Black Hat //Webcast 24
McGyver's SIEM - Building the Best Free HUD
// Wim Remes
When you start thinking about centralizing and interpreting security information, in fact building a SIEM environment, a plethora of appliances and software solutions swiftly rise from the horizon. Obviously, they can be helpful, but the initial cost of acquiring them even before thinking about the who, how and why is very high.
This talk will focus on open source software to build a SIEM environment that can adapt to your needs and that while it may not scale up to the full extent of your requirements; can support you in developing the skills and processes that should be the focus of the effort after all. We will focus on the bigger picture (architecture, methodology), as well as dig into some of the lesser known capabilities of FOSS security solutions (HIPS, visualization, ...).
Wim Remes is a manager in the IT Risk and Assurance practice at Ernst and Young in Belgium.
Wim is particularly focusing on incident response, intrusion detection & prevention, SIEM and security metrics. Passionate about security, Wim was a speaker at Excaliburcon 2009, FOSDEM 2010, SOURCE Barcelona 2010 and various local security events with presentations on open source security and SIEM implementation. Wim is the EU Director for the Information Security Mentors Project (http://www.infosecmentors.com) and a co-host of the Eurotrash Information Security Podcast: http://www.eurotrashsecurity.eu »