SlideShare une entreprise Scribd logo

Building Elastic into security operations

Elasticsearch
Elasticsearch

Learn how Optiv took foundational ideas around optimization of data ingestion, automation, and search to build world-class managed cybersecurity services with Elastic.

Technologie
1  sur  11
Télécharger pour lire hors ligne
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. BUILDING ELASTIC INTO SECURITY OPERATIONS Todd Weber – CTO @ Optiv
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. Insert picture 2 Todd Weber Chief Technology Officer
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.3
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. Click to edit Master title style Consulting OEM Tiered Support Engagement Scope Program, Project Based, and Fusion Center Remote off-premise services to manage, monitor and use on or off premise technology Solutions delivered to users over a network, hosted in the cloud, with underlying technology obfuscated from end client. Focused on outcomes and ease of use. Typically a model driven through subscription, consumption, or outcome. Elastic Tech Any component of Elastic Ecosystem against any use case. Elastic Stack – Data Fabric and Managed Elastic for Security, ECE, Elastic Cloud Elastic Cloud – Data Fabric, Elastic Stack in Cloud XPACK All XPACK Features and All Subscription Levels Platinum Subscription Level Platinum Subscription Level Value Prop • SIEM / Security Analytics Replacement • SIEM / Security Analytics Augmentation • Data Lifecycle Management • Infrastructure Analytics • Business Analytics • Data Value Extraction • Application Development • Big Data Ecosystem (Exploratory, Expository Analysis) • SIEM / Security Analytics • SIEM / Security Analytics Augmentation • Business Analytics • Data Value Extraction • SIEM / Security Analytics • Business Analytics • Data Value Extraction Co-Source A value-driven consulting engagement aimed to improve development efficiency, security and quality of a client’s organization. Managed Service An innovative engagement model that maximizes outputs from outsourcing management of technology and outcomes. As-a-Service Solutions delivered to users over a network, hosted in the cloud. Focused on outcomes and ease of use. Typically a model driven through subscription, consumption, or outcome. ASSESS IMPLEMENT MANAGE CONSUME ASSESS IMPLEMENT MANAGE CONSUME ASSESS IMPLEMENT MANAGE CONSUME 4
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. WHAT WERE THE COMMON PROBLEMS WE ALL FACE? COST EFFECTIVENESS New operational frameworks can help lower cost by operating more efficiently and reduced platform maintenance costs. Don’t provide tiered predictive data storage costs. LACK OF FLEXIBILITY Data Management solutions need to easily be able to export raw data into new platforms or formats or adding new log sources. LACK OF EFFICIENCY & EFFICACY It is inherently inefficient to review alerts and gather data from several systems for every new alert DATA VISIBILITY Missing data, uncrated data, lack of visibility and observability, lack of democratization and driving value, data silos. LACK OF EXTENSIBILITY New sources or changes to existing sources is gated by vendor and support. PERFORMANCE Limited EPS into ingest and correlation engine inhibits performance. Search performance. 5
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. HOW THE INDUSTRY FEELS 6 Security Tools ExecutivesAnalysts
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. THE DATA FABRIC FRAMEWORK PROCESS 7 + Set a Foundation Organize into Outcomes and Integrate Assemble and Run = Approach
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. DATA FABRIC 8 SIEM Data Cloud Monitoring Network Endpoint Vulnerabilities Threat TPRM Business Data (ex. Click-stream) DATA SOURCES DATA LIFECYCLE MANAGEMENT SIEM/SEARCH/HUNT OandA NOTEBOOKS DATA SCIENCE ENGINE DATA ENGINEER SECURITY ANALYST DATA SCIENTIST CONTROL HUB Data sources are identified for both security and business use cases. Data pipelines pre-built many different connectors, others are quickly developed and reusable. Data collection agent(s) shipped with solution. Data aggregated in Data Flow Management (DFM) component. Pipelines are built and data management alerts to handle data drift, data SLA components, normalization, data enrichment, and conversion into appropriate data model for organization consumption into any relevant app. Control Hub provides a management plane for data engineers to create a low code or no code data lifecycle management workflow for organizational analysts to consume changes to upstream sources as organizations evolve their consumption needs for security and business. Search/Hunt provides a centralized data repository to enable low latency search and exploratory and expository data analysis. Alerts, Anomaly detection, Graph relationships, Monitoring, Logging, Geo-Location, APM, and the Optiv 200 security use cases included for SIEM aug or replace. SIEM/Hunt comes with powerful visualizations. Optiv provides out of the box visualizations to support many security use cases and the ability to extend how users consume data to solve for business needs of the CIO, CDO, and other executive leadership initiatives. SOAR is the orchestration engine that powers the DFSB solution. Create playbooks to take action on data either through security remediation or business specific logic. Case management and end to end visibility of the security program is provided through this capability. A DSE enables security analytics for the DFSB solution. Apply many out of the box machine learning algorithms to security use cases. Manage and test and refine business related streaming analytics. Capable of supporting large data volumes and extremely fast speeds. The analyst workbench combines the power of Machine Learning and analytics with shareable visualizations and workspaces to further refine extracting value of out security and business data. Friendly and easy to use for both developers and analysts. Whether you are a security analyst, business analyst, data scientist, data engineer, ops sme, or executive, the Optiv DFSB has the power to provide you the capability and answers needed to successfully solve for both security and business data value extraction…and action. EXTERNAL SECURITY TOOLS OR TECHNOLOGIES
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. Client On Premise Log Sources Optiv SOC and Intelligence Operations TeamsClient Cloud Log Sources Optiv SOC Detection and Response Team ThreatDNATM Data Lake Tuning Recommendations Reputation Management Optiv Client Portal / API Alternative Escalation and Notification Channels Reporting Incident Handling Escalation Threat Blocking and Containment Remediation Recommendations Proactive Threat Hunting SOC Dashboard Data Trending and Analysis Optiv ThreatDNATM Platform Cloud Suite Email IaaS/PaaS/SaaS CASB SIEM Network Endpoint Optiv ThreatBeatSM ThreatDNATM Edge ThreatDNATM Edge Event Triage and Investigation ThreatDNA™ REFERENCE ARCHITECTURE 9
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.10
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.Proprietary and CONFIDENTIAL. Do Not Distribute. © 2019 Optiv Security Inc. All Rights Reserved.11

