Don'T Tell Me What, Tell Me Who: Correlating User Identity And Application Data To Threats presented at SOURCE Boston 2008

by Sandy Bird,

Tags: Security Access Compliance

Summary : Insider threats, compliance violations, policy break-downs, and general malicious activity are detected all the time by your security devices. But how do you investigate an IP address and application usage … particularly in remote access environments?
Binding user identity and application identity to the threats detected in your environment enables you to answer the question: "Who is attacking my network and how?" " or "Who is out of compliance?"
Join Sandy Bird, CTO at Q1 Labs, Inc. to learn how correlating user identity sources with network application and security event data:
* Shortens time to problem resolution
* Provides greater accuracy in detecting the insider threat ¬? Improves user accountability ¬? Simplifies tracking down threats in remote access environments