CSN25: Realizing the Value-Add: Operationalize Your ArcSight ESM Deployment

Document created by jmerrill on Sep 12, 2010Last modified by jmerrill on Jul 8, 2014
Version 2Show Document
  • View in full screen mode

CSN25
Realizing the Value-Add: Operationalize Your ArcSight ESM Deployment
Speaker:
Fernando Patzan, Information Assurance Manager, General Dynamics
Level: Intermediate
Deployment of ArcSight ESM and integration of disparate data sources streams a flood of event data and triggers the default content all day long. Training analysts for role-based responsibilities, creating a supporting workflow for watch operations, developing content tailored to the target infrastructure, and implementing streamlined processes to manage content is key to unlocking the value of ArcSight ESM. From developing repeatable processes to managing I&W’s, this session shares best practices and lessons learned for collaborative SOC environments to take the ArcSight ESM deployment to a future state that focuses on mitigating risk to the infrastructure.

Outcomes