HP Protect 2011 Theater Talks

Document created by beleslie on Jul 25, 2011Last modified by beleslie on Jul 8, 2014
Version 11Show Document
  • View in full screen mode

HP Protect 2011 has something to offer all levels of ArcSight customers! Here is a sneak peek of the presentation line up...


Have a question? Ask the presenters!
Please tag your inquiry with the session # so that your
question may be routed to the appropriate presenter.


Customer Theaters


Standing Up a SOC from Scratch: Tips and Tricks
Level: Basic
Speaker: Shogo Cottrell, Director, IT Security, Collective Brands|Payless ShoeSource
Attend this talk and discover how Collective Brands built a mature SOC in six months. Learn what it takes to develop an extremely successful SOC – from kick-start strategies to staffing, technology and consulting – and ultimately deliver a significantly improved security posture.


Transform Your Information Security Program Using ArcSight
Level: Basic
Speaker: Will Perez, IT Security Manager, Royal Caribbean Cruises
This talk paints a lively picture of how Royal Caribbean embarked on a challenging yet satisfying SIEM program journey, from management buy-in to building and fully staffing a SOC. Grab a seat and get new inspiration and ideas on how to leverage your ArcSight solution.


Using Whitelist Security with ArcSight ESM to Prevent Targeted Attacks and APTs
Level: Intermediate
Speaker: Tracy Herriotts, Senior Staff Engineer, Johns Hopkins University and Harry Sverdlove, Chief Technology Officer, Bit9, Inc.
With the ineffectiveness of traditional antivirus tools and explosion of malware, the endpoint has become a blind spot. This session will cover whitelisting, which provides a new layer of defense against advanced persistent threats. In the deployment presented, ArcSight ESM provides the correlation of information across systems, leveraging Bit9 Parity endpoint sensor data.


New Age Risks in Banking: Beat the Fraud
Level: Intermediate
Speaker: Vinod Vasudevan, Chief Operating Officer, Paladion
This session will discuss how banks in Asia and the Middle East have customized ArcSight ESM to detect advanced cyberattacks from hacker syndicates. Learn best practices for developing custom connectors for banking applications and how to build rules and reports that enable early detection.


SOC 2.0: Trends, Tips and Tricks
Level: Basic
Speaker: Dereck L. Haye, Co-Founder, Custodian Network Security
Attend this talk and see how companies are leveraging ArcSight technology to its most efficient and optimal capacity in SOC 2.0 solutions. The premise assumes infection to be almost 100% probable; the focus is on quick detection and remediation.


Real-Time Threat Management through Risk Intelligence Infrastructure
Level: Intermediate Speaker: Bill Kobel, Principal, Deloitte
Speaker: Mark Masone, Senior Manager, Deloitte
This talk will discuss how the federal government and Department of Justice are using key risk indicators for gaining a common sense view of real time threats – and are adapting business processes, operational tactics, techniques and procedures


Soccer or Football? / ArcSight ESM or ArcSight Logger?
Level: Basic
Speaker: Hakan Onal, Network Security Specialist, Citigroup
This session will cover ArcSight ESM and ArcSight Logger basics from the perspective of Citigroup, who has deployed a global SIEM network. Attendees will come away with a clear understanding of the meaning and difference of both products.


Empowering PHI and PII Risk Monitoring with ArcSight ESM and ArcSight IdentityView
Level: Intermediate
Speaker: Milos Petrovic, Manager, Enterprise Risk Services, Deloitte
This talk will reveal how ArcSight ESM and ArcSight IdentityView can be used to monitor access to clinical data by hospital staff, medical practitioners and other interested parties. Key elements include risk monitoring, adaptive user analysis and long-term anomaly detection.


ArcSight ESM Reports: It Pays to Know Your Audience
Level: Basic
Speaker: Heike Herpich, VP of Information Security, Forbes Top 5 Financial Organization and Scott Parkinson, Principal Consultant, HP ArcSight
With increasing cyberthreats, compliance regulations and management oversight, the demand for security event reporting has grown. Attend this talk and learn how a world-leading financial organization implemented business requirement documentation to better tailor ArcSight ESM reports to targeted audiences.


Anatomy of a High-Profile Attack: Modern Lessons for Security Monitoring
Level: Intermediate
Speaker: Dragos Lungu, Security Consultant, Meta/Net
This session will be a top-to-bottom technical discussion on the recent security breaches reported by Sony, RSA, HBGary and others. An analysis of these real-world attack vectors and the targeted infrastructure will be presented, along with recommendations on ArcSight countermeasures which could have prevented these attacks from succeeding.


