From Data to Wisdom: Transforming Security Events into Actionable Incidents

Learn how our Security Operations team is dealing with the challenges of processing security data into actionable intelligence. In this presentation, we will discuss our model and demonstrate tools we are developing to facilitate each step in the process, including the collection of raw event data from a variety of detection sources; the consolidation/correlation of event data into alerts for human analysis; the analysis of alerts to identify actionable Incidents; the enrichment of incidents with additional data for classification and workflow management; and reporting for trend analysis, resource prioritization, and process improvements. Following the demo we will invite questions, idea sharing, and potential opportunities for collaboration.

OUTCOMES: Understand and appreciate security data analysis challenges * Learn how these challenges have been addressed at UC Berkeley * Share ideas for improvements to tools and processes and identify opportunities for future collaboration