SlideShare uma empresa Scribd logo

Security Events Logging at Bell with the Elastic Stack

Elasticsearch
Elasticsearch

One of Canada’s largest telecommunications company is using Elastic to drive improved security analysis in their SOC. With a need to ingest all security logs, build threat detection models, and normalize many new types of logs, the Bell security team turned to Elastic. Learn how they’ve streamlined alerts, deepened log analysis, and addressed challenges unique to being an ISP.

Tecnologia
1 de 48
1 Sylvain Proulx Mathew Vandystadt October, Date, 2018 Security Events Logging at 

2 Sylvain Proulx 18 years in security Senior Security Manager Who are we Mathew V. 5 years in security Security Specialist Software Engineer
3 Our Mission • Ingest all security logs • Enrich, normalize, analyze, and contextualize • Automation • Build threat model detection • Visualize security data
4 What’s going on Our current challenges
5 Volume of logs keeps increasing Challenges Normalization of many new types of logs No one stop solution for our needs STOP
6 More data means more alerts Challenges Limited amount of analysts Limited detection mechanism
7 Challenges Share logs between different branches Own our security data Secure the data
8 An in-depth look at our solution Building our Pipelines
9 Building One Piece at a Time Logging 1 2 3 4 Data engineering Log storage and long term retention Visualization and alerting End to end solution
10 Where Our Data Comes From • Bare metal servers • Virtual machines • Containers 1 2 3 4
11 Requirements For Our Log Shippers • Simple way to ship logs • Something that can buffer logs in case of outage • Something that’s lightweight, but gives us the possibility to perform light filtering at the source • Something uniform throughout our fleet • Automated deployment capability 1 2 3 4
12 Filebeats and Winlogbeats • Generic beats configuration per service logged • Simple installation and configuration • Minimal impact on systems • No loss of data in case of network outage 1 2 3 4
13 Adding Beats to Our Architecture Diagram 1 2 3 4
14 Being an ISP • Large quantity and variety of network devices • Unique ISP applications • Logs also come from security devices • Network devices can be very chatty 1 2 3 4 Different data sources to consider that other businesses don’t
15 What If Beats Can’t Handle Special Cases? • Most of the devices send logs only via syslog • Losing data is not an option • Need to receive data from geographically diverse locations 1 2 3 4
16 Rsyslog • Adding Rsyslog servers close to data sources • Acts as buffer • Basic parsing and serialization in JSON of logs with Rsyslog • Send logs to our security data center in TCP and minimize the risk of data loss 1 2 3 4
17 Adding Rsyslog to Our Architecture Diagram 1 2 3 4
18 Building One Piece at a Time Logging 1 2 3 4 Data engineering Log storage and long term retention Visualization and alerting End to end solution
19 Incoming Logs • All logs are serialized in JSON • The ability to sustain large spikes of traffic without over provisioning • Buffer data allowing for higher availability • Data accessible to multiple consumers 1 2 3 4 Our past experiences and requirements
20 Kafka as Our Message Queue • Kafka allows us to handle spikes of logs • Provide data buffering for potential downstream issue • Provide controls to share data securely across other teams using open formats • Kafka supports JSON out of the box • Rsyslog and Beats can write to Kafka 1 2 3 4 Our past experiences and requirements
21 Adding Kafka to Our Architecture Diagram 1 2 3 4
22 Parsing and Normalizing • Use resources efficiently by taking advantage of auto-scaling • Every unique technology requires it’s own set of configuration for parsing and normalization • Needs integration of CI/CD for ease of test and deployment 1 2 3 4 Our past experiences and requirements
23 Logstash on Openshift • We decided to run all our logstash instances on openshift • Containers consumes less resources than multiple virtual machines • We get auto scaling through openshift • We can scale quickly by adding more nodes if needed to our openshift cluster. 1 2 3 4 Logstash containers
24 Adding Openshift and Logstash to Our Architecture Diagram 1 2 3 4
25 Logstash on Openshift • Centralize configurations in Gitlab • Gitlab allows us to create CI pipelines quickly • Run Logstash configurations through rspec for testing • Review and deploy to production on merge requests • Openshift provides the ability to build CD pipelines 1 2 3 4 Logstash CI/CD
26 Adding CI/CD to Our Architecture Diagram 1 2 3 4
27 Building One Piece at a Time Logging 1 2 3 4 Data engineering Log storage and long term retention Visualization and alerting End to end solution
