CSN01: The “Who” – User Activity Monitoring in SIEM

Document created by jmerrill on Sep 10, 2010
Version 1Show Document
  • View in full screen mode

The “Who” – User Activity Monitoring in SIEM
Chuck Moran, IT Security Analyst, Southern Company; Ryan Kalember, Director of Product Marketing, ArcSight
Level: Intermediate
IT security departments are constantly searching for new ways to monitor their infrastructure and provide greater value to the business. Attend this session and learn how user activity monitoring delivers business value in the form of powerful metrics, streamlined investigations, and auditable access rights. Southern Company will discuss how they use ArcSight IdentityView, logs and directory data to produce executive dashboards that organize security metrics by department so that security executives can better target their risk mitigation programs. The presentation will also cover two other ArcSight IdentityView use cases in production: monitoring risky users like offshore developers and employees using shared accounts.