HP Protect 2011 Breakout Sessions

Document created by beleslie on Jul 25, 2011Last modified by beleslie on Jul 8, 2014
Version 21Show Document
  • View in full screen mode

HP Protect 2011 has something to offer all levels of ArcSight customers! Here is a sneak peek of the presentation line up...


Have a question? Ask the presenters!
Please tag your inquiry with the session # so that your
question may be routed to the appropriate presenter.

Basic Sessions


Scaling Log Management Best Practices
Level: Basic
Speaker: John Stoner, Principal Technical Consultant, HP ArcSight
This session will discuss the differences between agent and agent-less log collection, and how each provides capabilities and benefits that should be considered before deploying a SEIM or log aggregation solution. We will focus on centralized vs. decentralized deployments, considerations for guaranteeing log and event delivery, as well as network and storage performance considerations administrators should consider when making deployment decisions.


How it Works: Assets, Zones, Networks and Customers
Level: Basic
Speaker: Fabian Libeau, Principal Sales Engineer, HP ArcSight
ArcSight ESM excels in its ability to assign information to the monitored environment. This session will show how this process works, covering both challenges and solutions. Included are topics such as connector map files and variables in filters.


ArcSight Architecture Showcase
Level: Basic
Speaker: Brook Watson, Solutions Architect, HP ArcSight
This session will focus on various ArcSight implementation architectures that include the use of ArcSight ESM, ArcSight Logger and ArcSight Connector Appliance. It will be geared towards ArcSight administrators in charge of implementation and maintaining the health of ArcSight components.


Leveraging SmartConnectors in ArcSight and HP OM/OMi/NNMi Integration
Level: Basic
Speaker: Susan Li, Manager, Product Management, HP ArcSight
ArcSight SmartConnector technology is a simple installation that bridges security operations and IT operations. This session will discuss the integration of ArcSight ESM and ArcSight Logger with the HP BSM suite of products. Attendees will walk away with a better understanding of the integration solution and use cases, and how to leverage the integration to automate workflows and enable effective risk management.


Security KPIs Based on ITIL and CoBIT
Level: Basic
Speaker: Fabian Libeau, Principal Sales Engineer, HP ArcSight
Key performance indicators are very common in the IT management world, and the same is true for ITIL and CoBIT. This session will discuss the security parts of ITIL and CoBIT and how the ArcSight platform helps supports this standard IT framework from a security perspective. See some typical KPIs implemented in ArcSight and how it is done.


When SIEM Goes Right
Level: Basic
Speaker: Paul Brettle, Sales Engineer, HP ArcSight
Using real examples, this session will demonstrate how the right approach can cause your SIEM solution to blossom. So rather than blazing a new trail, learn from the successes and failures of the past and understand the best ways to make it work for the future.



All About Actors
Level: Basic
Speaker: Anurag Singla, Manager, Software Development, HP ArcSight
The actors feature in ArcSight ESM enables user modeling, which allows for interesting correlations. This session will show how your user information can be imported to ArcSight ESM external identity management systems, and then used for visualizing relations among the users, as well as correlating user information with security events.



ArcSight Logger and IT Ops
Level: Basic
Speaker: Roopak Patel, Senior Product Manager, HP ArcSight
This session will focus on the top ArcSight Logger use cases that are most often used by IT operations personnel to search and analyze data in a high-volume, high-demand system infrastructure. Using common IT ops examples and covering raw as well as structured data, we will demonstrate how to use ArcSight Logger for extracting relevant information quickly and efficiently.



Establishing a Universal Log Management Strategy
Level: Basic
Speaker: Morris Hicks, Senior Director, Services Engineering, HP ArcSight
In today's evolving world of complex security, compliance and IT requirements, a fragmented approach to log management will no longer suffice. A universal log management strategy is needed that addresses requirements from all areas of the organization. This session will address key considerations and best practices for establishing an effective log management strategy, resulting in greater operational efficiencies and reduced costs.



Now is the Time: Application Level Monitoring
Level: Basic
Speaker: Justin Harvey, Managing Principal, HP ArcSight 
Monitoring and control of critical business applications remains a weak spot for most organizations – and now is the time to include them in your overall logging strategy. This session will include ten tips based on lessons learned during projects focused on enterprise application monitoring.


CORR-Engine Architecture Overview
Level: Basic
Speaker: Wei Huang, Distinguished Technologist, HP ArcSight 
Do you want to know how we improve ArcSight ESM performance by 3X or more and with 10X less storage costs?  Do you want to know the “secret sauce” we use to  achieve that without the headache of managing an Oracle database? Attend this session and find out! We will also talk about the future of the CORR-Engine powered products and solutions.



Baseline Requirements: What You Should Be Doing with Your SIEM
Level: Basic
Speaker: Justin Harvey, Managing Principal, HP ArcSight 
Compiled from past engagements, ArcSight Global Services wants to share best practices with an update from some of our largest projects. These best practices and lessons learned will help you get the maximum performance and plan for the future.



Protect 724 Community: Expert Solutions at Your Fingertips
Level: Basic
Speaker: Trisha Liu, Enterprise Community Manager, HP ArcSight
Protect 724 is a free online resource where you can search for solutions, brainstorm on business challenges, share tips and tricks of the trade, and provide feedback on product direction. Attend this session to learn more about Protect 724 and how to streamline your experience within the community. If you are already a community member, bring your questions and feedback!



Using ArcSight Express to Analyze Flow Events
Level: Basic
Speaker: Steve Maxwell, Pre-Sales Consultant, HP ArcSight and Gary Freeman, Pre-Sales Consultant Manager, HP ArcSight
Flow support is available in just about every router and switch in your network – it’s free to turn on, and there is valuable information that you can gather through analysis with ArcSight Express. In this session, we’ll cover ArcSight Express resources such as dashboards, data monitors, active channels and reports to address common use cases around flow events.



