SIEM Modernization: Build a Situationally Aware Organization with Apache Kafka® - Online Discussion

November 13, 2019

10:00am PST / 11:00am MST / 1:00pm EST

No matter how many cybersecurity tools you implement, and no matter how much money you throw at the problem, there is simply no such thing as cybersecurity that is 100 percent invulnerable to attack.

You can reduce your attack surface to make it more challenging, and you can raise the cost of compromising your network to make it less appealing, but in the end a dedicated attacker—or even a random exploit or phishing attack—may still succeed. The difference between an inconvenience and a crippling cyber attack is how quickly you can detect and respond to the threat.

Deploying a signal processing platform, such as Confluent Platform, allows organizations to evaluate data as soon as it becomes available enabling them to assess and mitigate risk before it arises. In Cyber or Threat Intelligence, events can be considered signals, and when analysts are hunting for threat actors, these don't appear as a single needle in a haystack, but as a series of needles. In this paradigm, streams of signals aggregate into signatures. This session shows how various sub-systems in Apache Kafka can be used to aggregate, integrate and attribute these signals into signatures of interest.

Register now to learn:

• The current threat landscape
• The difference between Security and Threat Intelligence
• The value of Confluent Platform as an ideal complement to hardware endpoint detection systems and batch-based SIEM warehouses