Overcoming Performance Hurdles: How to Build a Multi-Million IOP ArcSight Database
Level: Advanced
Speaker: Eric Lippart, Engineer, MITRE
Learn how to design and build a multi-million IOP ArcSight database capable of meeting even the most demanding performance requirements, without breaking your budget. Traditional architectures, advanced techniques and considerations for future architectures will be discussed.


ArcSight ESM at NYU: Protecting a Global Enterprise University
Level: Intermediate
Speaker: Brian Smith-Sweeney, Project Lead, New York University
As a higher education institution, New York University faces somewhat unique network security challenges: they have a high-speed (multi-gigabit), highly distributed and heterogeneous network, and must carefully balance the principles of academic freedom with appropriate threat response and regulatory compliance. Come hear about their experiences redeveloping a best-of-breed security monitoring infrastructure to help address these challenges, with ArcSight ESM at the core.


*Unfortunately, the presentation slides for this session will not be available after the conference.



Event Flow Monitoring: A Working Enterprise Model
Level: Advanced
Speaker: Jeff Van Hammond, Senior Security Engineer, Wells Fargo and Harry Halladay, Solutions Architect, HP ArcSight
Looking for a way to monitor event traffic from each of your ArcSight Connectors? Or a way to effectively monitor traffic from devices that feed into them? How do you know if you are still receiving events from a particular connector, device or device vendor product pair? Join us for this talk and discover an innovative method for capturing that information.


Leveraging SIEM for Your Cloud Applications
Level: Basic
Speaker: Ricky Allen, Senior Manager, Accenture Technology Consulting
The rapid adoption of cloud services has created a specific need for log monitoring and correlation. This session begins with a background on the differences between SaaS, PaaS and IaaS models and is followed with essential tips on working with cloud providers with sample use cases for monitoring critical business applications.


Back to Top



Solutions Theater


SOC for Sale
Speaker: Jesse Emerson, Managing Principal, North America, HP ArcSight
This talk will help you understand what business requirements matter, how to structure the costs in a manageable way, and translate the necessity of a SOC into executive approval.


Security Operations for the Federal Set
Speaker: Bruce Oehler, Federal Managing Principal, HP ArcSight
In this talk, we will spotlight the features that take a federal SOC from birth to a mature, successful operation.


Has Your SOC Hit Puberty?
Speaker: Nick Essner, Principal Consultant, HP ArcSight
Attend this talk to learn about the methodology to help determine whether your people, processes and SIEM technology have matured.


Wiki What?
Speaker: Colin Henderson, Senior Consultant, HP ArcSight
This talk will cover the way wikis are used in security operations and will also explain in-depth how to manage and lay out your wiki content to take complete advantage of the nimble technology.


It’s a Cluster!
Speaker: Colin Henderson, Senior Consultant, HP ArcSight
Learn about how one Fortune 10 company installed the ArcSight ESM database, manager and Web on high availability Windows clusters running Microsoft Clustering Services. 


Perimeter Security Intelligence
Speaker: Morris Hicks, Senior Director, Services Engineering, HP ArcSight
This talk will discuss core components and use cases necessary for establishing a perimeter security intelligence program.


Insider Threat Intelligence
Speaker: Morris Hicks, Senior Director, Services Engineering, HP ArcSight
This talk will discuss core components and use cases necessary for establishing an insider threat security intelligence program.


Automate or Die: Compliance Reporting
Speaker: Morris Hicks, Senior Director, Services Engineering, HP ArcSight
This talk will discuss core components and use cases necessary for establishing an automated compliance reporting capability.


One Size Doesn’t Fit All: Customized Training
Speaker: Khalid Shaikh, Senior Director, Global Education, HP ArcSight
Learn about the value of customized training, which combines technology, roles and responsibilities, processes and procedures.


Architecture Review
Speaker: Brook Watson, Solutions Architect, HP ArcSight
This talk will review key solution architectures and discuss performance and availability implications of each.


Solution Building by Example
Speaker: Al Veach, Principal Security Strategist, HP ArcSight
In this talk on solution building, we will address use case development by example.  


ArcSight ESM Health Check
Speaker: Harry Halladay, Solutions Architect, HP ArcSight
This talk will demonstrate how to evaluate the health of ArcSight ESM for optimal performance.


Solution Accelerators
Speaker: Brook Watson, Solutions Architect, HP ArcSight
Attend this talk to learn about packaged use cases for integrating threat intelligence information into ArcSight ESM and the underlying value proposition.


Data Leakage
Speaker: Luke Leboeuf, Principal Consultant, HP ArcSight
This talk will discuss core components and use cases necessary for establishing a data leakage monitoring program.


Back to Top



Turbo Talk Theater


ArcSight Logger Integration with HP OM and OMi
Speaker: Matthew Larsen, Senior Software Engineer, HP ArcSight
This talk will look at ArcSight Logger integration with HP's OM and OMi tools, cover valuable use cases and teach useful ArcSight Logger search commands.