Recommandé

Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
Elasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elasticsearch
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified Observability
Elasticsearch
 
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Elasticsearch
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
Elasticsearch
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic Security
Elasticsearch
 

Recommandé

Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
Elasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elasticsearch
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified Observability
Elasticsearch
 
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Elasticsearch
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
Elasticsearch
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic Security
Elasticsearch
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Elastic and Google: Observability for multicloud and hybrid environments
Elastic and Google: Observability for multicloud and hybrid environmentsElastic and Google: Observability for multicloud and hybrid environments
Elastic and Google: Observability for multicloud and hybrid environments
Elasticsearch
 
Elastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shopElastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
Elasticsearch
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic Stack
Elasticsearch
 
Construção de uma plataforma de observabilidade centralizada
Construção de uma plataforma de observabilidade centralizadaConstrução de uma plataforma de observabilidade centralizada
Construção de uma plataforma de observabilidade centralizada
Elasticsearch
 
Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?
Tripwire
 
What is the Future of SIEM?
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM?
Elasticsearch
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
Elasticsearch
 
Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision
Elasticsearch
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
Elasticsearch
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positives Automate threat detections and avoid false positives
Automate threat detections and avoid false positives
Elasticsearch
 
Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and visionKeynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision
Elasticsearch
 
Palestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic ObservabilityPalestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic Observability
Elasticsearch
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the CloudHerding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Tripwire
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19
marketingsyone
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Elasticsearch
 
Infrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insightInfrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insight
Elasticsearch
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elasticsearch
 
Keynote: Looping through data, insight, and action
Keynote: Looping through data, insight, and actionKeynote: Looping through data, insight, and action
Keynote: Looping through data, insight, and action
Elasticsearch
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!
DevOps.com
 
Estuate EDM Checklist
Estuate EDM ChecklistEstuate EDM Checklist
Estuate EDM Checklist
Estuate, Inc.
 

