Using the Sith mind-set to build and hone a Jedi SIEM

Using the Sith mind-set to build and hone a Jedi SIEM

Samantha Humphries, Senior Manager of Global Markets & Compliance at Rapid7 discusses SIEM myths, how to arm your Jedi (first responders), analytics and more. Discover the tools and techniques hackers use to defeat the expensive security safeguards used in many corporate environments today.

Low tech and high tech methods will be presented in an effort to help attendees understand the true level of risk faced by their organisations and where the gaps may be in their defence perimeter.

Sam used a Star Wars reference to catch your attention to help you see a variety of SIEMs, with great features including UEBA, automation, analytics, and threat intelligence. During her session, she discussed how Rapid7 use the attacker mind-set to put a stop to attacker activity.

SIEM myths

Samantha opened the session by highlighting the importance of and her passion for staying ahead of the attackers who would like to harm businesses and lives. She then moved on to highlight some common SIEM myths or Sith’s was it?

She advised that a lot of people think they are “expensive and take ages to implement, are noisy and annoying – with too many alerts, and the misconception that they need to interpret multiple languages, but this is not necessarily the case.”

Arm your Jedi

Sam identified that it’s important to arm your first responders and to make use of pen testers, she advised “this is to help you find the right tools to stop attackers.” She then went on to say that “we need to use the knowledge from the bad guys to help the good.”

Research from Rapid7’s under the hoodie research showed that 80% of pen testers were successful, and 61% of the survey showed that attackers completely evaded detection. Sam advised that 80% was actually quite low despite the number and that the knowledge and insight this shows is key to arming your ‘Jedi’.


Attacker behaviour analytics are key, according to Samantha, an example she gave was “some behaviours detected by analytics are on the grey, so keeping an eye out is crucial because these grey areas can all add up and form an attack. Monitoring what could be seen as normal behaviour is a crucial tool.”

Click here to read the full article and discover what Sam thinks about deception tech, and automation...

View more articles here