Security Information & Event Management (SIEM) , Security Operations
Beyond Correlation Rules: How to Build a Better SIEMProfiling User Behavior Is Key, Says Exabeam's Derek Lin
Organizations have been using security information management - and later, security information and event management - for a long time. But these SIMs and SIEMS can, and must, be improved by bringing automation, orchestration and machine learning techniques and tactics to bear, says Derek Lin of Exabeam.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
In a video interview at the recent Infosecurity Europe conference in London, Lin discusses:
- Looking beyond correlation rules and signatures to build a better SIEM;
- Developing more context around user behavior;
- Managing false positives.
Lin is is the chief data scientist at Exabeam, helping to use data science capacity to improve SIEMs. Previously, he was the head of security data science at Pivotal Software and worked at RSA Security architecting online banking fraud detection.