Aun las amenazas básicas pueden ser múltiples y complejas, y la visibilidad limitada de tus datos de seguridad simplemente no es suficiente. Ya sea que realices investigaciones o busques amenazas, necesitas todo el contexto relevante para la seguridad. Aprende las prácticas clave en la recopilación y normalización de datos y ve cómo puedes usar Elastic Security para clasificar, verificar y abordar problemas de forma rápida y precisa.
4. 5 1B 5
Data Domains
Practitioners analyze
endpoint, cloud,
network, application,
user, and more!
Events Per Day
Most organizations
average 1 billion
events per day
SOC Analysts
Security Operation
Centers vary in size,
but most have less
than 5 analysts
THE DATA DILEMMA
5. Solve the dilemma by answering 4 key questions
What data do I need to collect?
1
Now that I have it, how do I manage the data?
3
How do I make it actionable?
4
How do I get that data?
2
6. What data do I need
to collect?
• MITRE ATT&CK™ provides the
data sources required to detect
250 adversary techniques
• There are 50 unique data
sources
• Examples include, “Process
Monitoring”, “DNS Records”,
“Authentication Logs”, and more!
7. What data do I need
to collect?
• MITRE ATT&CK™ provides the
data sources required to detect
250 adversary techniques
• Examples include, “Process
Monitoring”, “DNS Records”,
“Authentication Logs”, and more!
• There are 50 unique data
sources
8. Solve the dilemma by answering 4 key questions
What data do I need to collect?
1
Now that I have it, how do I manage the data?
3
How do I make it actionable?
4
How do I get that data?
2
9. Elastic Agent
• Centrally manage all data
collection and endpoint
protection
• Single click integration of data
sources
• Customizable configurations
for complete control and
configurability.
10. Solve the dilemma by answering 4 key questions
What data do I need to collect?
1
Now that I have it, how do I manage the data?
3
How do I make it actionable?
4
How do I get that data?
2
11. Elastic Security
• A single application for data
analysis across all data domains
and sources
• Configurable data lifecycle
management
• Elastic Common Schema
• No penalties for adding data
sources, endpoints or ingesting
data
• Flexible Storage Tiers
12. Elastic Common Schema (ECS)
How data is normalized inside Elastic
Defines a common set of fields and
objects to ingest data into
Elasticsearch
Enables cross-source analysis of
diverse data
Designed to be extensible
ECS is adopted throughout the
Elastic Stack
Contributions & feedback welcome
at https://github.com/elastic/ecs
Searching without ECS
src:10.42.42.42
OR client_ip:10.42.42.42
OR apache2.access.remote_ip:
10.42.42.42
OR context.user.ip:10.42.42.42
OR src_ip:10.42.42.42
Searching with ECS
source.ip:10.42.42.42
13. Solve the dilemma by answering 4 key questions
What data do I need to collect?
1
Now that I have it, how do I manage the data?
3
How do I make it actionable?
4
How do I get that data?
2
14. Threat Hunting
• Proactively Search for
embedded attacks
• Save Analysis in integrated case
management
• Customizable timeline
templates to empower even the
most junior analysts.
15. Automated
Detection
• Speed and scale of
Elasticsearch to detect known
and unknown threats
• Easily automate threat
detection using queries
KQL/DSL, machine learning,
thresholds, and more!
• 200 free protections;
built in the open
16. Threat Prevention
• Kernel Level data collection
enables deep visibility
• Protect your Windows, macOS,
and Linux hosts.
• Prevent malware
18. Data Dilemma Solved by Elastic Security
Common framework for data collection
1
Configurable data management with an open standard for
analysis
3
Actionable Data - Threat Hunting, Automated Detection, Threat
Prevention
4
Single agent for data collection and endpoint protection
2
19. 19
Closing slide
This presentation includes forward-looking
statements that are subject to risks and
uncertainties. Actual results may differ materially
as a result of various risk factors included in the
reports on the Forms 10-K, 10-Q, and 8-K, and in
other filings we make with the SEC from time to
time. Elastic undertakes no obligation to update
any of these forward-looking statements.
20. Try free on Cloud:
ela.st/security-trial
Take a quick spin:
demo.elastic.co
Connect on Slack:
ela.st/slack
Join the Elastic Security community