Security Information & Event Management (SIEM) , Security Operations

Beyond Correlation Rules: How to Build a Better SIEM

Profiling User Behavior Is Key, Says Exabeam's Derek Lin
Derek Lin, chief data scientist, Exabeam

Organizations have been using security information management - and later, security information and event management - for a long time. But these SIMs and SIEMS can, and must, be improved by bringing automation, orchestration and machine learning techniques and tactics to bear, says Derek Lin of Exabeam.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

In a video interview at the recent Infosecurity Europe conference in London, Lin discusses:

  • Looking beyond correlation rules and signatures to build a better SIEM;
  • Developing more context around user behavior;
  • Managing false positives.

Lin is is the chief data scientist at Exabeam, helping to use data science capacity to improve SIEMs. Previously, he was the head of security data science at Pivotal Software and worked at RSA Security architecting online banking fraud detection.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.