Contenu connexe

Tendances

Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Elasticsearch
 

Tendances (20)

Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Elastic and Google: Observability for multicloud and hybrid environments
Elastic and Google: Observability for multicloud and hybrid environmentsElastic and Google: Observability for multicloud and hybrid environments
Elastic and Google: Observability for multicloud and hybrid environments
 
Elastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shopElastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic Stack
 
Construção de uma plataforma de observabilidade centralizada
Construção de uma plataforma de observabilidade centralizadaConstrução de uma plataforma de observabilidade centralizada
Construção de uma plataforma de observabilidade centralizada
 
Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?
 
What is the Future of SIEM?
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM?
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
 
Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positives Automate threat detections and avoid false positives
Automate threat detections and avoid false positives
 
Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and visionKeynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision
 
Palestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic ObservabilityPalestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic Observability
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the CloudHerding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
 
Infrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insightInfrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insight
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
 
Keynote: Looping through data, insight, and action
Keynote: Looping through data, insight, and actionKeynote: Looping through data, insight, and action
Keynote: Looping through data, insight, and action
 

Similaire à Building Elastic into security operations

Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!
DevOps.com
 
Protection Storage Architecture Infographic
Protection Storage Architecture Infographic Protection Storage Architecture Infographic
Protection Storage Architecture Infographic
Eric Doan
 
Capgemini Leap Data Transformation Framework with Cloudera
Capgemini Leap Data Transformation Framework with ClouderaCapgemini Leap Data Transformation Framework with Cloudera
Capgemini Leap Data Transformation Framework with Cloudera
Capgemini
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
Andrew White
 
Micro Focus Corporate Overview
Micro Focus Corporate OverviewMicro Focus Corporate Overview
Micro Focus Corporate Overview
Micro Focus
 
Value Stories - 7th Issue
Value Stories - 7th Issue Value Stories - 7th Issue
Value Stories - 7th Issue
Redington Value Distribution
 
Hu Yoshida's Point of View: Competing In An Always On World
Hu Yoshida's Point of View: Competing In An Always On WorldHu Yoshida's Point of View: Competing In An Always On World
Hu Yoshida's Point of View: Competing In An Always On World
Hitachi Vantara
 
All Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of EverythingAll Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of Everything
Inside Analysis
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access Management
Julie Beuselinck
 

Similaire à Building Elastic into security operations (20)

Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!
 
Estuate EDM Checklist
Estuate EDM ChecklistEstuate EDM Checklist
Estuate EDM Checklist
 
Protection Storage Architecture Infographic
Protection Storage Architecture Infographic Protection Storage Architecture Infographic
Protection Storage Architecture Infographic
 
Capgemini Leap Data Transformation Framework with Cloudera
Capgemini Leap Data Transformation Framework with ClouderaCapgemini Leap Data Transformation Framework with Cloudera
Capgemini Leap Data Transformation Framework with Cloudera
 
Leveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessLeveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your Business
 
Logical Data Fabric: An Introduction
Logical Data Fabric: An IntroductionLogical Data Fabric: An Introduction
Logical Data Fabric: An Introduction
 
Access Control time attendence, Biometrics UAE
Access Control time attendence, Biometrics UAEAccess Control time attendence, Biometrics UAE
Access Control time attendence, Biometrics UAE
 
Analyst Keynote: Forrester: Data Fabric Strategy is Vital for Business Innova...
Analyst Keynote: Forrester: Data Fabric Strategy is Vital for Business Innova...Analyst Keynote: Forrester: Data Fabric Strategy is Vital for Business Innova...
Analyst Keynote: Forrester: Data Fabric Strategy is Vital for Business Innova...
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 
Micro Focus Corporate Overview
Micro Focus Corporate OverviewMicro Focus Corporate Overview
Micro Focus Corporate Overview
 