28 Log Storage • Most the searching is going to be done the same day • Documents need to be easily searchable for the previous 90 days • Horizontal scalability • Highly available and redundant data 1 2 3 4 Our past experiences and requirements
29 Log Storage • No real surprise, we store our logs in elasticsearch • Implementing the Hot-Warm architecture provides the best solution to meet our requirements • Our process allows for automated deployment of new nodes • Elasticsearch provides the required HA and redundancy 1 2 3 4 Elasticsearch
30 Adding Elasticsearch to Our Architecture Diagram 1 2 3 4
31 Long-Term Data Retention • For forensic and legal issues, data needs to be stored for a minimum of 12 months • Needs to be stored outside of the elasticsearch cluster • Fast retrieval of data in the existing elastic cluster • Minimize cost for long-term storage solution 1 2 3 4 Our past experiences and requirements
32 Long-Term Data Retention • Openstack Swift allows us to store our index snapshots in object storage • Reusability of S3 snapshot plugin from elasticsearch • Acceptable retrieval times • Use of curator to automate snapshots 1 2 3 4 S3 object storage
33 Adding S3 Storage to Our Architecture Diagram 1 2 3 4
34 Securing Data • Control over who has access to the data • Ease of RBAC management • Add layer of encryption over data transportation • Use of existing and tested solutions 1 2 3 4 Our past experiences and requirements
35 Adding X-Pack to Our Architecture Diagram 1 2 3 4
36 Building One Piece at a Time End to end solution Logging 1 3 42 Data engineering Log storage and long term retention Visualization and alerting
37 Handling and Visualization Our Data • Easy front-end to query logs • Reusable query • Ability to meaningfully visualize data • Front-end that’s used by a wide range of security specialists ‒ Analysts ‒ Threat hunters ‒ Data scientists Our past experiences and requirements 1 2 3 4
38 Adding Kibana to Our Architecture Diagram 1 2 3 4
39 Alerting on Security Events • Need to filter on meaningful security events • Ease of building and deploying detection rules • Automate deployment • Easily track life cycle of rules Our past experiences and requirements 1 2 3 4
40 Alerting on Security Events • Simple way of writing queries • Use of YAML text files solves maintainability issues with version control tools • Auto deployment through CI/CD tools tied to version control Elastalert 1 2 3 4
41 Adding ElastAlert to Our Architecture Diagram 1 2 3 4
42 Smart Detection • Data must be easily accessible • Develop custom machine learning models • Automated deployment of machine learning models • Flexibility in using different algorithms Our past experiences and requirements 1 2 3 4
43 1 2 3 4 Smart Detection In-house machine learning • Models developed with open source, ML centric libraries • Deployment pipeline from data scientists to production
44 Adding Machine Learning to Our Architecture Diagram 1 2 3 4
45 Security Event Correlation • Ability to correlate security events • Ability to write complex rules • Simple front end to help our analysts • Central point for alerting Our past experiences and requirements 1 2 3 4
46 Security Event Correlation • Provides one of the best correlation engines for security events • Allows for aggregation, correlation, trending, and more • ESM provides a GUI and it’s a well known product throughout Bell security teams • Can receive and send data to multiple sources Arcsight 1 2 3 4
47 Adding Arcsight to Our Architecture Diagram 1 2 3 4
48 Today’s Situation With Elastic • Elastic allows for horizontal scaling to support constant increase of log volume • Elastic allows for simple integration with open security protocols • Elastic’s X-Pack solution provides a built-in secure data environment • New architecture using elastic allows us to build more detection mechanism using different techniques Where we at STOP 1 2 3 4

Recomendados

Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackSiscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackElasticsearch
 
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...Elasticsearch
 
Log Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNLLog Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNLElasticsearch
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPNElasticsearch
 
How KeyBank Used Elastic to Build an Enterprise Monitoring Solution
How KeyBank Used Elastic to Build an Enterprise Monitoring SolutionHow KeyBank Used Elastic to Build an Enterprise Monitoring Solution
How KeyBank Used Elastic to Build an Enterprise Monitoring SolutionElasticsearch
 