Building an Extended Vulnerability Management System on ArcSight ESM
Speaker: Duc Ha, Senior Solutions Engineer, HP ArcSight
Learn how to build content to keep track of vulnerabilities by their extra properties (severity, affected platform or product, etc., as you design them), all on top of your ArcSight ESM console.


ArcSight Logger Search Helper: Searching was Never this Easy
Speaker: Brad Cleveland, Senior Software Engineer, HP ArcSight
Learn about what the ArcSight Logger Search Helper can do for you, the information it provides, and tips and tricks for maximizing its full potential.


SANS 20 Critical Security Controls with ArcSight CIPs
Speaker: Ryan Thomas, Product Manager, ArcSight EnterpriseView Applications, HP ArcSight
Overwhelmed with compliance regulation jargon and not sure what to do? Learn how to implement security controls and measure their effectiveness. Start your compliance program with ArcSight's Compliance Insight Packages and reduce security risk through implementation and measurement of the SANS 20 Critical Security Controls.


Scaling ArcSight Logger Deployment by Peering
Speaker: Wenting Tang, Principal Software Engineer, HP ArcSight
This talk will cover how to scale ArcSight Logger deployment by using peering and peer search functionality.  Learn the peering concept, latest peering search enhancements, and peering access controls and other tips.


Understanding ArcSight Logger Appliance System Events
Speaker: Wenting Tang, Principal Software Engineer, HP ArcSight
This talk covers system statistical events and system health events in ArcSight Logger 5.1. By understanding these events, users will gain insight into ArcSight Logger appliance hardware health and operational efficiency.


ArcSight Web 2.0: The Next Generation SIEM Management Console
Speaker: Ed Chen, Senior Software Engineer, HP ArcSight
Gain insight into the new ArcSight Web 2.0 administrative console and how to perform administrative tasks such as managing users, storage and customized preferences.


ArcSight Logger Searching with the Rex Pipeline Operator
Speaker: Matthew Larsen, Senior Software Engineer, HP ArcSight
Need help understanding how to use the Rex Pipeline operator in ArcSight Logger search commands? In this talk we will discuss the details of the Rex Syntax and Regular Expressions and examples. Boost the power of your searches with REX!


Monitoring SmartMeters Using Domains
Speaker: Aravind Mudunuri, Software Designer, HP ArcSight 
This talk will explain how to use the domain feature of ArcSight ESM to customize events from a smart meter device and use domain fields to detect smart meter fraud.


Improved ArcSight Connector Appliance Administration Interface
Speaker: Ed Chen, Senior Software Engineer, HP ArcSight
This talk provides a deep dive into the ArcSight Connector Appliance system administration user interface. Learn about system health, operation auditing and more.


How Do You Customize Cases?
Speaker: Parvati Ashok, Software Development Manager, HP ArcSight
Learn how to customize cases and integration of cases with third-party ticketing applications.


Securing Your ArcSight Deployment
Speaker: Yanlin Wang, Software Architect, HP ArcSight
Most government agencies are required to use federal information processing standards (FIPS)140-2 to protect sensitive information while others need stronger security enforcement, such as Suite B to protect information up to top SECRET level. This talk explains how to deploy, manage and troubleshoot FIPS 140-2 and Suite B across ArcSight products.


ArcSight ESM with Oracle 11g Database
Speaker: Swarna Dandapani, Senior Software Engineer, HP ArcSight
This talk focuses on providing an overview of Oracle 11g fresh installation and upgrades from 10g scenarios. We will also cover relevant changes between the two versions in addition to export/import and PSUs/CPUs.


Authoring and Sharing of ArcSight FlexConnectors Made Easy
Speaker: Sarwat Aleemjee, Senior Software Engineer, HP ArcSight
This talk will showcase ArcSight FlexConnector wizard and ArcSight ArcExchange tools to author and share custom connectors with ease.


Introducing the ArcSight Logger Web Services API
Speaker: Shivdev Kalambi, Principal Software Engineer, HP ArcSight
This talk introduces the search and reporting APIs available to query ArcSight Logger for your events, through real-world examples with snippets of Java source code.


Exploiting Variables to Build Powerful ArcSight ESM Content
Speaker: Rob Block, Principal Software Engineer, HP ArcSight
This talk will explain how using variables can extend and customize ArcSight ESM functionality and build powerful content to solve specific use cases. We will cover the built-in ArcSight ESM variable functions, chaining, run-time performance considerations, and examples of using Velocity to perform sophisticated text processing.


