Eugene Schultz - High Tower Software
Students: Fall 2022, unless noted otherwise, sessions will be virtual on Zoom.
Intrusion Detection Event Correlation: Approaches, Benefits and Pitfalls
Mar 07, 2007Download: MP4 Video Size: 219.8MB
Watch on YouTube
AbstractOver the years intrusion detection technology has improved to the point that it is highly useful to both the commercial and non-commercial sector. This technology is, however, by no means anything close to perfect. Even the best intrusion detection systems miss a fairly large proportion of attacks that occur; they also tend to yield unacceptably high false alarm rates. Correlating the output of multiple systems and devices is a promising solution for the limitations in today's intrusion detection systems. There have been numerous advances in intrusion detection event correlation, yet this technology lags behind intrusion detection technology. How events are correlated makes a big difference concerning the value of event correlation. This talk will cover the various approaches to event correlation as well as their advantages and disadvantages.
About the Speaker
Eugene Schultz, Ph.D., CISM, CISSP, is the Chief Technology Officer and Chief Information Security Officer at High Tower Software, a company that develops security event management software. He is the author/ co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 110 published papers. Gene is the Editor-in-Chief of _Computers and Security_ and is an associate editor of _Network Security_ and _Information Security Bulletin_. He is also a member of the editorial board for the SANS NewsBites, a weekly information security-related news update and is on the technical advisory board of three companies. He has been professor of computer science at various universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. Additionally, Gene has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.