Improving search at Wellcome Collection
Improving search at Wellcome CollectionImproving search at Wellcome Collection
Improving search at Wellcome CollectionElasticsearch
 
Elastic @ John Deere
Elastic @ John DeereElastic @ John Deere
Elastic @ John DeereElasticsearch
 
Achieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impactAchieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impactElasticsearch
 

Recomendados

Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackSiscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackElasticsearch
 
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...Elasticsearch
 
Log Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNLLog Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNLElasticsearch
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPNElasticsearch
 
How KeyBank Used Elastic to Build an Enterprise Monitoring Solution
How KeyBank Used Elastic to Build an Enterprise Monitoring SolutionHow KeyBank Used Elastic to Build an Enterprise Monitoring Solution
How KeyBank Used Elastic to Build an Enterprise Monitoring SolutionElasticsearch
 
Improving search at Wellcome Collection
Improving search at Wellcome CollectionImproving search at Wellcome Collection
Improving search at Wellcome CollectionElasticsearch
 
Elastic @ John Deere
Elastic @ John DeereElastic @ John Deere
Elastic @ John DeereElasticsearch
 
Achieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impactAchieving cyber mission assurance with near real-time impact
Achieving cyber mission assurance with near real-time impactElasticsearch
 
Turning Evidence into Insights: How NCIS Leverages Elastic
Turning Evidence into Insights: How NCIS Leverages Elastic Turning Evidence into Insights: How NCIS Leverages Elastic
Turning Evidence into Insights: How NCIS Leverages Elastic Elasticsearch
 
Machine Learning for Anomaly Detection, Time Series Modeling, and More
Machine Learning for Anomaly Detection, Time Series Modeling, and MoreMachine Learning for Anomaly Detection, Time Series Modeling, and More
Machine Learning for Anomaly Detection, Time Series Modeling, and MoreElasticsearch
 
Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackElasticsearch
 
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsBetter Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsElasticsearch
 
Capgemini: Observability within the Dutch government
Capgemini: Observability within the Dutch governmentCapgemini: Observability within the Dutch government
Capgemini: Observability within the Dutch governmentElasticsearch
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElasticsearch
 
Centralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLACentralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLAElasticsearch
 
Countering Threats with the Elastic Stack at CERDEC/ARL
Countering Threats with the Elastic Stack at CERDEC/ARLCountering Threats with the Elastic Stack at CERDEC/ARL
Countering Threats with the Elastic Stack at CERDEC/ARLElasticsearch
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackElasticsearch
 
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Elasticsearch
 
Infrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insightInfrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insightElasticsearch
 
Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Elasticsearch
 
The Elastic Evolution of CenturyLink’s Network Management System
The Elastic Evolution of CenturyLink’s Network Management SystemThe Elastic Evolution of CenturyLink’s Network Management System
The Elastic Evolution of CenturyLink’s Network Management SystemElasticsearch
 
Elastic Cloud Enterprise in Azure with Devon
Elastic Cloud Enterprise in Azure with DevonElastic Cloud Enterprise in Azure with Devon
Elastic Cloud Enterprise in Azure with DevonElasticsearch
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackElasticsearch
 
Transformational Search Performance with EnergyIQ
Transformational Search Performance with EnergyIQ Transformational Search Performance with EnergyIQ
Transformational Search Performance with EnergyIQ Elasticsearch
 
CSX: Real-time Business Discovery with the Elastic Stack
CSX: Real-time Business Discovery with the Elastic StackCSX: Real-time Business Discovery with the Elastic Stack
CSX: Real-time Business Discovery with the Elastic StackElasticsearch
 
Artik cloud deview 2016
Artik cloud deview 2016Artik cloud deview 2016
Artik cloud deview 2016NAVER D2
 
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFBMonitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFBElasticsearch
 
How eStruxture Data Centers is Using ECE to Rapidly Scale Their Business
How eStruxture Data Centers is Using ECE to Rapidly Scale Their BusinessHow eStruxture Data Centers is Using ECE to Rapidly Scale Their Business
How eStruxture Data Centers is Using ECE to Rapidly Scale Their BusinessElasticsearch
 
