Company

Got Correlation? Not without Normalization

In the realm of intrusion detection there are many sources of information that can lead to an explanation for, or the confirmation of an exploit targeted at a network system. When investigating an incident an analyst is dealing with a heterogeneous environment, where each device has a different logging format and reporting mechanism. There will also be logs from remote sites where security policies and procedures may be different, with different types of network devices, security devices, operating systems and application logs in place. Hence, there is an urgent requirement for normalization and correlation.

After registration, we will send you a confirmation email with a copy of this white paper.


Contact Information

* These fields are required.

* First Name:
* Last Name:
* Title:
* Company:
* Corporate/
Government Email:
* Phone:
* Are you working on
an active project?
* Company Revenue
 

Your information will remain private and will not be shared per the ArcSight privacy policy.