Intrusion Detection Event Correlation: Approaches, Benefits and Pitfalls
Eugene Schultz - High Tower Software
Mar 07, 2007Size: 219.8MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractOver the years intrusion detection technology has improved to the point that it is highly useful to both the commercial and non-commercial sector. This technology is, however, by no means anything close to perfect. Even the best intrusion detection systems miss a fairly large proportion of attacks that occur; they also tend to yield unacceptably high false alarm rates. Correlating the output of multiple systems and devices is a promising solution for the limitations in today's intrusion detection systems. There have been numerous advances in intrusion detection event correlation, yet this technology lags behind intrusion detection technology. How events are correlated makes a big difference concerning the value of event correlation. This talk will cover the various approaches to event correlation as well as their advantages and disadvantages.
About the SpeakerEugene Schultz, Ph.D., CISM, CISSP, is the Chief Technology Officer and Chief Information Security Officer at High Tower Software, a company that develops security event management software. He is the author/ co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 110 published papers. Gene is the Editor-in-Chief of _Computers and Security_ and is an associate editor of _Network Security_ and _Information Security Bulletin_. He is also a member of the editorial board for the SANS NewsBites, a weekly information security-related news update and is on the technical advisory board of three companies. He has been professor of computer science at various universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. Additionally, Gene has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.