Monitoring microservices: Docker, Mesos and Kubernetes visibility at scale
Monitoring microservices: Docker, Mesos and Kubernetes visibility at scaleMonitoring microservices: Docker, Mesos and Kubernetes visibility at scale
Monitoring microservices: Docker, Mesos and Kubernetes visibility at scaleAlessandro Gallotta
 
The Art of Container Monitoring
The Art of Container MonitoringThe Art of Container Monitoring
The Art of Container MonitoringDerek Chen
 

Mais conteúdo relacionado

Mais procurados

Turning Evidence into Insights: How NCIS Leverages Elastic
Turning Evidence into Insights: How NCIS Leverages Elastic Turning Evidence into Insights: How NCIS Leverages Elastic
Turning Evidence into Insights: How NCIS Leverages Elastic Elasticsearch
 
Machine Learning for Anomaly Detection, Time Series Modeling, and More
Machine Learning for Anomaly Detection, Time Series Modeling, and MoreMachine Learning for Anomaly Detection, Time Series Modeling, and More
Machine Learning for Anomaly Detection, Time Series Modeling, and MoreElasticsearch
 
Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackElasticsearch
 
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsBetter Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsElasticsearch
 
Capgemini: Observability within the Dutch government
Capgemini: Observability within the Dutch governmentCapgemini: Observability within the Dutch government
Capgemini: Observability within the Dutch governmentElasticsearch
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElasticsearch
 
Centralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLACentralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLAElasticsearch
 
Countering Threats with the Elastic Stack at CERDEC/ARL
Countering Threats with the Elastic Stack at CERDEC/ARLCountering Threats with the Elastic Stack at CERDEC/ARL
Countering Threats with the Elastic Stack at CERDEC/ARLElasticsearch
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackElasticsearch
 
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Elasticsearch
 
Infrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insightInfrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insightElasticsearch
 
Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Elasticsearch
 
The Elastic Evolution of CenturyLink’s Network Management System
The Elastic Evolution of CenturyLink’s Network Management SystemThe Elastic Evolution of CenturyLink’s Network Management System
The Elastic Evolution of CenturyLink’s Network Management SystemElasticsearch
 
Elastic Cloud Enterprise in Azure with Devon
Elastic Cloud Enterprise in Azure with DevonElastic Cloud Enterprise in Azure with Devon
Elastic Cloud Enterprise in Azure with DevonElasticsearch
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackElasticsearch
 
Transformational Search Performance with EnergyIQ
Transformational Search Performance with EnergyIQ Transformational Search Performance with EnergyIQ
Transformational Search Performance with EnergyIQ Elasticsearch
 
CSX: Real-time Business Discovery with the Elastic Stack
CSX: Real-time Business Discovery with the Elastic StackCSX: Real-time Business Discovery with the Elastic Stack
CSX: Real-time Business Discovery with the Elastic StackElasticsearch
 
Artik cloud deview 2016
Artik cloud deview 2016Artik cloud deview 2016
Artik cloud deview 2016NAVER D2
 
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFBMonitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFBElasticsearch
 
How eStruxture Data Centers is Using ECE to Rapidly Scale Their Business
How eStruxture Data Centers is Using ECE to Rapidly Scale Their BusinessHow eStruxture Data Centers is Using ECE to Rapidly Scale Their Business
How eStruxture Data Centers is Using ECE to Rapidly Scale Their BusinessElasticsearch
 

Mais procurados (20)

Turning Evidence into Insights: How NCIS Leverages Elastic
Turning Evidence into Insights: How NCIS Leverages Elastic Turning Evidence into Insights: How NCIS Leverages Elastic
Turning Evidence into Insights: How NCIS Leverages Elastic
 
Machine Learning for Anomaly Detection, Time Series Modeling, and More
Machine Learning for Anomaly Detection, Time Series Modeling, and MoreMachine Learning for Anomaly Detection, Time Series Modeling, and More
Machine Learning for Anomaly Detection, Time Series Modeling, and More
 
Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic Stack
 
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsBetter Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
 
Capgemini: Observability within the Dutch government
Capgemini: Observability within the Dutch governmentCapgemini: Observability within the Dutch government
Capgemini: Observability within the Dutch government
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
 
Centralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLACentralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLA
 