The New Face of ArcSight Express
Level: Basic
Speaker: Maritza Perez, Senior Product Manager, HP ArcSight
ArcSight Express allows you to harness the power of ArcSight ESM in an easy-to-use, pre-configured solution. In this session, you will learn about the improvements we have introduced in the next generation of ArcSight Express. Join us and discover how the product leverages CORR-Engine storage and its new Web interface.



Primer: Auditing Oracle Database Activity
Level: Basic
Speaker: Jonathan Katz, Curriculum Developer, HP ArcSight
Databases can generate a good amount of data. This primer session focuses on using different types of logs to effectively audit Oracle database activity. Strategies to accomplish your goals will be explained, including a demonstration of useful content for monitoring collected data.



Primer: Auditing Microsoft SQL Database Activity
Level: Basic
Speaker: Jonathan Katz, Curriculum Developer, HP ArcSight
Databases can generate a good amount of data. This primer session focuses on using different types of logs to effectively audit Microsoft SQL database activity. Strategies to accomplish your goals will be explained, including a demonstration of useful content for monitoring collected data.



Primer: Got Reports? The ABC’s
Level: Basic
Speaker: Normand Bourgeois, Senior Instructor, HP ArcSight
There is a difference between data and useful information. This primer session explains the basic elements of reporting and how to use reporting to turn large amounts of data into useable information.



Primer: Auditing Network and Firewall Activity
Level: Basic
Speaker: Mauricio Julian, Senior Instructor, HP ArcSight
Network routers, switches and firewalls can generate a bewildering amount of data. This primer session explains how to separate the important data from the noise. We will also demonstrate how to create a good use case so that you can collect the data you need, safely ignore the data you don’t need, and improve the efficiency of ArcSight ESM.



Primer: Searching Events with ArcSight Logger 5.0 
Level: Basic
Speaker: Mauricio Julian, Senior Instructor, HP ArcSight
Conducting searches with ArcSight Logger is a like eating at a great buffet. Attend this primer session and learn how to maximize your event searching utilizing the new set of resources in ArcSight Logger 5.0 – and get the information you need, the way you need it.



Primer: Writing Rules Not Meant to be Broken
Level: Basic
Speaker: Javier Inclan, Education Delivery Manager, HP ArcSight
Rules can help you determine what to investigate. This primer session demonstrates how to construct rules. It will focus on what to consider when building rules, and how to use rules to identify events that require further investigation.



It’s 2011, Is Your Environment Secure?
Level: Basic
Speaker: John Pirc, Sr. Product Line Management, Global Network Security Products, HP TippingPoint
This session will cover the security challenges facing many corporations as they embrace virtualization, cloud and consumerization of IT and Web 2.0. Attend and gain new insight into recent vulnerability trends and statistics. Also covered are specific use cases from the speaker’s co-authored book, Cybercrime and Espionage.


OnRamp to Cloud Security:  HP TippingPoint's Secure Virtualization Framework 
Level: Basic
Speaker: David de Valk, Product Line Manager, Virtualization Security, HP TippingPoint
As data centers become increasingly virtualized, network security teams must address the challenge of not only securing both physical and virtual assets within the data center, but also within hybrid and public cloud infrastructures. This session lays out a strategic framework for securing today's virtual and physical data centers and examines security as a key enabler for strategic virtualization initiatives.



Social Networking and the Enterprise: Risk vs. Reward 
Level: Basic
Speaker: John Pirc, Sr. Product Line Management, Global Network Security Products, HP TippingPoint
Social networking has become our digital DNA. Employees not only expect to use social networking with corporate assets, it’s now a key part of corporate marketing and PR initiatives. This session covers the benefits and security risks of social networking and will provide a use case analysis of information gathered via Web beacons that harvest information unbeknownst to the user.



Security Policy Automation: Sit Back and Relax
Level: Basic
Speaker: James Collinge, Product Line Management, HP TippingPoint
Security administrators struggle with an ever-growing volume of event information, and pinpointing actionable data to affect manual policy changes is time-consuming and often too late to reinforce security posture. This session will demonstrate how HP security solutions from ArcSight, TippingPoint and Fortify work together to analyze flows/events, determine malicious activity and thwart attacks – thereby protecting critical assets and maintaining business continuity.



Seven Keys to Surviving the Modern Threat Landscape
Level: Basic
Speaker: Will Gragido, Product Line Manager, HP DVLabs, HP TippingPoint
The modern threat landscape continues to morph, and despite regulation, compliance and a cacophony of products and services, it’s a challenge to keep ahead of the latest threats. This session presents seven keys to survival and exposes the truth, fiction, secrets and lies that can cloud the vision and decision making process regarding security initiatives.



HP DVLabs Security Intelligence, Research and Services
Level: Basic
Speaker: Patrick Hill, Senior Product Manager, HP TippingPoint
In security, protection is only as good as the research behind it. HP DVLabs leads the industry in security research and uses this intelligence to fuel HP TippingPoint’s advanced security services. This session covers how security research plays a role in building proactive protection against evolving attacks and provides services such as Reputation DV, Web Application DV, DVToolkit and ThreatLinQ.



HP Network Security: The World Has Changed, Have You?
Level: Basic
Speaker: Michael Callahan, Director Worldwide Security Product and Solution Marketing, HP TippingPoint
In the past, businesses have relied on reactive, outdated, manually intense security solutions that are focused on the security solution rather than the business. This session will discuss a new generation of network security solutions that unify security and business risk management for your Instant-On Enterprise.



