Elasticsearch Security Analytics: Vulnerability Scans
Security attacks aren't a matter of if, but when. Identifying and understanding these threats as fast as possible is crucial. The Elastic Stack provides a more complete picture of what's going on across your systems in real time so you can keep pace with the attack vectors of today and tomorrow.
Join Mike Paquette, Director of Products for the Security Market, and Kevin Keeney, Cyber Security Advocate, for a live demo and presentation on enhancing your SIEM by leveraging components of the Elastic Stack. Mike and Kevin will be joined by Justin Henderson, a SANS instructor and the SANS course author for SEC555: SIEM with Tactical Analytics and the co-author of SEC455: SIEM Design and Implementation and SEC530: Defensible Security Architecture.
Mike and Justin will highlight an open source project, VulnWhisperer, a vulnerability data and report aggregator. VulnWhisperer pulls all the reports and creates a file with a unique filename which is then fed into logstash and then shipped to Elasticsearch.
Additional highlights include the Elastic Stack's machine learning features being used to detect attack behaviors by analyzing logs such as:
- Authentication logs
- Audit events
- NetFlow records
- DNS Traffic
- Logstash ArcSight module
Mike joined Elastic in 2016 from Prelert, where he'd been VP of Products for Prelert's machine learning technology. Mike's focus at Elastic is to help users and customers succeed with security-related applications of the Elastic Stack. Starting his career as an ASIC designer, Mike has led the development of SIEM, network IPS, DDoS Defense, and network monitoring solutions. Mike is a co-author of a patent on DDoS protection.
Kevin exudes passion about the field of cyber security, technology, people, and where they all meet. He has enjoyed a career with the military, corporate, and start-ups, both in operations and presales engineering roles. More important than any of that, he is a husband and father of five amazing children.
Founder & CEO, H&A Security Solutions
Justin is a SANS instructor and the SANS course author for SEC555: SIEM with Tactical Analytics and the co-author of SEC455: SIEM Design and Implementation and SEC530: Defensible Security Architecture. Justin is a passionate security researcher with over a decade of experience in consulting and is one of the co-founders of H & A Security Solutions. Justin is the 13th GSE to become both a red and blue SANS Cyber Guardian (less than 20 in the world) and holds 58 industry certifications.