Countering Threats with the Elastic Stack at CERDEC/ARL
Countering Threats with the Elastic Stack at CERDEC/ARLCountering Threats with the Elastic Stack at CERDEC/ARL
Countering Threats with the Elastic Stack at CERDEC/ARL
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic Stack
 
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
 
Infrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insightInfrastructure monitoring made easy, from ingest to insight
Infrastructure monitoring made easy, from ingest to insight
 
Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box
 
The Elastic Evolution of CenturyLink’s Network Management System
The Elastic Evolution of CenturyLink’s Network Management SystemThe Elastic Evolution of CenturyLink’s Network Management System
The Elastic Evolution of CenturyLink’s Network Management System
 
Elastic Cloud Enterprise in Azure with Devon
Elastic Cloud Enterprise in Azure with DevonElastic Cloud Enterprise in Azure with Devon
Elastic Cloud Enterprise in Azure with Devon
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic Stack
 
Transformational Search Performance with EnergyIQ
Transformational Search Performance with EnergyIQ Transformational Search Performance with EnergyIQ
Transformational Search Performance with EnergyIQ
 
CSX: Real-time Business Discovery with the Elastic Stack
CSX: Real-time Business Discovery with the Elastic StackCSX: Real-time Business Discovery with the Elastic Stack
CSX: Real-time Business Discovery with the Elastic Stack
 
Artik cloud deview 2016
Artik cloud deview 2016Artik cloud deview 2016
Artik cloud deview 2016
 
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFBMonitoring and Securing a Geo-Dispersed Data Center at Hill AFB
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFB
 
How eStruxture Data Centers is Using ECE to Rapidly Scale Their Business
How eStruxture Data Centers is Using ECE to Rapidly Scale Their BusinessHow eStruxture Data Centers is Using ECE to Rapidly Scale Their Business
How eStruxture Data Centers is Using ECE to Rapidly Scale Their Business
 

Semelhante a Security Events Logging at Bell with the Elastic Stack

Monitoring microservices: Docker, Mesos and Kubernetes visibility at scale
Monitoring microservices: Docker, Mesos and Kubernetes visibility at scaleMonitoring microservices: Docker, Mesos and Kubernetes visibility at scale
Monitoring microservices: Docker, Mesos and Kubernetes visibility at scaleAlessandro Gallotta
 
The Art of Container Monitoring
The Art of Container MonitoringThe Art of Container Monitoring
The Art of Container MonitoringDerek Chen
 
Databricks clusters in autopilot mode
Databricks clusters in autopilot modeDatabricks clusters in autopilot mode
Databricks clusters in autopilot modePrakash Chockalingam
 
Istio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleIstio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleMofizur Rahman
 
Manging Container Deployments at Scale
Manging Container Deployments at ScaleManging Container Deployments at Scale
Manging Container Deployments at ScaleMofizur Rahman
 
RedisConf18 - Remote Monitoring & Controlling Scienific Instruments
RedisConf18 - Remote Monitoring & Controlling Scienific InstrumentsRedisConf18 - Remote Monitoring & Controlling Scienific Instruments
RedisConf18 - Remote Monitoring & Controlling Scienific InstrumentsRedis Labs
 
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...Amazon Web Services
 
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...DataScienceConferenc1
 
David Henthorn [Rose-Hulman Institute of Technology] | Illuminating the Dark ...
David Henthorn [Rose-Hulman Institute of Technology] | Illuminating the Dark ...David Henthorn [Rose-Hulman Institute of Technology] | Illuminating the Dark ...
David Henthorn [Rose-Hulman Institute of Technology] | Illuminating the Dark ...InfluxData
 
Intro to sysdig in 15 minutes
Intro to sysdig in 15 minutesIntro to sysdig in 15 minutes
Intro to sysdig in 15 minutesSysdig
 
GraphTour - Neo4j Database Overview
GraphTour - Neo4j Database OverviewGraphTour - Neo4j Database Overview
GraphTour - Neo4j Database OverviewNeo4j
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...RightScale
 
Splunk, SIEMs, and Big Data - The Undercroft - November 2019
Splunk, SIEMs, and Big Data - The Undercroft - November 2019Splunk, SIEMs, and Big Data - The Undercroft - November 2019
Splunk, SIEMs, and Big Data - The Undercroft - November 2019Jonathan Singer
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016Shannon Lietz
 
