This resource is no longer available
Log management and analysis: How, when and why
Security teams log lots of events—more and more of them all the time. Unfortunately, they don't make much use of these logs except in retrospect when trying to understand something long after it happened. In order to improve your organization's security posture, security teams needs to make better use of logs. The challenges in doing so are both organizational and technical, and it is imperative that you address both sides of the problem. Security and network teams must work together in order to implement robust aggregation, analysis, reporting and search.
In this presentation, we’ll review how to make the most of logs to augment an organization’s security posture. Specific points of emphasis include:
- Knowing what you know: Assessing your current state of log collection and aggregation
- Knowing how to understand it: Making sure you can normalize and analyze logs for key security data
- Knowing what to do with it: Organizing security and networking teams to make optimal use of log data
- Knowing what to look for: What to look for in assessing log management, correlation and analysis tools
SpeakerJohn Burke Principal Research Analyst
John Burke is a Principal Research Analyst with Nemertes Research, where he conducts primary research, develops cost models, delivers strategic seminars, advises clients, and writes thought-leadership pieces across a wide variety of topics. John's main focus of research are cloud computing, virtualization, application delivery networking, SOA, and SaaS. His other areas of expertise are information stewardship (including information protection, information lifecycle management, business continuity planning, compliance, and data quality management) and storage technologies. As an established speaker, John has appeared at Interop, Network World IT Roadmap and TechTarget events, as well as private events for Cisco, AT&T, and others.