SlideShare a Scribd company logo

Limitless XDR with Elastic Security unifies SIEM and Endpoint for analysts

D
Daliya Spasova

security meetup

Education
1 of 12
Download to read offline
Limitless XDR with Elastic Security James Spiteri Principal PMM  Elastic Security September 2nd, 2021
Open to all Elastic Enterprise Search Elastic Security Elastic Observability Kibana Elasticsearch Beats Logstash Elastic Cloud Elastic Cloud on Kubernetes Elastic Cloud Enterprise Self-Managed Elastic Stack
Today 2020 Anti-ransomware in Agent 7.12 2021 7.10 Correlation with EQL 7.6 SIEM goes GA 7.8 Workflow connectors & prebuilt detections Endgame integration 7.5 SIEM app introduced EPP/XDR goes GA 7.14 Case management 7.7 Anti-malware in Agent 7.9 Searchable Snapshots 7.11 Endgame acquired Threat intelligence 7.13
We’ve met our next major milestone in our vision for joining forces with Endgame: Elastic introduces the first free and open, Limitless XDR  unifying SIEM and Endpoint Security for analysts everywhere.
SIEM EDR EPP XDR NGAV HIPS NIDS
X is for eXtended D is for Detection R is for Response
Why do we need XDR? “We noticed this network activity from our endpoint events, did we see anything on our firewalls?” “This user is downloading files from s3 onto their desktop, can we view the s3 events?”
Limitless XDR XDR modernizes security operations, enabling analytics across all data, automating key processes, and bringing native endpoint security to every host. SIEM Endpoint Security ...
What is “Limitless”? Limitless visibility Hundreds of one-click integrations, a community of extensions, and simple custom ingestion with a single Agent Limitless data Action frozen storage data, like S3, for years of search, threat intelligence, dashboards, reports, and more Limitless value Elastic Security is all inclusive, with no price per seat, agent, GB ingested, etc. Deploy anywhere on any cloud or on prem (or both) Limitless analysis Search, correlate, look for outliers with machine learning, finding threat intelligence, aggregate results, prioritize, and investigate across multi-cloud environments
Elastic Security Pre-execution prevention ❏ Malware prevention ❏ Ransomware prevention Post-execution prevention ❏ Behavioral ransomware Prevention Collect Continuous visibility ❏ Kernel-level data collection ❏ Tailored host data collection ❏ Ad-hoc host analysis via osquery Prevent Elastic Agent ❏ Alert triage and hunting workflows ❏ Insights, context, and recommendations ❏ Threat intel. integrations ❏ Prebuilt detections: use cases, rules, ML models ❏ Advanced analytics, interactive visualizations, root-cause analysis ❏ Fast and scalable search platform, open data schema, on-prem to multi-cloud Detect Elastic Stack ❏ Investigation & response workflows ❏ External alert actions: email, Slack, SOAR & ITSM platforms ❏ External case connectors: IBM, JIRA, ServiceNow, Swimlane ❏ Simple custom connections Respond Elastic Stack ❏ On-demand osquery inspection ❏ Remote host isolation Elastic Agent
11 Live Demo
Thank you elastic.co/security

Recommended

SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalManageEngine EventLog Analyzer
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 

Recommended

SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalManageEngine EventLog Analyzer
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElasticsearch
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMElasticsearch
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security BrochureJoseph DeFever
 
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElasticsearch
 

More Related Content

What's hot

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElasticsearch
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMElasticsearch
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 

What's hot (20)

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyone
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilient
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
 

Similar to Limitless XDR with Elastic Security unifies SIEM and Endpoint for analysts

Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security BrochureJoseph DeFever
 
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElasticsearch
 
Elastic Security Solution Brief
Elastic Security Solution BriefElastic Security Solution Brief
Elastic Security Solution BriefJoseph DeFever
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positives Automate threat detections and avoid false positives
Automate threat detections and avoid false positivesElasticsearch
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureCloudVillage
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackElasticsearch
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAmazon Web Services
 
Automatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosAutomatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosElasticsearch
 
Automatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosAutomatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosImma Valls Bernaus
 
Automatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosAutomatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosImma Valls Bernaus
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positivesAutomate threat detections and avoid false positives
Automate threat detections and avoid false positivesElasticsearch
 