Building a Hybrid Cloud Solution
Building a Hybrid Cloud Solution Building a Hybrid Cloud Solution
Building a Hybrid Cloud Solution Cloudian
 
Ibm_IoT_Architecture_and_Capabilities
Ibm_IoT_Architecture_and_CapabilitiesIbm_IoT_Architecture_and_Capabilities
Ibm_IoT_Architecture_and_CapabilitiesIBM_Info_Management
 
Closer Look at Cloud Centric Architectures
Closer Look at Cloud Centric ArchitecturesCloser Look at Cloud Centric Architectures
Closer Look at Cloud Centric ArchitecturesTodd Kaplinger
 
Log management & SIEM
Log management & SIEMLog management & SIEM
Log management & SIEMBarakatAbweh
 

Semelhante a Security Events Logging at Bell with the Elastic Stack (20)

Monitoring microservices: Docker, Mesos and Kubernetes visibility at scale
Monitoring microservices: Docker, Mesos and Kubernetes visibility at scaleMonitoring microservices: Docker, Mesos and Kubernetes visibility at scale
Monitoring microservices: Docker, Mesos and Kubernetes visibility at scale
 
The Art of Container Monitoring
The Art of Container MonitoringThe Art of Container Monitoring
The Art of Container Monitoring
 
Databricks clusters in autopilot mode
Databricks clusters in autopilot modeDatabricks clusters in autopilot mode
Databricks clusters in autopilot mode
 
Istio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleIstio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at Scale
 
Manging Container Deployments at Scale
Manging Container Deployments at ScaleManging Container Deployments at Scale
Manging Container Deployments at Scale
 
RedisConf18 - Remote Monitoring & Controlling Scienific Instruments
RedisConf18 - Remote Monitoring & Controlling Scienific InstrumentsRedisConf18 - Remote Monitoring & Controlling Scienific Instruments
RedisConf18 - Remote Monitoring & Controlling Scienific Instruments
 
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
 
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
 
David Henthorn [Rose-Hulman Institute of Technology] | Illuminating the Dark ...
David Henthorn [Rose-Hulman Institute of Technology] | Illuminating the Dark ...David Henthorn [Rose-Hulman Institute of Technology] | Illuminating the Dark ...
David Henthorn [Rose-Hulman Institute of Technology] | Illuminating the Dark ...
 
Intro to sysdig in 15 minutes
Intro to sysdig in 15 minutesIntro to sysdig in 15 minutes
Intro to sysdig in 15 minutes
 
GPA Software Overview R3
GPA Software Overview R3GPA Software Overview R3
GPA Software Overview R3
 
GraphTour - Neo4j Database Overview
GraphTour - Neo4j Database OverviewGraphTour - Neo4j Database Overview
GraphTour - Neo4j Database Overview
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
 
Splunk, SIEMs, and Big Data - The Undercroft - November 2019
Splunk, SIEMs, and Big Data - The Undercroft - November 2019Splunk, SIEMs, and Big Data - The Undercroft - November 2019
Splunk, SIEMs, and Big Data - The Undercroft - November 2019
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
 
Building a Hybrid Cloud Solution
Building a Hybrid Cloud Solution Building a Hybrid Cloud Solution
Building a Hybrid Cloud Solution
 
Ibm_IoT_Architecture_and_Capabilities
Ibm_IoT_Architecture_and_CapabilitiesIbm_IoT_Architecture_and_Capabilities
Ibm_IoT_Architecture_and_Capabilities
 
Closer Look at Cloud Centric Architectures
Closer Look at Cloud Centric ArchitecturesCloser Look at Cloud Centric Architectures
Closer Look at Cloud Centric Architectures
 
Log management & SIEM
Log management & SIEMLog management & SIEM
Log management & SIEM
 

Mais de Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using ElasticElasticsearch
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webElasticsearch
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Elasticsearch
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudElasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesElasticsearch
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Elasticsearch
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Elasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of findElasticsearch
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiencesElasticsearch
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchElasticsearch
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesElasticsearch
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Elasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesElasticsearch
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insightsElasticsearch
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Elasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentElasticsearch
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public goodElasticsearch
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticElasticsearch
 

