You have a SIEM! And now?
The 2014 edition of InfoSecurity.be is over. I was invited and received a speaker slot. I talked about one of my favourite topic: log management and SIEM but from another perspective. For a few years, SIEM solutions were pushed in front of the stage! Presented as the “security threats killer”, we must be honest: Still today, it’s very difficult to get the best of such expensive tools! Not that they are bad but they remains “tools”. Creating and maintaining correlation rules or filters is an endless game. Based on my experience, I reviewed the current situation and explained why SIEM solutions failed. The second part focused on ideas to improve the detection of threats inside the organisation.
The slides have been publised on slideshare.net:
You want to discuss about this topic? Feel freel to contact me!