How to Use Open Source Tools to Improve Network Security
How to Use Open Source Tools to Improve Network SecurityHow to Use Open Source Tools to Improve Network Security
How to Use Open Source Tools to Improve Network SecurityMohammed Almusaddar
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19marketingsyone
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
AWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud InnovationsAWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud InnovationsAmazon Web Services
 

Similar to Limitless XDR with Elastic Security unifies SIEM and Endpoint for analysts (20)

Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security Brochure
 
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite Elastic
 
Elastic Security Solution Brief
Elastic Security Solution BriefElastic Security Solution Brief
Elastic Security Solution Brief
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positives Automate threat detections and avoid false positives
Automate threat detections and avoid false positives
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic Stack
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - Intel
 
Automatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosAutomatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivos
 
Automatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosAutomatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivos
 
Automatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosAutomatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivos
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positivesAutomate threat detections and avoid false positives
Automate threat detections and avoid false positives
 
How to Use Open Source Tools to Improve Network Security
How to Use Open Source Tools to Improve Network SecurityHow to Use Open Source Tools to Improve Network Security
How to Use Open Source Tools to Improve Network Security
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban Próspero
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
AWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud InnovationsAWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud Innovations
 

More from Daliya Spasova

S2 e elastic observability per i servizi core banking - mar 23, 2021
S2 e elastic observability per i servizi core banking - mar 23, 2021S2 e elastic observability per i servizi core banking - mar 23, 2021
S2 e elastic observability per i servizi core banking - mar 23, 2021Daliya Spasova
 
Security sizing meetup
Security sizing meetupSecurity sizing meetup
Security sizing meetupDaliya Spasova
 
Geo network 4 elasticsearch (1)
Geo network 4 elasticsearch (1)Geo network 4 elasticsearch (1)
Geo network 4 elasticsearch (1)Daliya Spasova
 
Food safety risks the elastic stack to the rescue
Food safety risks the elastic stack to the rescueFood safety risks the elastic stack to the rescue
Food safety risks the elastic stack to the rescueDaliya Spasova
 
Q&a on running the elastic stack on kubernetes
Q&a on running the elastic stack on kubernetesQ&a on running the elastic stack on kubernetes
Q&a on running the elastic stack on kubernetesDaliya Spasova
 
Meetup ilm virtual emea
Meetup ilm virtual emeaMeetup ilm virtual emea
Meetup ilm virtual emeaDaliya Spasova
 
Elastic maps application_21_10_20
Elastic maps application_21_10_20Elastic maps application_21_10_20
Elastic maps application_21_10_20Daliya Spasova
 
Covid19 map presentation
Covid19 map presentationCovid19 map presentation
Covid19 map presentationDaliya Spasova
 
Data exploration using elastic stack for beginners
Data exploration using elastic stack for beginnersData exploration using elastic stack for beginners
Data exploration using elastic stack for beginnersDaliya Spasova
 
Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck Daliya Spasova
 
Dynamic presentations with_canvas
Dynamic presentations with_canvasDynamic presentations with_canvas
Dynamic presentations with_canvasDaliya Spasova
 
2020 07-30 elastic agent + ingest management
2020 07-30 elastic agent + ingest management2020 07-30 elastic agent + ingest management
2020 07-30 elastic agent + ingest managementDaliya Spasova
 
Spring meetup elasticsearch
Spring meetup elasticsearchSpring meetup elasticsearch
Spring meetup elasticsearchDaliya Spasova
 

More from Daliya Spasova (17)

S2 e elastic observability per i servizi core banking - mar 23, 2021
S2 e elastic observability per i servizi core banking - mar 23, 2021S2 e elastic observability per i servizi core banking - mar 23, 2021
S2 e elastic observability per i servizi core banking - mar 23, 2021
 
Security sizing meetup
Security sizing meetupSecurity sizing meetup
Security sizing meetup
 
Verba @ elastic
Verba @ elasticVerba @ elastic
Verba @ elastic
 
Geo network 4 elasticsearch (1)
Geo network 4 elasticsearch (1)Geo network 4 elasticsearch (1)
Geo network 4 elasticsearch (1)
 
Food safety risks the elastic stack to the rescue
Food safety risks the elastic stack to the rescueFood safety risks the elastic stack to the rescue
Food safety risks the elastic stack to the rescue
 
Q&a on running the elastic stack on kubernetes
Q&a on running the elastic stack on kubernetesQ&a on running the elastic stack on kubernetes
Q&a on running the elastic stack on kubernetes
 
