Security monitoring is tough. With too many false positives, more anomalies than you can investigate, and a swelling manual workload, security teams are at capacity.
Just take an alert that includes an internal IP address as an example. Which computer does that IP belong too? Is it in a static range? Reverse DNS will give you the host name. Now, let’s look it up in AD and System Center to find out what kind of server it is. Oh, It’s not a Windows computer. OK, should have noticed that before – the naming convention indicates it’s a Linux system. Or a printer. Or something else. Time goes by. Now we know what the internal device on this alert is. Let’s move on to the public IP. Swivel to your threat intel feeds. Nothing there. Well, let’s check DomainTools.com, then VirusTotal.
Sound familiar?
In this webinar we are going to look at the issue of alert fatigue and how to address it using Security Automation and Orchestration (SAO). Your skills and mental energy as a cyber security professional are too valuable to squander on manual work and too finite to look at every alert your monitoring technologies issue.
SAO is the only way to prevent alert fatigue from allowing threats to fall between the cracks. With my two guests we will cover the full spectrum of this topic, from addressing the organizational need for SAO, to the benefits and how analysts are using it to ease daily pains.
- Chris Petersen, CTO and co-founder of LogRhythm, will provide an executive perspective on SAO, including an overview of speaking points to discuss with management teams
- Caitlin NoePayne, senior technical product manager, will provide an in the trenches perspective on the benefits of SAO from a day-to-day perspective
Here’s just a few of the things we’ll discuss:
- Specific, technical use cases highlighting SAO capabilities, such as automating phishing email investigation
- How shared case management (key aspect of SAO) leads to more interesting and deeper incident response activities
- How to communicate the need for SAO to upper management
- How SAO helps you retain your SOC analysts
- Insights gleaned from conversations with different companies on alert fatigue at both the executive and SOC team level
We’re seeing growth in the use and capabilities of SAO, and in turn analysts are freed to facilitate deeper, more impactful collaboration with other subject matter experts. This is a good thing, and certainly worth your organization’s time and attention.
LogRhythm is the sponsor for this real training for free event, with Chris Petersen and Caitlin NoePayne joining to share LogRhythm’s vision and approach for relieving alert fatigue.