Visibility | Don’t Wait for the Breach: Perfecting Your Splunk Alerts
Discover this conference that took place during the virtual event Cybersecurity 20/20 on November 24 and 25, 2020.
With a Splunk deployment collecting up to 1M alerts a day from various security tools, which range from the trivial to the disastrous. And it’s not just individual alerts that matter, it’s the ability to combine multiple alerts from multiple security tools in a particular sequence and within a particular time frame and recognize that pattern as a security event which then generates the relevant alert on Splunk. SecOps teams spend a lot of time trying to write rules for Splunk alerts which fire off when these conditions happen – but they’re nearly impossible to test. In fact, most security teams only see what security events really look like in the rear-view mirror. With Threat Simulator, they can evaluate not only the effectiveness of their WAFs, firewalls, IDSs and more, but their ability to correctly classify and respond to security events on their network.
- ANDREW YOUNG, Security Solutions Architect - KEYSIGHT TECHNOLOGIES