demonstrate how to take back control of your network while reducing the total time of response in a controlled and automated manner. Join us in this session to learn how to protect your network from both external and internal threats.
Level: Intermediate

Jump Start with Use Cases
Speaker: Philip Qian, Senior Solutions Engineer-ArcSight
This session explores the concept of an ArcSight use case, guiding the audience through a number of actual use cases, as well as demonstrating the user-friendly Use Case Wizard to configure them.
Level: Intermediate

ArcSight, Monitor Thyself
Speaker: Ken Mermoud, Senior Security Engineer-ArcSight
This session discusses how to leverage internal and external capabilities to monitor and restore the health of your ArcSight infrastructure with a particular focus on ESM content and integration tools.
Level: Intermediate

Virtualizing ArcSight ESM
Speaker: Christian Beedgen, Security Engineer and Chief Architect-ArcSight
Recently, there has been increased demand for information about running ArcSight ESM in virtualized environments. In this talk we will present the results of research conducted by the ArcSight ESM server team and discuss the common configuration options and pitfalls when running the Manager and the Database under VMware. We will also present performance results that were gathered by running the same ESM builds both on bare metal as well as virtualized (on the same metal). Finally, we hope to have a discussion about first-hand customer experiences around this style of deployment, so if you already are deploying this way, or if you are just curious about potential options, we would like to see you!
Level: Intermediate

Has Your SOC Hit Puberty?
Speaker: Nick Essner, Principal Consultant-ArcSight
Security operations is rather new in the pantheon of IT services. While you may know how to determine whether your mainframe or distributed operations are mature, relatively few groups assess the overall maturity of security operations. In this session, we’ll teach you the methodology to help determine whether your people, processes, and SIEM technology have matured.
Level: Intermediate

Tips and Tricks in ESM
Speaker: Raju Gottumukkala, ArcSight Expert-ArcSight
In this very advanced session you will learn super user tricks that address displaying the same field in a correlation event from multiple base events; using Negative events; checking and populating a field in an Active List from another field in a different Active List; manipulating Date type field in an Active List; and understanding the quirks in Every Threshold and Time Unit triggers.
Level: Advanced

DIY (Do it Yourself) or Outsource?
Speaker: Todd Parker, Managing Principal-ArcSight
Who should manage your security events? MSSPs provide an extremely valuable service to companies in helping to alleviate the security operations burden incurred by internal staff. However, do the benefits outweigh building your own SOC?  In this session, we’ll look at the benefits of using an MSSP versus building your own SOC.
Level: Intermediate

The ArcSight Compliance Tool Kit
Speaker: Morris Hicks, Consulting Technical Director-ArcSight
This session will discuss a methodology for deploying ArcSight technologies in support of compliance programs (SOX, NERC, etc.), as well as tools developed by ArcSight Professional Services in support of the methodology. The Use Case Identifier (UCI), a tool that provides a report of functional content based on your organization’s available data sources, will be showcased. Best practices and common compliance use cases will also be discussed.
Level: Basic

Achieving PCI DSS Compliance for Mainframe Applications
Speakers: Florian Leibenzeder, Senior IT Security Engineer-Lufthansa Systems; Stephen Fedtke, Head of
In the airline and aviation business, a lot of IBM mainframe-based legacy applications are still crucial for daily operations. In their z/OS mainframe environment, Lufthansa Systems, the full-service IT provider for Lufthansa and other airlines around the globe, had to address PCI DSS compliance requirements for affected applications. In this session, you will learn how Lufthansa Systems achieved PCI compliance by utilizing their self-developed PCI Compliance z/OS Engine, the comprehensive z/OS log and event monitor/collector SF-Sherlock (, and the power of ArcSight ESM and ArcSight PCI Compliance Insight Packages. You will learn how z/OS audit data needed to be collected, how it is provided to ArcSight ESM via CEF, and how the workflow around this solution was created by making heavy use of ArcSight internal workflow tools.
Level: Intermediate

Holistic Monitoring: Resolving Advanced Threats
Speakers: Anthony Spina, System Security Administrator-Major Financial Services Firm; Gabe Martinez, Director, Customer Success-NetWitness Corporation
ArcSight ESM integrates a number of standard event data sources out of the box. This in-depth, advanced session describes the benefits and integration of enterprise-wide NetWitness NextGen full packet capture and session analysis technology into the ArcSight ESM console. Based upon a case study from a large financial services company, attendees will learn to design, deploy, and fine-tune a full packet capture and session analysis infrastructure; integrate and correlate event data into ArcSight ESM; uncover sophisticated threats such as botnets, nation-sponsored and organized crime attacks; and accelerate the incident response/management process.
Level: Advanced

Metrics Matter: Using ArcSight ESM to Bridge Business and Security Operations
Speaker: Isaac Kohn, Director Professional Services Delivery Team-Vigilant
Under intense budgetary and regulatory scrutiny, security managers must both improve security and demonstrate those improvements. Executives want tangible evidence of fewer security incidents, improved security posture, increased efficiency, and indicators that other key objectives are being met. Providing meaningful metrics enables security managers to justify budgets and demonstrate that security is not just a cost center, but also a strategic asset in protecting company brand and critical assets. Vigilant will show why ArcSight SIEM is the choice platform for generating meaningful metrics, using examples of how leading ArcSight customers are extending SIEM to become a business intelligence platform for security operations.
Level: Basic



Oracle Security Inside Out
Speaker: Michael Blackin, Director of Middleware and Security, Oracle Corporation
Today’s challenging market conditions and heightened threats to data and applications make “security inside out” more important than ever. Doing business is hard enough without the negative publicity and loss of business associated with data breaches and regulatory failures. IT Security groups are under pressure to do more with less, and increasingly focus on internal threats. Join us to learn how you can improve information security, comply with regulatory mandates, and save time and money with industry leading integrated solutions from Oracle and ArcSight.
Level: Basic