Security Information and Event Management (SIEM) technology is a critical component of any corporate security strategy. SIEM systems store security data from all nodes in the network, providing a central repository for security data analytics that accelerate investigations. But SIEM systems are costly, and often times difficult to configure and manage. An alternative is using the popular ELK stack as a SIEM. ELK can aggregate events, alert on the events, perform powerful statistical analysis, correlate events, and create visualizations of the events, not to mention its open source!
Chris Bloom, Technology Evangelist at Savvius, will demonstrate the benefits of using ELK as a SIEM, and how the ELK stack on a packet capture appliance provides a powerful view of security events and the network data surrounding them.