homepage
Open menu
Talk with an expert

Anton Chuvakin Discusses “20 Years of SIEM – What’s Next?”

Well-known as a SANS instructor and SIEM expert, Anton Chuvakin recently celebrated 20 years of architecting, deploying, maintaining, and tuning SIEMs.

In this webinar, he’ll review the future of SIEM – and how many of the problems that plagued early SIEM users are still with us today, such as:

  • The difficulty of operating SIEMs effectively with limited staff (e.g., "We have a small team and just enough people to keep the SIEM running – but no time left to go beyond basic use cases.")
  • Data collection and data quality issues (“We don’t have enough people to check that our collectors are still configured properly – so we don’t have visibility into blind spots.”)
  • Trusting that SIEM data structures, taxonomies, and out of the box detection rules (from SIEM vendors and MSSPs) will be effective and usable in your environment.
  • Hoping your custom detection rules are written correctly (e.g., hoping nobody mistyped “context.asset.vulnerability.severity” as “asset.context.vulnerability.severity” in a rule they wrote).

At the same time, let’s not forget that our essential SIEM mission – detecting and responding to threats – is a difficult one in today’s complex and messy environments (endpoints, cloud, micro-services, SaaS, rogue systems, etc.) with constantly-evolving security stacks (CASB, CSPM, CIEM, EASM, etc.).

So where are we going with SIEM? Anton will discuss how the scale and power of the cloud, plus how more contextual telemetry, global-scale threat intelligence, and new automation approaches have the potential of addressing some of these challenges in a meaningful way.

Anton will be joined by Yair Manor, CTO and co-founder of CardinalOps. Yair will describe data collected from real-world SIEM deployments showing answers to common challenges such as:

  • % of MITRE ATT&CK techniques covered by the average SIEM
  • Comparison with top 14 techniques actually used by adversaries in real-world attacks
  • % of broken or misconfigured rules in the average SIEM
  • The top missing log source type in the average SIEM
  • % of SIEMs that disable default out-of-the-box SIEM content
  • Log4 Shell: On average, how long did it take organizations to add new rules to detect it

Sponsored by CardinalOps: CardinalOps brings cloud-based analytics and API-driven automation enabling SOC engineering teams to stay ahead of constant change in their threat landscape and attack surface – and close the riskiest detection gaps that leave their organizations exposed.

Leveraging a proprietary, crowd-sourced, graph database of thousands of best practice detection rules — backed by human experts with nation-state expertise – the CardinalOps platform continuously delivers AI-based detection recommendations for your existing SIEM/XDR, mapped to MITRE ATT&CK and customized to your infrastructure and organizational priorities.

Login to Register

Sponsor

CardinalOps-logo_(1).png

Related Content

Blog
Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming
Continuous Purple Teaming: A Practical Approach for Strengthening Your Offensive Capabilities
This post will guide you through actionable strategies to implement adversary emulation effectively with some concrete examples.
Jeroen.jpg
Jeroen Vandeleur
read more
Blog
SANS_-_Blog_-_Zero_Trust_-_What_is_Zero_Trust_Architecture_-340x340_Thumb.jpg
Cyber Defense
What is Zero Trust Architecture?
This article outlines what Zero Trust is, how Zero Trust works, the five core principles of Zero Trust, and the stages of implementing Zero Trust.
SANS Cyber Defense
read more
Blog
blue_team_blog_image_23.png
Cyber Defense
A Visual Summary of SANS Blue Team Summit 2023
Check out these graphic recordings created in real-time throughout the event for SANS Blue Team Summit 2023
370x370-person-placeholder.png
Alison Kim
read more