Application monitoring: the future of event correlation
Speaker: Alex Rifman, AT&T
For years, our industry has identified threats based solely on network logs generated by firewalls, intrusion-detection and prevention devices, switches, and routers. In this real-world experience-based session, we will focus on the next evolution of threat and anomaly detection, and will showcase several use cases in which events sent from traditional network-layer defenses supplement non-traditional application-layer anomaly detection. You’ll learn the basics of how to integrate non-traditional event sources into your ArcSight platform, and you’ll leave with examples of correlation rules based on this approach that you can implement in your own organization.