The HP SIRM Ecosystem: Putting it All Together 
Level: Basic
Speakers: Dr. Prescott Winter, Public Sector CTO, HP Enterprise Security, Bruce Burroughs, Chief Security Architect, HP ArcSight and Aaron Wilson, Chief Security Architect, HP ArcSight

Your teams work hard to secure the assets and data within your enterprise using an array of technology products and approaches. How do all of these components fit together to effectively support your organization’s mission, goals and priorities? With threats and vulnerabilities in constant motion, you need a cyber ecosystem, driven by risk management, to properly protect your enterprise.

Managing Global CyberSecurity Threats: Insights from Japan
Level: Basic
Speaker: Naoshi Matsushita, MSS Division Manager, NRI Secure Technologies
This session will discuss cybersecurity trends in Japan, and how NRI SecureTechnologies is effectively addressing them through log analysis and their incident monitoring system. Attend and gain insights for detecting new types of cyberthreats before they impact your organization.



Mastering Messages and Documents Classification Monitoring with ArcSight ESM
Level: Basic
Speaker: Bogdan-Mihai Zamfir, Head of IT Function, ICT Security, UniCredit Tiriac Bank
Locking down data at the user level, monitoring user behavior and preventing data leakage are becoming increasingly urgent for financial services organizations. Attend this session and discover how monitoring messages and documents classification with ArcSight ESM can help prevent accidental or intended employee misuse of data.



Emerging Trends: Mobile Information Security with ArcSight
Level: Basic
Speaker: Kurt Spear, Senior Manager, Deloitte
Mobility is one of the hottest trends in enterprise technology. However, along with the breakneck speed of adoption comes risk that probably is not being adequately addressed. As business applications become open to a whole new profile of risks, a new approach is needed. Attend this session and discover how ArcSight solutions can enable a comprehensive mobile information security strategy.



Tracking Privileged User Access within an ArcSight Logger and SIEM Environment
Level: Basic
Speaker: Philip Lieberman, President, Lieberman Software Corporation
This session will demonstrate how you can integrate identity management data into the event stream of ArcSight products, and quickly find out who had privileged access to sensitive systems, what they did with that access and how long they used it. Learn how to use your ArcSight system to prove privileged account, password change compliance and enforcement, and pass your next audit.



Tackling Security, Privacy and Compliance in the Healthcare Sector
Level: Basic
Speakers: Paul Melson, Manager, Information Security, Priority Health and Ryan Kalember, Director, Products, HP ArcSight
Join this session and learn how Priority Health is addressing compliance, privacy, and security challenges with ArcSight ESM and ArcSight Logger. Use cases covered include: external threats (malware, Web app attacks), data breaches (accidental breaches, lost or stolen assets), fraud (provider abuse, member ID theft) and regulatory compliance.



SOCs and the Insider Threat: Concepts and Overview
Level: Basic
Speaker: Patrick Reidy, CISO, Federal Bureau of Investigation
Struggling with the insider threat problem? This session provides insight on how our nation's premier law enforcement agency is detecting and deterring insider threats using a variety of information assurance techniques and technologies. Included are lessons learned from building a real world, operational insider threat monitoring and response program.


*Unfortunately, the presentation slides for this session will not be available after the conference.




Securing Your Journey into the Cloud and Beyond
Level: Basic
Speaker: Partha Panda, Vice President, Business Development, Trend Micro
Cloud computing, consumerization and socially engineered targeted attacks are taking their toll. Keeping networks and systems clean amid “BYOD” (bring your own device) policies is increasingly difficult and requires even greater visibility and vigilance. This session will outline the latest strategies in use by some of the world's largest companies to create self-defending resources – from servers, to devices, to virtual machines – local or in the cloud.


Going Beyond C&A: Continuous Monitoring for a True Risk Picture
Level: Basic

Speaker: Holly Ridgeway, Deputy Chief Information Security Officer and Program Manager of the Justice Security Operations Center, Department of Justice

Performing an initial C&A on each system at the start of development is not entirely adequate, as often thought. Numerous years of experience have demonstrated that the C&A assessment process focuses on more on documentation and not actual security posture. Attend this session and gain a true risk picture. Listen in as we examine an example of a continuous monitoring program implementation that aligns with NIST standards and DHS requirements, providing all stakeholders with real-time situational awareness of the status and risk of systems and networks, in one consolidated dashboard.


*Unfortunately, the presentation slides for this session are not available.


Future View: From Security Silos to Enterprise Security Intelligence, a Gartner Perspective
Level: Basic

Speaker: Joseph Feiman, Ph.D., Vice President and Gartner Fellow, Gartner Inc.

In the era of cloud computing and mobile applications, proactively reducing risks while accelerating incident response times will require quantum shifts in the way enterprises approach information security. Come hear about a vision of the future – Enterprise Security Intelligence (ESI) – which brings together all security silos, serving users with real intelligence. Discover how compliance, methodologies, GRC, EPP, IAM, network security SIEM, application, and data security all feed into the concept of ESI, and its relationship to business intelligence.


*Unfortunately, the presentation slides for this session are not available.


Back to Top



Intermediate Sessions

From Water to Wine (or Use Cases to Content)
Level: Intermediate
Speaker: Lisa Huff, Managing Principal, Professional Services, HP ArcSight and Ray Cotten, Senior Security Consultant, HP ArcSight 
Learn the best practice approach to building use cases, starting from requirements gathering through use case build-out. We will take you through all the steps to develop a real use case right before your eyes, including deliverables such as reports and dashboards.


Correlating Efficiently: Tips, Techniques and Troubleshooting
Level: Intermediate
Speaker: Monica Jain, Senior Software Engineer, HP ArcSight
This session will focus on how to troubleshoot and write content to maximize performance and efficiency. Various correlation-related areas of ArcSight ESM, including rules, reports, trend reports, filters and data monitors will be examined. This session will also compare different approaches to help understand which will have better performance with fewer resource requirements.