Mais de Elasticsearch (20)

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios web
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of find
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiences
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified search
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisiones
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insights
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public good
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and Elastic
 

Último

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 

Security Events Logging at Bell with the Elastic Stack

  • 1. 1 Sylvain Proulx Mathew Vandystadt October, Date, 2018 Security Events Logging at 

  • 2. 2 Sylvain Proulx 18 years in security Senior Security Manager Who are we Mathew V. 5 years in security Security Specialist Software Engineer
  • 3. 3 Our Mission • Ingest all security logs • Enrich, normalize, analyze, and contextualize • Automation • Build threat model detection • Visualize security data
  • 4. 4 What’s going on Our current challenges
  • 5. 5 Volume of logs keeps increasing Challenges Normalization of many new types of logs No one stop solution for our needs STOP
  • 6. 6 More data means more alerts Challenges Limited amount of analysts Limited detection mechanism
  • 8. 8 An in-depth look at our solution Building our Pipelines
  • 9. 9 Building One Piece at a Time Logging 1 2 3 4 Data engineering Log storage and long term retention Visualization and alerting End to end solution
  • 10. 10 Where Our Data Comes From • Bare metal servers • Virtual machines • Containers 1 2 3 4
  • 11. 11 Requirements For Our Log Shippers • Simple way to ship logs • Something that can buffer logs in case of outage • Something that’s lightweight, but gives us the possibility to perform light filtering at the source • Something uniform throughout our fleet • Automated deployment capability 1 2 3 4
  • 12. 12 Filebeats and Winlogbeats • Generic beats configuration per service logged • Simple installation and configuration • Minimal impact on systems • No loss of data in case of network outage 1 2 3 4
  • 13. 13 Adding Beats to Our Architecture Diagram 1 2 3 4
  • 14. 14 Being an ISP • Large quantity and variety of network devices • Unique ISP applications • Logs also come from security devices • Network devices can be very chatty 1 2 3 4 Different data sources to consider that other businesses don’t
  • 15. 15 What If Beats Can’t Handle Special Cases? • Most of the devices send logs only via syslog • Losing data is not an option • Need to receive data from geographically diverse locations 1 2 3 4
  • 16. 16 Rsyslog • Adding Rsyslog servers close to data sources • Acts as buffer • Basic parsing and serialization in JSON of logs with Rsyslog • Send logs to our security data center in TCP and minimize the risk of data loss 1 2 3 4
  • 17. 17 Adding Rsyslog to Our Architecture Diagram 1 2 3 4
  • 18. 18 Building One Piece at a Time Logging 1 2 3 4 Data engineering Log storage and long term retention Visualization and alerting End to end solution
  • 19. 19 Incoming Logs • All logs are serialized in JSON • The ability to sustain large spikes of traffic without over provisioning • Buffer data allowing for higher availability • Data accessible to multiple consumers 1 2 3 4 Our past experiences and requirements
  • 20. 20 Kafka as Our Message Queue • Kafka allows us to handle spikes of logs • Provide data buffering for potential downstream issue • Provide controls to share data securely across other teams using open formats • Kafka supports JSON out of the box • Rsyslog and Beats can write to Kafka 1 2 3 4 Our past experiences and requirements
  • 21. 21 Adding Kafka to Our Architecture Diagram 1 2 3 4
  • 22. 22 Parsing and Normalizing • Use resources efficiently by taking advantage of auto-scaling • Every unique technology requires it’s own set of configuration for parsing and normalization • Needs integration of CI/CD for ease of test and deployment 1 2 3 4 Our past experiences and requirements
  • 23. 23 Logstash on Openshift • We decided to run all our logstash instances on openshift • Containers consumes less resources than multiple virtual machines • We get auto scaling through openshift • We can scale quickly by adding more nodes if needed to our openshift cluster. 1 2 3 4 Logstash containers
  • 24. 24 Adding Openshift and Logstash to Our Architecture Diagram 1 2 3 4
