Navigate a shifting SIEM market: Challenges, lessons and strategic insights The SIEM market is evolving, and legacy systems struggle to keep up with today’s complex security challenges. Many mid-to-large enterprises, particularly those with revenues up to $5B, find outdated SIEMs hinder their agility and responsiveness. Vendor consolidation and shifting market dynamics add to the difficulty of selecting the right solution.

In today’s rapidly evolving threat landscape, the ability to detect and neutralize threats before they inflict damage is critical. This session will showcase how combining multiple log collection strategies can supercharge your threat detection capabilities. By merging traditional DNS logs from your domain controllers with DNS alerts from Cisco Umbrella, you'll gain unprecedented insight into compromised systems at the earliest stages of an attack.

Are you ready to streamline your path to cloud compliance while ensuring top-tier security and efficiency? Join us for an exclusive live demonstration of XccelerATOr and Command Center, the cutting-edge solutions that are transforming how organizations achieve and maintain FedRAMP, DoD, and other stringent compliance standards.

What does it take to create a truly modern Security Operations Center (SOC)? In this session, we’ll dive into the essential components and architecture that define a cutting-edge SOC, exploring the challenges that organizations face during the modernization process. Through real-world examples, we’ll showcase how forward-thinking clients are successfully navigating these challenges and transforming their SOCs into modern security powerhouses.

Aspire Bakeries' Graylog journey began in mid-2017 when we realized the current method of log review/collection on each device wasn’t working for us in Operations and we needed better way of working. Over the years we have grown our Graylog implementation from a single Graylog Open 2.0 VM for Operations Teams to a multi-node cluster handling 100MM+ messages per day and the center of our SOC.

While a 200 OK status often signals success, its appearance can be deceiving, especially when it cloaks significant threats within API interactions. This session expands on the critical role of APIs as part of the broader attack surface essential for robust Threat Detection, Identification, and Response (TDIR) programs. We’ll explore intricate case studies where seemingly successful responses harbored risks that bypass traditional monitoring. Learn how to enhance your SIEM capabilities by effectively detecting anomalies in API traffic, ensuring that every layer of interaction is scrutinized—not just the surface.

Think you've implemented every security measure possible? Think again. While you may have addressed many common attack vectors from both threat actors and Red Team engagements, there's always more to uncover. This session is designed to push your defenses to the next level by diving deep into the often-overlooked tactics that can significantly enhance your security posture.

Kubernetes has revolutionized cloud applications, enabling them to function as microservices distributed across global clusters, significantly enhancing fault tolerance, high availability, and cost efficiency. However, with this great power comes the critical responsibility of maintaining security and observability. Despite its many strengths, Kubernetes lacks a built-in centralized log store, relying instead on third-party plugins for this essential functionality.

In February 2024, I discovered a whisper campaign targeting folks in critical infrastructure with a pirate streaming box. While Illicit streaming devices are not new, this one is particularly ""chatty"". When I discovered it was communicating to qqcom, I knew I needed to start ingesting logs and needed a SIEM. I was able to quickly deploy Graylog and collect and correlate logs to understand behavior of the device.