Best Practices for Using and Understanding Trends
Level: Intermediate
Speaker: David Wiser, Software Architect, HP ArcSight
Attend this session for an in-depth look at trend reporting and how you can use it to manage your data. Tips on debugging trends will be provided, including using some undocumented information. This session will also provide tips for using trends to improve overall reporting and ArcSight ESM performance.


Network Modeling Best Practices
Level: Intermediate
Speaker: Al Veach, Principal Security Strategist, HP ArcSight
Learn network modeling best practices and how the new network modeling tool in ArcSight ESM makes the process easier. Customer success stories from subject matter experts will be included.


Windows Unified Connector Planning, Implementation and Troubleshooting
Level: Intermediate
Speaker: Brook Watson, Solutions Architect, HP ArcSight and Paris Cote, ArcSight Platinum Support, HP ArcSight
As ArcSight customers expand their security focus from perimeter defense to insider threats, the first device they typically look at is Microsoft Windows servers. This session will focus on the planning, implementation and troubleshooting best practices surrounding the Microsoft Windows Unified Connector in large enterprise environments.


ArcSight, Monitor Thyself
Level: Intermediate
Speakers: Ken Mermoud, Software Development Manager, HP ArcSight and Rashaad Steward, Federal Solutions Architect, HP ArcSight
ArcSight components provide a wealth of internal audit events on the status of ArcSight resources. In this session we examine what those internal audit events contain and what information an administrator can leverage to automatically monitor and restore the health of their ArcSight infrastructure. This session will cover techniques that can be applied to many other use cases to enhance automation.


Dynamic Event Schemas in ArcSight ESM
Level: Intermediate
Speaker: Dhiraj Sharan, Software Development Manager, HP ArcSight
Attend this session and see how the domain field sets feature introduced in ArcSight ESM 5.0 allows you to monitor business events from your industry, such as credit card, online banking, insurance, stock transactions, telecom domain events, etc. This feature makes ArcSight event schema dynamic, catering to your enterprise data correlation needs.


Using Baselining to Detect Anomalies
Level: Intermediate
Speaker: Till Jaeger, Principal Sales Engineer, HP ArcSight
Different mechanisms are available in ArcSight ESM and ArcSight Express to do baselining. Using baselines, anomalies can be detected and the signal can be isolated from the noise in the logs. This session will cover different algorithms in ArcSight products, including statistical data monitors, trends and Active lists to show how baselines can be created and which use cases can be solved.


Simplify Connector Deployment and Maintenance with ArcSight Connector Appliance
Level: Intermediate
Speaker: Dilraba Ibrahim, Manager, Software Development, HP ArcSight
The ArcSight Connector Appliance is a turnkey solution to deploy and manage connectors in large-scale environments. Learn about new features such as cloning connectors across hundreds of locations, and updating connector parameters en-mass to improve the maintenance of your ArcSight Connector deployment. Explore tools such as Web-based Logfu and diagnostic tools to improve your connector troubleshooting skills.



Juice Up Your Logs
Level: Intermediate
Speaker: Chadd Milton, Cross Agency Technical Specialist, HP ArcSight
While Barry Bonds may be in trouble for "Juicing Up," you won't need to worry about the feds coming after you for learning how to "Juice Up Your Logs." In this session we will cover unique ways of leveraging the ArcSight Connector framework to take ordinary log data and vitalize them with additional relevance.


Advanced Persistent Threat Security Intelligence
Level: Intermediate
Speakers: Jared McQueen, Federal Principal Consultant, HP ArcSight
Bruce Oehler, Federal Managing Principal, HP ArcSight
This session will discuss techniques for identifying advanced persistent threats with ArcSight ESM, ArcSight Logger and ArcSight Express. Best practices pertaining to the people and processes needed to detect and respond to such threats will also be highlighted.


Privacy Breach Detection and Security Intelligence
Level: Intermediate
Speakers: Emilio Santiago, Principal Consultant, HP ArcSight
Kerry Matre, Solutions Marketing Manager, HP ArcSight
This session will discuss techniques for detecting privacy breaches with ArcSight ESM, ArcSight Logger, ArcSight Express and ArcSight IdentityView. The various regulations that mandate privacy breach monitoring will be discussed, along with best practices pertaining to the people and processes needed to detect and respond to these breaches.


Automating Threat Integration
Level: Intermediate
Speaker: Marc Blackmer, Pre-Sales Technical Consultant, HP ArcSight
A problem for organizations in today's ever-changing threat landscape is the myriad of sources and inconsistent formats of the data. Learn how external and internal threat sources may automatically be integrated into ArcSight ESM in order to automate current manual processes, improve operational efficiency and increase your return on investment.


Maximizing ArcSight Default Content
Level: Intermediate
Speaker: Shawn Munoz, Senior Sales Engineer, HP ArcSight
If you are overwhelmed with the amount of default content within ArcSight, come to this session and discover how to leverage the true correlation and functionality built into ArcSight ESM. Learn about the rules, dashboards and reports that exist by default, and how that content can be utilized to help extend (or jumpstart) your current capabilities.


Investigating Financial Application Modeling Techniques in ArcSight ESM
Level: Intermediate
Speaker: Damian Skeeles, Senior Pre-Sales Engineer, HP ArcSight
ArcSight ESM provides features such as active lists, trend reports and dynamic variables, which can be combined to create content that supports functionality such as stateful tracking, risk scoring and real-time, statistics-based correlation. This session takes you through a number of techniques developed in the field, explaining the functionality, benefits and any limitations of each.


A Tour of Ops: Advanced Customer Use Cases 
Level: Intermediate
Speaker: Emilio Santiago, Principal Consultant, HP ArcSight
One of the most important aspects of security operations is the need to integrate threat intelligence. This session will cover how we've integrated threat intelligence into SIEM data and other advanced use cases for operations.


