1000: Application monitoring: the future of event correlation

Document created by tinacostilla on Sep 13, 2012Last modified by tliu on Jul 8, 2014
Version 5Show Document
  • View in full screen mode


Application monitoring: the future of event correlation

Speaker: Alex Rifman, AT&T

For years, our industry has identified threats based solely on network logs generated by firewalls, intrusion-detection and prevention devices, switches, and routers. In this real-world experience-based session, we will focus on the next evolution of threat and anomaly detection, and will showcase several use cases in which events sent from traditional network-layer defenses supplement non-traditional application-layer anomaly detection. You’ll learn the basics of how to integrate non-traditional event sources into your ArcSight platform, and you’ll leave with examples of correlation rules based on this approach that you can implement in your own organization.


1 person found this helpful