CloudDiscovery - Machine Analytics
CloudDiscovery - Machine AnalyticsCloudDiscovery - Machine Analytics
CloudDiscovery - Machine Analytics
 
Value Stories - 7th Issue
Value Stories - 7th Issue Value Stories - 7th Issue
Value Stories - 7th Issue
 
The 5 Biggest Data Myths in Telco: Exposed
The 5 Biggest Data Myths in Telco: ExposedThe 5 Biggest Data Myths in Telco: Exposed
The 5 Biggest Data Myths in Telco: Exposed
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
 
Hu Yoshida's Point of View: Competing In An Always On World
Hu Yoshida's Point of View: Competing In An Always On WorldHu Yoshida's Point of View: Competing In An Always On World
Hu Yoshida's Point of View: Competing In An Always On World
 
Svarbiausios ESET technologijos
Svarbiausios ESET technologijosSvarbiausios ESET technologijos
Svarbiausios ESET technologijos
 
All Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of EverythingAll Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of Everything
 
CIN-2650 - Cloud adoption! Enforcer to transform your organization around peo...
CIN-2650 - Cloud adoption! Enforcer to transform your organization around peo...CIN-2650 - Cloud adoption! Enforcer to transform your organization around peo...
CIN-2650 - Cloud adoption! Enforcer to transform your organization around peo...
 
Business Intelligenze Corporate
Business Intelligenze CorporateBusiness Intelligenze Corporate
Business Intelligenze Corporate
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access Management
 

Plus de Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
Elasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 

Plus de Elasticsearch (20)

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios web
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of find
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiences
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified search
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisiones
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insights
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public good
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and Elastic
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releases
 

Dernier

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Dernier (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Building Elastic into security operations