Security Maturity: Measuring the Effectiveness of Your SOC
Level: Intermediate
Speaker: Nick Essner, Principal Consultant, HP ArcSight
While you may know how to determine whether your server administration processes are mature, relatively few groups assess the overall maturity of security operations. Since measuring improvement and efficiency is the cornerstone to business survival, we'll teach you how to measure whether your people, processes and SIEM technology have matured.


CyberCrime Investigator: Forensic Use of ArcSight ESM
Level: Intermediate
Speakers: Paul Bowen, Principal Pre-Sales Engineer, HP ArcSight and Gary Freeman, Principal Pre-Sales Consulting Manager, HP ArcSight
This session explores the concept of network forensic investigations using ArcSight ESM, and how security analysts can use it to assist HR or law enforcement with network interception to gather evidence that must preserve chain-of-custody. With the challenges of cloud-based computing and mobile devices, the need for well-defined workflow and the use of industry-accepted tools is even more essential than ever.


Top 10 Ways to Optimize Your SIEM
Level: Intermediate
Speaker: Greg Martin, Solutions Architect, HP ArcSight
In this session we will review and discuss the top 10 best practices for optimizing your SIEM. Topics that will be discussed include hardware configurations, database performance, aggregation, correlation best practices, and overall system health monitoring.


Advanced User Activity Monitoring with ArcSight IdentityView
Level: Intermediate
Speaker: Ryan Thomas, Product Manager, EnterpriseView Applications, HP ArcSight
The ArcSight ESM and ArcSight IdentityView solution leverages information in your user directories to enrich network events with contextual information critical to user activity monitoring. Learn how ArcSight IdentityView enables contextual analysis of security events and contributes to enterprise security intelligence. See new developments that tackle large-scale searching for user activity, organizational threat scoring and drill-down investigations.


Meeting FISMA Continuous Monitoring Requirements with ArcSight ESM
Level: Intermediate
Speaker: Ryan Thomas, Product Manager, EnterpriseView Applications, HP ArcSight
In 2010, the OMB issued memorandum M-10-15 with new reporting instructions for FISMA. The new requirements include continuous monitoring and automated reporting the DHS. This is a paradigm shift from spreadsheet reporting. In this session, you will learn how to leverage ArcSight's updated FISMA Compliance Insight Package to implement a continuous monitoring program and meet the new cyberscope reporting specifications.


ArcSight ESM State of the Union
Level: Intermediate
Speakers: Haiyan Song, VP of Engineering, HP ArcSight and Maritza Perez, Senior Product Manager, HP ArcSight
This session gives an overview of the current state of the ArcSight ESM product line. Join us in this interactive session, where you will have a glimpse into our labs while we talk about emerging needs and the evolution of SIEM to security intelligence and risk management. Your feedback can influence the direction of the ArcSight ESM nation!


*Unfortunately, the presentation slides for this session will not be available after the conference.


Primer: Got Reports? Beyond the Basics
Level: Intermediate
Speaker: Normand Bourgeois, Senior Instructor, HP ArcSight
There is a difference between data and useful information. This primer expands on the session, Got Reports? The ABCs, and explains how to use resources to create reports in your own environment.


Primer: Using Variables
Level: Intermediate
Speaker: Javier Inclan, Education Delivery Manager, HP ArcSight
This primer session demonstrates how to create effective variables, which can add flexibility to ArcSight ESM resources. Learn what to consider when adding variables into ArcSight ESM resources. Also learn how to make your resources flexible by using virtual event fields, whose values are derived from a special function performed on another field.


Risk Management for Business Processes: A New Approach
Level: Intermediate
Speaker: Ryan Thomas, Product Manager, EnterpriseView Applications, HP ArcSight

Today's IT and business executives lack visibility into enterprise-wide risk relative to critical business processes. IT GRC solutions have attempted to address this problem but have primarily delivered a repository for policy development and compliance. Join this session to learn how ArcSight is addressing this important visibility gap with a radically different approach.


*Unfortunately, the presentation slides for this session will not be available after the conference.


Advanced Visibility via Global Threat Response and Reputation Management 
Level: Intermediate
Speaker: Will Gragido, Product Line Management, HP DVLabs, HP TippingPoint
Organizations strive to preserve their reputation and brand in ever-changing business climates. As the maturity and focused efforts of cybercriminals has grown over the past decade, cyber reputation management has become a requirement rather than an option. This session will identify factors escalating current threats and address how global threat intelligence can be used to combat and mitigate evolving threats.


*Unfortunately, the presentation slides for this session will not be available after the conference.


Security Analytics: An HP Labs Project 
Level: Intermediate
Speaker: Raj Rajagopalan, Research Scientist, HP
Executive decision makers need a quantitative paradigm that helps direct scarce resources proportionately towards the most dangerous gaps in our security infrastructure. In the context of a security lifecycle vision, we will present a case study on the cost/benefit analysis in incident management and also demonstrate our new technology for chronologically visualizing logged incident data in an intuitive manner.


IT Security is Not SCADA Security
Level: Intermediate
Speaker: Garett Montgomery, Associate Security Researcher, HP TippingPoint
SCADA systems run our nation’s critical infrastructure and were formerly isolated systems. Now increasingly more connected, these systems are exposed to the same cyberattacks plaguing corporate IT, and many security practices used don't easily translate to SCADA. This talk focuses on the challenges of securing SCADA systems and which best practices do, and more importantly, do not work for SCADA systems.


Effective Remediation of Application Vulnerabilities
Level: Intermediate
Speaker: Rob Roy, CTO, Federal Division, HP Fortify
Application vulnerabilities are one of the biggest sources of risk in IT. Once identified, there are two basic means for effective remediation: working with the group that developed the application and encouraging them to fix the application's source code, or remediate the vulnerabilities in production. This session will cover the application remediation problem and discuss available approaches and capabilities.


