Anomaly detection challenges in SIEM: Ask the experts

Rory Bray and David Druker answer your questions.

IBM SIEM experts David Druker and Rory Bray discuss the SIEM Anomaly detection challenges you face in this video roundtable discussion.

Rory Bray (Rory.Bray@ca.ibm.com), Security Intelligence Architect, IBM

Photo of Roy BrayRory Bray is a security architect for the security intelligence team in IBM's Security Systems division. His current role is leading the development and enhancement of security content within the QRadar products. Previously, he led the design and development of network topology modelling in QRadar Risk Manager and has over 8 years experience with QRadar. He has edited several technical books on Linux and programming and co-authored the OSSEC Host-Based Intrusion Detection Guide.



David Druker (dgdruker@us.ibm.com), Security Solution Architect, IBM

Photo of David DrukerDavid Druker, Ph.D., is a security solution architect at IBM. His current role is Identity and Access Management and SIEM leader on the North America Security Integration team. In this position, he designs and builds security integrations among multiple IBM products, including IBM QRadar SIEM. As a speaker, he frequently presents security architecture to customer and IBM audiences. Previously at IBM, he was a security technical specialist assigned to Fortune 100 financial and telecommunications accounts. He has deep skills with all types of IBM security software, programming languages, systems administration, as well as computer hardware and electronic systems. He has co-authored several IBM Redbooks on security.



01 October 2013

What are your anomaly detection challenges?

IBM SIEM experts David Druker and Rory Bray discuss the topics you raised in this video roundtable hosted by the developerWorks security zone. In the video, David and Rory discuss rogue device detection, managing assets and how to find "wandering devices," establish baseline traffic thresholds, and detecting spoofing activity.

See the Resources section at the bottom of this page for links to sites mentioned in the video.

Resources

Learn

Discuss

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Security on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Security
ArticleID=941142
ArticleTitle=Anomaly detection challenges in SIEM: Ask the experts
publish-date=10012013