  • 1. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. BUILDING ELASTIC INTO SECURITY OPERATIONS Todd Weber – CTO @ Optiv
  • 2. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. Insert picture 2 Todd Weber Chief Technology Officer
  • 3. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.3
  • 4. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. Click to edit Master title style Consulting OEM Tiered Support Engagement Scope Program, Project Based, and Fusion Center Remote off-premise services to manage, monitor and use on or off premise technology Solutions delivered to users over a network, hosted in the cloud, with underlying technology obfuscated from end client. Focused on outcomes and ease of use. Typically a model driven through subscription, consumption, or outcome. Elastic Tech Any component of Elastic Ecosystem against any use case. Elastic Stack – Data Fabric and Managed Elastic for Security, ECE, Elastic Cloud Elastic Cloud – Data Fabric, Elastic Stack in Cloud XPACK All XPACK Features and All Subscription Levels Platinum Subscription Level Platinum Subscription Level Value Prop • SIEM / Security Analytics Replacement • SIEM / Security Analytics Augmentation • Data Lifecycle Management • Infrastructure Analytics • Business Analytics • Data Value Extraction • Application Development • Big Data Ecosystem (Exploratory, Expository Analysis) • SIEM / Security Analytics • SIEM / Security Analytics Augmentation • Business Analytics • Data Value Extraction • SIEM / Security Analytics • Business Analytics • Data Value Extraction Co-Source A value-driven consulting engagement aimed to improve development efficiency, security and quality of a client’s organization. Managed Service An innovative engagement model that maximizes outputs from outsourcing management of technology and outcomes. As-a-Service Solutions delivered to users over a network, hosted in the cloud. Focused on outcomes and ease of use. Typically a model driven through subscription, consumption, or outcome. ASSESS IMPLEMENT MANAGE CONSUME ASSESS IMPLEMENT MANAGE CONSUME ASSESS IMPLEMENT MANAGE CONSUME 4
  • 5. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. WHAT WERE THE COMMON PROBLEMS WE ALL FACE? COST EFFECTIVENESS New operational frameworks can help lower cost by operating more efficiently and reduced platform maintenance costs. Don’t provide tiered predictive data storage costs. LACK OF FLEXIBILITY Data Management solutions need to easily be able to export raw data into new platforms or formats or adding new log sources. LACK OF EFFICIENCY & EFFICACY It is inherently inefficient to review alerts and gather data from several systems for every new alert DATA VISIBILITY Missing data, uncrated data, lack of visibility and observability, lack of democratization and driving value, data silos. LACK OF EXTENSIBILITY New sources or changes to existing sources is gated by vendor and support. PERFORMANCE Limited EPS into ingest and correlation engine inhibits performance. Search performance. 5
  • 6. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. HOW THE INDUSTRY FEELS 6 Security Tools ExecutivesAnalysts
  • 7. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. THE DATA FABRIC FRAMEWORK PROCESS 7 + Set a Foundation Organize into Outcomes and Integrate Assemble and Run = Approach
  • 8. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. DATA FABRIC 8 SIEM Data Cloud Monitoring Network Endpoint Vulnerabilities Threat TPRM Business Data (ex. Click-stream) DATA SOURCES DATA LIFECYCLE MANAGEMENT SIEM/SEARCH/HUNT OandA NOTEBOOKS DATA SCIENCE ENGINE DATA ENGINEER SECURITY ANALYST DATA SCIENTIST CONTROL HUB Data sources are identified for both security and business use cases. Data pipelines pre-built many different connectors, others are quickly developed and reusable. Data collection agent(s) shipped with solution. Data aggregated in Data Flow Management (DFM) component. Pipelines are built and data management alerts to handle data drift, data SLA components, normalization, data enrichment, and conversion into appropriate data model for organization consumption into any relevant app. Control Hub provides a management plane for data engineers to create a low code or no code data lifecycle management workflow for organizational analysts to consume changes to upstream sources as organizations evolve their consumption needs for security and business. Search/Hunt provides a centralized data repository to enable low latency search and exploratory and expository data analysis. Alerts, Anomaly detection, Graph relationships, Monitoring, Logging, Geo-Location, APM, and the Optiv 200 security use cases included for SIEM aug or replace. SIEM/Hunt comes with powerful visualizations. Optiv provides out of the box visualizations to support many security use cases and the ability to extend how users consume data to solve for business needs of the CIO, CDO, and other executive leadership initiatives. SOAR is the orchestration engine that powers the DFSB solution. Create playbooks to take action on data either through security remediation or business specific logic. Case management and end to end visibility of the security program is provided through this capability. A DSE enables security analytics for the DFSB solution. Apply many out of the box machine learning algorithms to security use cases. Manage and test and refine business related streaming analytics. Capable of supporting large data volumes and extremely fast speeds. The analyst workbench combines the power of Machine Learning and analytics with shareable visualizations and workspaces to further refine extracting value of out security and business data. Friendly and easy to use for both developers and analysts. Whether you are a security analyst, business analyst, data scientist, data engineer, ops sme, or executive, the Optiv DFSB has the power to provide you the capability and answers needed to successfully solve for both security and business data value extraction…and action. EXTERNAL SECURITY TOOLS OR TECHNOLOGIES
  • 9. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved. Client On Premise Log Sources Optiv SOC and Intelligence Operations TeamsClient Cloud Log Sources Optiv SOC Detection and Response Team ThreatDNATM Data Lake Tuning Recommendations Reputation Management Optiv Client Portal / API Alternative Escalation and Notification Channels Reporting Incident Handling Escalation Threat Blocking and Containment Remediation Recommendations Proactive Threat Hunting SOC Dashboard Data Trending and Analysis Optiv ThreatDNATM Platform Cloud Suite Email IaaS/PaaS/SaaS CASB SIEM Network Endpoint Optiv ThreatBeatSM ThreatDNATM Edge ThreatDNATM Edge Event Triage and Investigation ThreatDNA™ REFERENCE ARCHITECTURE 9
  • 10. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.10
  • 11. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.Proprietary and CONFIDENTIAL. Do Not Distribute. © 2019 Optiv Security Inc. All Rights Reserved.11