Security at the Application Layer
Level: Intermediate
Speaker: Pravir Chandra, Director of Strategic Services, HP Fortify
Today, the majority of cyberattacks are being conducted against the application layer. Organizations may try potential solutions, but most fail to significantly improve application security. Attend this session and find out how organizations are instituting software security assurance (SSA) programs built on practices that bolster security throughout the lifecycle. We will provide an overview of modern SSA programs, cost/benefit dynamics and key success factors.


Software Security Delivered in the Cloud
Level: Intermediate
Speaker: Taylor McKinley, Director, Fortify on Demand, HP Fortify
Software security is one of the fastest growing IT security challenges today. Organizations are embracing the need to quickly secure both internally developed and third-party code, a process that can be greatly aided by leveraging the cloud to test applications. This presentation will review where software security is today and demonstrate how to leverage the cloud for software security.


Addressing Social Media Threats and Risks to the Enterprise
Level: Basic
Speaker: Loke Yeow Wong, Asia Pacific Regional Director, HP ArcSight
Social media is an Internet phenomenon that is rapidly transforming the way in which people and companies are interacting. This session will review the worldwide proliferation of social media usage within the workforce, and will discuss the challenges and strategies for addressing some of its most imminent threats and risks to the business enterprise. Real-world risk scenarios and case studies are included.



Enhancing Your ArcSight ESM Implementation Using Open Source Security Tools
Level: Intermediate
Speaker: Robert McGinley, Sr. Professional Services Consultant, HP ArcSight

Want to leverage open source tools to "feed the beast"?  In this session, you will learn how to feed vulnerability and network scans from Nmap and Nessus into ArcSight ESM to help build a network and asset model, as well as pull in IDS information from host-based OSSEC and network-based SNORT to show you what’s occurring on your network.



You Can't Correlate What You Don't Have
Level: Intermediate
Speaker: Scott Carlson, Strategic Projects Architect, Apollo Group
Rick Yetter, Systems Administrator, Apollo Group
This session will discuss obtaining real-time events from servers and network devices using syslog, SNARE, and other logging functionality. Scenarios will be presented that address the need to double-send logs to multiple ArcSight ESM instances in alternate data centers, and how to develop an effective strategy prior to deployment. An understanding of Unix/Windows event handling and syslog will be helpful in getting the most out of this session.


SIEM: The Next Generation – Moving from Compliance to Risk Management
Level: Intermediate
Speaker: Paul Truitt, Information Security Manager, Wawa and Dave Ruess, Senior Information Security Analyst, Wawa
This session will discuss how Wawa is cultivating organizational involvement and getting the support needed to expand from their initial PCI compliance-driven SIEM project to a risk-oriented SIEM program. Discover how they managed ArcSight investment costs, overcame organizational challenges to align with business requirements, and are now implementing use cases that go well beyond compliance, including fraud detection for various business areas.


Where are My Logs?
Level: Intermediate
Speaker: Vinicius Engel, Lead Security Analyst, earthwave
Failing to collect logs from a key device can cause you to miss that single incident that will severely damage your organization. Learn how to create a reliable baseline for each of your devices based on specific timeframes, and gain intelligence for tracking devices and ensuring they are producing logs as they should. For maximum benefit, attendees should have advanced knowledge of trends, trend actions, active lists, rules and dependent variables.


Into The World of Proprietary Networks and Cryptic Devices
Level: Intermediate
Speakers: Milos Petrovic, Manager, Enterprise Risk Services, Deloitte, Kevin Lackey, Senior Security Analyst, Electric Reliability Council of Texas (ERCOT) and Ryan Kalember, Director, Products, HP ArcSight
National critical infrastructure relies on interconnected control system networks and SCADA devices, which can be a conduit for large-scale cyberattacks. This session will review architecture and content best practices from actual energy and utilities sector deployments and will highlight how ArcSight products can be used to address NERC CIP mandates and provide critical infrastructure protection.


Facing CyberIntelligence Overload? Avoid Meltdown with a CyberIntelligence Clearinghouse
Level: Intermediate
Speakers: Pete Babcock, Lead Security Analyst, USAA
Don Franke, Senior Security Analyst, USAA
Faced with managing a plethora of cyberintelligence data from a multitude of sources (government, industry, vendor, and open source), USAA has developed a homegrown tool that is capable of managing the whole intelligence life cycle and integrates tightly with ArcSight ESM. Join this session to see the finished tool and hear about lessons learned along the development path.


Plug and Play the ArcSight Way
Level: Intermediate
Speaker: Tarang Parikh, Associate Vice President, WNS Global Services
In this session, WNS Global Services will discuss the impact of ArcSight ESM on their SOC operations. Take-aways include knowledge and insights regarding dashboards, real-time alerts, time-based reporting, trend analysis and use cases. Many process automations utilizing ArcSight ESM will be shown.


SAP Fraud and Business Risk Management with ArcSight Technology
Level: Intermediate
Speaker: Glen Holland, Senior Manager, Deloitte
Given the breadth of users, roles and activities across enterprise SAP environments, the potential for costly errors, misuse, fraud and compliance violations is great. To mitigate these risks, organizations require deep visibility into all user, system and transaction activity, combined with sophisticated threat detection capabilities. Learn how ArcSight ESM is uniquely positioned to address these risks in both SAP and non-SAP systems.



Application Log Monitoring for Today’s Threat Landscape
Level: Intermediate
Speaker: Mike Malarkey, Vice President of Information Security, Forbes Top 5 Financial Organization

This session will discuss the use of application log monitoring, correlated with other security event sources, to identify activity in the ever-evolving threat landscape. Attendees should have a working knowledge of server logs, specifically those dealing with Apache and IIS Web servers.



Writing Threat Intelligence Content for Today's Threats
Level: Intermediate
Speaker: John DiFederico, Security Engineer, SAIC
Open source threat intelligence is intended to add context to our traffic, but is just as prone to false positives as any other security product. Prioritizing by volume is not enough to find true threats. Find out how SAIC leverages open source and subscription-based threat intelligence. Lessons learned, specific content and technical examples, and best practice recommendations will be included.