ArcSight SmartConnectors: Content Versioning
Speaker: Rusha Mistri, Software Designer, HP ArcSight
Do you wish there was a way to retain existing content and still be able to utilize the advantages of new content? Do you wish for a smoother content migration path? If so, come learn about content versioning, a new ArcSight SmartConnectors feature that helps you address these concerns.


Make Effective Use of the ArcSight Knowledge Base
Speaker: Kirandeep Kaur, Knowledge Base Lead, HP ArcSight
The ArcSight Knowledge Base can help you find answers to your questions quickly, anytime and anywhere! Learn how to make effective use of the ArcSight Knowledge Base through keyword search or by using our support ticketing system.


Best Practices and Efficiency Tips for ArcSight Rules
Speaker: Rob Block, Principal Software Engineer, HP ArcSight
This talk will discuss best practices for developing and deploying Rules in ArcSight ESM. It is intended for content developers who have experience creating rules and want to improve their understanding of the Rules Engine to maximize the performance and efficiency of the rules they author.


Application of Global Variables in Pattern Discovery
Speaker: Zhipeng Zhao, Senior Software Engineer, HP ArcSight
In this talk, we will introduce the concept of global variables, particularly the creation and handling, using pattern discovery. We will then illustrate the application of global variables in pattern discovery with some real-world examples.


Parser Versioning Simplifies Monitoring Microsoft Windows Audit Logs
Speaker: Morgan DeRodeff, Technical Marketing Engineer, HP ArcSight
Attend this talk to learn about a brand new ArcSight SmartConnector feature that has enabled ArcSight to create a content pack to help you monitor Microsoft Windows audit logs. We will cover how Parser Versioning works and walk through the new Microsoft Windows monitoring content pack.


ArcSight SmartConnectors for Database Deep Dive
Speaker: Antonio Bonuccelli, Tier 2 Arcsight Technical Support, HP ArcSight
This talk will teach you how to analyze problematic scenarios by identifying and resolving common problems with ArcSight SmartConnector for Database installations. It also provides analysis of use cases such as the Microsoft SQL ArcSight SmartConnector.


All About ArcSight ESM Upgrades
Speaker: Archana Bharathidasan, Senior Software Engineer, HP ArcSight
Learn the tips and tricks to ensure a successful upgrade to the latest version of ArcSight ESM! This talk will cover the ArcSight ESM upgrade process and provide troubleshooting ideas and applicable recovery methods for common issues.


ArcSight vs. KITT, Using CEF to "Talk" to My Car
Speaker: Morgan DeRodeff, Technical Marketing Engineer, HP ArcSight
Learn how you can use CEF to speed up and simplify integrations with ArcSight. In this talk we will walk through the basics of implementing CEF and cover a unique use case pitting ArcSight against the Knight Industries Two Thousand (KITT).


Syslog Connector Under the Hood
Speaker: Melissa Volokitin, Technical Support Knowledge Base Engineer, HP ArcSight
This session will cover how the syslog connector processes events, the types of syslog parsers and formats, parser syntax, and the purpose of the syslog.properties file. Attend this talk and learn how to troubleshoot common problems, and customize and optimize the connector.


DNS: A Command/Control or Infiltration of Information?
Speaker: Matt Hollingsworth, Sales Engineer, HP ArcSight
In this talk we will consider domain name system techniques used to bypass perimeter defenses and what to look for to expose potential misuse.


ArcSight CoRR Engine: Where did Everything Go?
Speaker: David Wiser, Software Architect, HP ArcSight
ArcSight Express v3.0 users want to know things such as where their events, trends and resources are. This talk answers these questions, shows how much faster you can store and query events, and also covers improvements introduced by the ArcSight CoRR Engine.


Shedding Light on Side Tables
Speaker: Gagan Taneja, Senior Software Engineer, HP ArcSight
This talk covers how ArcSight ESM stores security events in an Oracle database, how event table schema is normalized, and the significance of different caches used by the ArcSight ESM manager to achieve a very high read/write performance. We will also cover some of the precautions and care you must take to avoid a large number of entries in supporting event tables and caches.


Running an Event Application on the ArcSight Platform
Speaker: Shrikanth Ramaswamy, Software Engineer, HP ArcSight
The ArcSight App Engine provides amazing opportunities for developers to transform their ideas into an event application that can be deployed in conjunction with the ArcSight platform to extend its functionalities. This session covers how to write an ArcSight Event App to enrich an event, and also covers the process of validating it before deployment.


ArcSight Logger Reporting Enhancements Using SQL
Speaker: Prentice Hayes, Senior Security Engineer, HP ArcSight
SQL is a powerful tool, but sometimes is a bit tricky to use. Discover how to break down some of the more complicated queries in the ArcSight Logger foundation content, including conditional statements and functions for date and time range comparisons.


Back to Top