Meetup ilm virtual emea
Meetup ilm virtual emeaMeetup ilm virtual emea
Meetup ilm virtual emea
 
October 2020 meetup
October 2020 meetupOctober 2020 meetup
October 2020 meetup
 
Elastic maps application_21_10_20
Elastic maps application_21_10_20Elastic maps application_21_10_20
Elastic maps application_21_10_20
 
Covid19 map presentation
Covid19 map presentationCovid19 map presentation
Covid19 map presentation
 
Data exploration using elastic stack for beginners
Data exploration using elastic stack for beginnersData exploration using elastic stack for beginners
Data exploration using elastic stack for beginners
 
Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck
 
Dynamic presentations with_canvas
Dynamic presentations with_canvasDynamic presentations with_canvas
Dynamic presentations with_canvas
 
Kibana webinar (1)
Kibana webinar (1)Kibana webinar (1)
Kibana webinar (1)
 
2020 07-30 elastic agent + ingest management
2020 07-30 elastic agent + ingest management2020 07-30 elastic agent + ingest management
2020 07-30 elastic agent + ingest management
 
Spring meetup elasticsearch
Spring meetup elasticsearchSpring meetup elasticsearch
Spring meetup elasticsearch
 
Meetup 13 08 2020
Meetup 13 08 2020Meetup 13 08 2020
Meetup 13 08 2020
 

Recently uploaded

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

Limitless XDR with Elastic Security unifies SIEM and Endpoint for analysts

  • 1. Limitless XDR with Elastic Security James Spiteri Principal PMM  Elastic Security September 2nd, 2021
  • 2. Open to all Elastic Enterprise Search Elastic Security Elastic Observability Kibana Elasticsearch Beats Logstash Elastic Cloud Elastic Cloud on Kubernetes Elastic Cloud Enterprise Self-Managed Elastic Stack
  • 3. Today 2020 Anti-ransomware in Agent 7.12 2021 7.10 Correlation with EQL 7.6 SIEM goes GA 7.8 Workflow connectors & prebuilt detections Endgame integration 7.5 SIEM app introduced EPP/XDR goes GA 7.14 Case management 7.7 Anti-malware in Agent 7.9 Searchable Snapshots 7.11 Endgame acquired Threat intelligence 7.13
  • 4. We’ve met our next major milestone in our vision for joining forces with Endgame: Elastic introduces the first free and open, Limitless XDR  unifying SIEM and Endpoint Security for analysts everywhere.
  • 6. X is for eXtended D is for Detection R is for Response
  • 7. Why do we need XDR? “We noticed this network activity from our endpoint events, did we see anything on our firewalls?” “This user is downloading files from s3 onto their desktop, can we view the s3 events?”
  • 8. Limitless XDR XDR modernizes security operations, enabling analytics across all data, automating key processes, and bringing native endpoint security to every host. SIEM Endpoint Security ...
  • 9. What is “Limitless”? Limitless visibility Hundreds of one-click integrations, a community of extensions, and simple custom ingestion with a single Agent Limitless data Action frozen storage data, like S3, for years of search, threat intelligence, dashboards, reports, and more Limitless value Elastic Security is all inclusive, with no price per seat, agent, GB ingested, etc. Deploy anywhere on any cloud or on prem (or both) Limitless analysis Search, correlate, look for outliers with machine learning, finding threat intelligence, aggregate results, prioritize, and investigate across multi-cloud environments
  • 10. Elastic Security Pre-execution prevention ❏ Malware prevention ❏ Ransomware prevention Post-execution prevention ❏ Behavioral ransomware Prevention Collect Continuous visibility ❏ Kernel-level data collection ❏ Tailored host data collection ❏ Ad-hoc host analysis via osquery Prevent Elastic Agent ❏ Alert triage and hunting workflows ❏ Insights, context, and recommendations ❏ Threat intel. integrations ❏ Prebuilt detections: use cases, rules, ML models ❏ Advanced analytics, interactive visualizations, root-cause analysis ❏ Fast and scalable search platform, open data schema, on-prem to multi-cloud Detect Elastic Stack ❏ Investigation & response workflows ❏ External alert actions: email, Slack, SOAR & ITSM platforms ❏ External case connectors: IBM, JIRA, ServiceNow, Swimlane ❏ Simple custom connections Respond Elastic Stack ❏ On-demand osquery inspection ❏ Remote host isolation Elastic Agent