"Are You a Smart Connector?"
Level: Intermediate
Speaker: Mark Ulmer, Senior Systems Engineer, Apollo Group
This session will deep-dive into software-based ArcSight SmartConnectors on Windows and Linux. Lessons learned at Apollo Group will be presented, covering topics such as installation basics, operational tips, scripting, what's in the log files, upgrading, long-term care and Java memory tuning. ArcSight administrators of Windows and Linux-based connectors are encouraged to attend.


ArcSight Solutions for the Federal Sector: Trends, Challenges and Approaches
Level: Intermediate
Speaker: Mark Masone, Senior Manager, Deloitte
The federal sector is undergoing turmoil never seen before: public expectation for technology-enabled services, enormous budget pressures and intensified sophistication in cyberattacks. Attend this session to learn how your agency can use ArcSight solutions to deploy a comprehensive threat lifecycle capability, addressing the advanced persistent threat profile.


When Anti-Virus Doesn't Cut It: Catching Malware with ArcSight ESM and ArcSight Logger
Level: Intermediate
Speaker: Wyman Stocks, Information Security Manager, NetApp
Using the Conficker worm as an example, this session will discuss how NetApp has successfully defeated malware using a combination of event correlation, automation and process. Find out how you can build more visibility into the network to capture malware before it gets to end users.


Using Workflow Automation to Reduce Risk and Accelerate Incident Response
Level: Intermediate
Speakers: Ryan Walters, Director of Security, Northrop Grumman and Dr. Phyllis Schneck, Vice President and CTO, Global Public Sector, McAfee
Don't let your security systems become islands. Attend this session and see how to link the three key aspects of security operations: monitor your systems, network devices and end-user activity; rapidly detect and respond to security incidents; and achieve and maintain regulatory compliance. The right solution addresses all three aspects to manage risk, reduce operational costs and streamline the compliance lifecycle.


*Unfortunately, the presentation slides for this session will not be available after the conference.


Sensitive Data Protection with Relatively Simple Correlation
Level: Intermediate
Speaker: Tom McMahon, Senior Security Engineer, Weill Cornell Medical College
This session will demonstrate how Weill Cornell leverages ArcSight ESM to gather logs from electronic medical records systems, such as EpicCare Ambulatory via Clarity and FairWarning, and correlate them with security logs from AV, DLP, IPS and other monitoring systems. The result enables you to detect the location of sensitive data, determine remediation actions, and identify any potential or actual data leaks.


ArcSight ESM as a Platform for Internal/External Security Intelligence Integration
Level: Intermediate
Speaker: Joseph Magee, Chief Technology Officer, Vigilant
Many organizations have a tough time making effective use of threat intelligence. This session discusses how the real-time correlation and analytic power of ArcSight ESM can be harnessed to make external threat data immediately actionable in preventing or minimizing the impact of even the most sophisticated threats. Attendees should have an understanding of botnets, malware, phishing exploits and the challenges of detecting them.


Mitigating Risk with Continuous Monitoring and Auditing of Privileged User Activity
Level: Intermediate
Speakers: Richard Weeks, VP, Business Development, Cyber-Ark Software and Quinn North, Security Information Architect, Verisk Analytics

Learn how highly regulated organizations such as ISO are mitigating the risk of a data breach by integrating privileged identity management (PIM) and ArcSight SIEM technology. You will gain practical implementation knowledge and an understanding of the impact: real-time PIM anomaly detection; an increased, proactive information security posture; and a more granular privileged audit trail that shortens forensic analysis times – all while meeting strict regulatory compliance requirements.


Realizing the Value-Add: Operationalize Your ArcSight ESM Deployment
Level: Intermediate
Speaker: Fernando Patzan, Managing Consultant, CyberSecurity, InfoReliance
With an extremely high volume of event data, training analysts for role-based responsibilities, creating supporting workflows for watch operations and developing content tailored to the target infrastructure are key to unlocking the value of ArcSight ESM. This session will discuss best practices for collaborative SOC environments that drive progressive optimization of your ArcSight ESM deployment and effectively mitigate risk to the infrastructure.


Back to Top



Advanced Sessions


Tips and Tricks for ArcSight ESM
Level: Advanced
Speaker: Raju Gottumukkala, ArcSight Expert, HP ArcSight
In this session you will learn super user tricks that address several scenarios, including: displaying the same field in a correlation event from multiple base events; using negative events; checking and populating a field in an active list from another field in a different active list; manipulating date type field in an active list; and understanding the quirks in every threshold and time unit triggers.


Advanced ArcSight Logger Techniques
Level: Advanced
Speakers: Marylou Orayani, Senior Software Development Manager, HP ArcSight and Alexei Suvorov, Senior Security Engineer, HP ArcSight
Attend this session and learn how to monitor and troubleshoot ArcSight Logger using its own advanced capabilities, such as multi-line file receivers and powerful search operators. Find top exceptions, search requests made by user and IP addresses, and use elapsed search times. Use ArcSight Logger to monitor and troubleshoot applications, as well as other ArcSight products.


ArcSight ESM Database Performance from the Bottom-Up
Level: Advanced
Speaker: Kerry Adkins, Senior Customer Support Engineer, HP ArcSight
Looking to achieve optimal performance with your ArcSight ESM database? In this session, we’ll cover topics that affect database performance: storage hardware, RAID levels, laying out data files, tuning your Oracle instance for optimal performance and indexing. Also included is information from tools that our support and developer teams use for troubleshooting.