  • 25. 25 Logstash on Openshift • Centralize configurations in Gitlab • Gitlab allows us to create CI pipelines quickly • Run Logstash configurations through rspec for testing • Review and deploy to production on merge requests • Openshift provides the ability to build CD pipelines 1 2 3 4 Logstash CI/CD
  • 26. 26 Adding CI/CD to Our Architecture Diagram 1 2 3 4
  • 27. 27 Building One Piece at a Time Logging 1 2 3 4 Data engineering Log storage and long term retention Visualization and alerting End to end solution
  • 28. 28 Log Storage • Most the searching is going to be done the same day • Documents need to be easily searchable for the previous 90 days • Horizontal scalability • Highly available and redundant data 1 2 3 4 Our past experiences and requirements
  • 29. 29 Log Storage • No real surprise, we store our logs in elasticsearch • Implementing the Hot-Warm architecture provides the best solution to meet our requirements • Our process allows for automated deployment of new nodes • Elasticsearch provides the required HA and redundancy 1 2 3 4 Elasticsearch
  • 30. 30 Adding Elasticsearch to Our Architecture Diagram 1 2 3 4
  • 31. 31 Long-Term Data Retention • For forensic and legal issues, data needs to be stored for a minimum of 12 months • Needs to be stored outside of the elasticsearch cluster • Fast retrieval of data in the existing elastic cluster • Minimize cost for long-term storage solution 1 2 3 4 Our past experiences and requirements
  • 32. 32 Long-Term Data Retention • Openstack Swift allows us to store our index snapshots in object storage • Reusability of S3 snapshot plugin from elasticsearch • Acceptable retrieval times • Use of curator to automate snapshots 1 2 3 4 S3 object storage
  • 33. 33 Adding S3 Storage to Our Architecture Diagram 1 2 3 4
  • 34. 34 Securing Data • Control over who has access to the data • Ease of RBAC management • Add layer of encryption over data transportation • Use of existing and tested solutions 1 2 3 4 Our past experiences and requirements
  • 35. 35 Adding X-Pack to Our Architecture Diagram 1 2 3 4
  • 36. 36 Building One Piece at a Time End to end solution Logging 1 3 42 Data engineering Log storage and long term retention Visualization and alerting
  • 37. 37 Handling and Visualization Our Data • Easy front-end to query logs • Reusable query • Ability to meaningfully visualize data • Front-end that’s used by a wide range of security specialists ‒ Analysts ‒ Threat hunters ‒ Data scientists Our past experiences and requirements 1 2 3 4
  • 38. 38 Adding Kibana to Our Architecture Diagram 1 2 3 4
  • 39. 39 Alerting on Security Events • Need to filter on meaningful security events • Ease of building and deploying detection rules • Automate deployment • Easily track life cycle of rules Our past experiences and requirements 1 2 3 4
  • 40. 40 Alerting on Security Events • Simple way of writing queries • Use of YAML text files solves maintainability issues with version control tools • Auto deployment through CI/CD tools tied to version control Elastalert 1 2 3 4
  • 41. 41 Adding ElastAlert to Our Architecture Diagram 1 2 3 4
  • 42. 42 Smart Detection • Data must be easily accessible • Develop custom machine learning models • Automated deployment of machine learning models • Flexibility in using different algorithms Our past experiences and requirements 1 2 3 4
  • 43. 43 1 2 3 4 Smart Detection In-house machine learning • Models developed with open source, ML centric libraries • Deployment pipeline from data scientists to production
  • 44. 44 Adding Machine Learning to Our Architecture Diagram 1 2 3 4
  • 45. 45 Security Event Correlation • Ability to correlate security events • Ability to write complex rules • Simple front end to help our analysts • Central point for alerting Our past experiences and requirements 1 2 3 4
  • 46. 46 Security Event Correlation • Provides one of the best correlation engines for security events • Allows for aggregation, correlation, trending, and more • ESM provides a GUI and it’s a well known product throughout Bell security teams • Can receive and send data to multiple sources Arcsight 1 2 3 4
  • 47. 47 Adding Arcsight to Our Architecture Diagram 1 2 3 4
  • 48. 48 Today’s Situation With Elastic • Elastic allows for horizontal scaling to support constant increase of log volume • Elastic allows for simple integration with open security protocols • Elastic’s X-Pack solution provides a built-in secure data environment • New architecture using elastic allows us to build more detection mechanism using different techniques Where we at STOP 1 2 3 4