Catch Me If You Can
Level: Advanced
Speakers: Duc Ha, Senior Solutions Engineer, HP ArcSight and Raju Gottumukkala, ArcSight Expert, HP ArcSight
In this session you’ll learn how to build content for detecting unusual user and systems behaviors. Specifically, we’ll walk you through the process using two examples: Internet banking and system performance monitoring. Through these examples, you will learn advanced ArcSight ESM techniques for constructing behavior profiles of monitored subjects and detecting any deviance from those profiles.


ArcSight Logger Under the Covers: Exposing the API
Level: Advanced
Speaker: Aaron Kramer, Sales Engineer, HP ArcSight
ArcSight Logger has an API! Learn how to make calls to ArcSight Logger search and reporting systems. Now you can access data in ArcSight Logger from other applications. If you are an MSSP, learn how to provide your customers with access to their data. ArcSight Logger API calls will be reviewed, and some non-traditional data visualizations drawn from API testing will be shown.


API, SDK and Service-Oriented Architecture in ArcSight ESM
Level: Advanced
Speakers: Daniel Liu, Senior Software Engineer, HP ArcSight and Yanlin Wang, Software Architect, HP ArcSight
ArcSight ESM exposes a service layer that supports protocols such as SOAP, REST and other industry standards. Programmers can now access ArcSight ESM data and services through exposed Web service protocols and APIs. ArcSight ESM SDK is a great way to build custom ArcSight ESM automation tools and integrate ArcSight ESM services into a custom portal site or any enterprise application.


Next Generation Fraud Detection
Level: Advanced
Speaker: Ryan Kalember, Director, Products, HP ArcSight
More users are executing more transactions online than ever before. This rise in online finance has been matched by an equal rise in malware, hackers and organized criminals, using sophisticated methods to steal money from clients. In this session we will take an in-depth look at the most prevalent threats, as well as advanced prevention, detection and response mechanisms.


*Unfortunately, the presentation slides for this session will not be available after the conference.


Running ArcSight ESM Manager at Full Throttle
Level: Advanced
Speaker: Gagan Taneja, Senior Software Engineer, HP ArcSight
This session is for ArcSight ESM administrators and users who want to get a better understanding of ArcSight ESM and who want to keep ArcSight ESM in good health. This session covers ArcSight ESM administration, architecture and performance debugging.


Deep Dive into ArcSight ESM Performance Troubleshooting
Level: Advanced
Speakers: Medha Rangnekar, Principal Technical Support Engineer, HP ArcSight and Alex Gluzman, Tier 3 Technical Support Manager, HP ArcSight
This in-depth session will cover typical performance troubleshooting steps and provide the techniques, tips and tools that the ArcSight support team uses to investigate issues. At the end of this session you will be fully knowledgeable on how to increase ArcSight ESM performance.


Connector-to-Connector Communication: The New Encrypted Transports
Level: Advanced
Speakers: RaghuRam Pamidimarri, Software Designer, HP ArcSight and Hector Aguilar, VP of Software Development, HP ArcSight
One way channels? UDP? TCP? Encryption? Low bandwidth links? High event rate relay? Ever had these questions while designing your deployment? Come discover three new features that enable super-fast, encrypted event relay – and transport events like never before. This opens up a myriad of deployment possibilities and will stimulate your creativity.


Repelling the Wily Insider
Level: Advanced
Speaker: Matias Madou, Principal Security Researcher, HP Fortify
This session will demonstrate how insiders who write code have an unlimited number of ways to put chinks in the armor of their software. We'll consider what happens when insiders are not so pure of heart and discuss techniques defenders should employ. Head-to-head results of a face-off between static analysis and the best backdoors will be included.


The Bugs that Bad Guys Bank On
Level: Advanced
Speaker: Pravir Chandra, Director of Strategic Services, HP Fortify
In this session, attendees will see live demonstrations of flaws in software that allow a huge variety of mischievous hackers to bend systems to their will. Using examples from real compromises, this session will give attendees foundational technical skills to understand software security vulnerabilities. On-stage demonstrations will show the anatomy of attacks, what they target and how they can be prevented.


Using ArcSight Products to Test and Train Your SOC Watch Standers
Level: Advanced
Speaker: Dean Farrington, Information Security Engineer, Wells Fargo
The phrase "Train as you fight, fight as you train” is not only good doctrine for the armed forces but also for computer security incident response teams. This session will discuss a training architecture based on ArcSight ESM and ArcSight Logger that allows SOC operators to be trained with the same toolset they use on a daily basis, and also conduct incident response exercises in a way that allows the team to practice using ArcSight technology.


Critical Success Factors for Successful ArcSight ESM Deployments
Level: Advanced
Speaker: Michael Wimpy, Architect, Unisys
This session will discuss lessons learned from successfully designing and supporting numerous ArcSight deployments, ranging from large to small and including geographically dispersed environments. Critical success factors will be discussed, such as scalable ArcSight ESM architectural designs, value of data flow analysis, and maximizing syslog connector performance. Those with ArcSight ESM and ArcSight SmartConnector deployment experience are encouraged to attend.


ArcSight ESM Performance Tuning with RHEL
Level: Advanced
Speaker: Joe Burke, Solutions Architect, Knowledge Consulting Group
This session will discuss how to design and tune your ArcSight ESM system using Red Hat Enterprise Linux to achieve maximum performance. In addition to providing specific configuration recommendations, this session will also explain how to properly create a test plan to accurately measure the performance impact of any configuration change.


Automated GRC Policy to Proactively Counter Cyberthreats 
Level: Advanced
Speaker: Daniel Conroy, Managing Director, CISO and Global Head of Information Security, Bank of New York Mellon
Attend this session and learn how the Bank of New York Mellon, a global financial enterprise with 180,000+ endpoints, has implemented an automated GRC policy where the integration of network access control with SIEM provides a greater insight into suspicious activity across the network. See how removing the burden of manually monitoring compliance issues can allow you to focus proactively on countering cyberthreats.


Back to Top