Threat hunting with Elastic APM

•

0 likes•103 views

This document discusses how application performance monitoring (APM) data from the Elastic Stack can be used for threat hunting. It describes how APM data can be combined with machine learning and security information and event management (SIEM) to more easily detect anomalies, pinpoint potential security threats, and reduce mean time to resolution for issues. The document provides examples of how APM metadata can be applied as filters across different Elastic solutions to focus analysis and identifies specific attack models and techniques that can be applied in APM-driven threat hunting rules.

Technology

Threat Hunting with APM
Search. Observe. Protect.
Ruben Perez (Sr. Solutions Architect @ Elastic)
May 28, 2020
sled@elastic.co

- Monitor software services and applications in real
time to make it easier to pinpoint and remedy
performance problems, quickly.
- Automatically collect unhandled errors and
exceptions.
- Automatically retrieve basic host-level and agent
speciﬁc metrics.
Application
Performance
Monitoring

Elastic Enterprise Search Elastic SecurityElastic Observability
Kibana
Elasticsearch
Beats Logstash
3 solutions powered by 1 stack
Elastic Stack

Business Deployment Abstract
Applications VMs/Containers
Other DBs,
Services &
Middleware
Orchestration InfrastructureAPM
Metrics
Logs
Uptime
Uptime
APM Metrics
APM Logs
APM
APM
Metrics
Logs
Uptime
Metrics
Logs
Uptime
APM

APM Supported Technologies
RealUserMonitoring

Combine autonomous
monitoring with alerts of
unknown & deﬁned
events.
Correlate ML & Watcher with
APM view from same screen
Reduces the need to toggle between
tabs to generate ML jobs or Watcher
alerts on events of APM monitored
services.
Apply APM metadata as ﬁlters
in diﬀerent solution views
The Elastic solutions all have a variant
view of the dataset, but can share APM
metadata as ﬁlters to cull the view
Event Detection

Decrease MTTR by
sequencing ML and APM
analysis
APM service(s) driving
anomalous event(s)
Observe how ML triggered events are
inﬂuenced by APM services.
Analyze in ML & APM views
ML anomalies can contain a hyperlink to
the APM analysis view of the service(s)
that inﬂuenced the event.
ML + APM
Analysis

Server & service
information can assist in
securing the network
APM Server information can be
shared in SIEM
Leveraging the same dataset as APM,
SIEM can be used to track and identify
potential threats to the business
Tagging can help reduce MTTR
APM data can be tagged for use in the
various Elastic solutions, especially
SIEM, as a ﬁltration mechanism
Highlight unexpected processes
Rogue processes or unauthorized
access requests can be quickly identiﬁed
with APM & SIEM monitoring
Threat Hunting
with APM

APM data can be used by
SIEM to perform signal
detections
Customize signal detection
rules for APM data
Apply target inﬂuencer(s) of the signal
detection leveraging APM metadata
Select any MITRE attack models
to apply to the signal rule
Each MITRE attack model has collection
techniques that can be applied
Schedule the signal for
continued threat hunting
Flexibility to select signal detection
frequency
APM Driven
Threat Hunting
https://www.elastic.co/campaigns/mitre-attack

Show Me Something
Search. Observe. Protect.

SLED Virtual Group
● Are you interested in learning more about Elastic?
● Do you want to represent your community at the next Elastic
Virtual Group?
● Come check out your opportunity to be a leader and have your
voice heard:
○ https://community.elastic.co/state-and-local-government-and-
education-sled-virtual/
At our next Virtual Group, led by Jenny Morris,
we will be learning more about how to
Leverage Elastic machine learning features to
enhance your security posture.

Training Subscriptions
Annual pass
Year-round learning solution for a named
user
Training on the go
Flexible options include live, virtual and
On-Demand training
Immersive learning
Hands-on, solution-based training
Extensive curriculum
Classes span the Elastic Stack with new
content added regularly
Explore all beneﬁts

Elastic Use Cases
Elastic Enterprise Search Elastic SecurityElastic Observability
https://www.elastic.co/customers/

Elastic is a Search Company.
www.elastic.co
Thank you, any questions?
Search. Observe. Protect.

What's hot

Elastic Security : Protéger son entreprise avec la Suite Elastic

Elasticsearch

Keynote: Elastic Observability evolution and vision

Elasticsearch

Building Elastic into security operations

Elasticsearch

Combining logs, metrics, and traces for unified observability

Elasticsearch

Reinventing enterprise defense with the Elastic Stack

Elasticsearch

Get full visibility and find hidden security issues

Elasticsearch

Keynote: Elastic Security evolution and vision

Elasticsearch

Watch the video: https://content.pivotal.io/webinars/using-data-science-for-cybersecurity Enterprise networks are under constant threat. While perimeter security can help keep some bad actors out, we know from experience that there is no 100%, foolproof way to prevent unwanted intrusions. In many cases, bad actors come from within the enterprise, meaning perimeter security methods are ineffective. Enterprises, therefore, must enhance their cybersecurity efforts to include data science-driven methods for identifying anomalous and potentially nefarious user behavior taking place inside their networks and IT infrastructure. Join Pivotal’s Anirudh Kondaveeti and Jeff Kelly in this live webinar on data science for cybersecurity. You’ll learn how to perform data-science driven anomalous user behavior using a two-stage framework, including using principal components analysis to develop user specific behavioral models. Anirudh and Jeff will also share examples of successful real-world cybersecurity efforts and tips for getting started. About the Speakers: Anirudh Kondaveeti is a Principal Data Scientist at Pivotal with a focus on Cybersecurity and spatio-temporal data mining. He has developed statistical models and machine learning algorithms to detect insider and external threats and "needle-in-the-hay-stack" anomalies in machine generated network data for leading industries. Jeff Kelly is a Principal Product Marketing Manager at Pivotal.

Using Data Science for Cybersecurity

VMware Tanzu

Kubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali

Yusuf Hadiwinata Sutandar

SplunkLive! Munich 2018: Siemens Security Use Case

Splunk

Democratizing Observability

denise stockman

Microsoft: Enterprise search for cloud native applications

Elasticsearch

Palestra de abertura: Evolução e visão do Elastic Security

Elasticsearch

The number of IoT devices that streams data to a connected cloud backend increases daily. This data creates new possibilities for real-time analytics and can fundamentally change how our world works. In this presentation, you’ll learn how to build an Azure IoT architecture that is ready for real-time data analytics. Sam will demonstrate how data can be ingested and how different Azure technologies can be applied to achieve real-time intelligence. You’ll also discover how Azure Stream Analytics can be used to run streaming queries in the Cloud and on the Edge. By the end of this session you’ll have an understanding on how Azure Time Series Insights works to set up a Real Time data exploration, and you’ll get a glimpse of Azure Databricks for more advanced data analytics scenarios. Finally, you’ll learn how to deploy custom code to detect and act upon events in the data.

Real-time analytics in IoT by Sam Vanhoutte (@Building The Future 2019)

Codit

To effectively manage your application, it’s critical to have visibility into both logs and metrics. Metrics can provide app and infrastructure KPI’s, while logs provide context into application and infrastructure execution KPIs. Managing one without the other, provides you with incomplete data; you need both to troubleshoot application issues quickly and efficiently. This webinar will feature a live demo of Sumo Logic’s Unified Logs and Metrics machine data analytics platform and show how to: Natively ingest your logs, host metrics, AWS metrics and Graphite-compatible metrics Proactively set alerts based on logs and metrics thresholds Analyze and correlate logs and metrics in real-time and in a unified way to reduce mean time to problem resolution (MTTR)

Machine Analytics: Correlate Your Logs and Metrics

Sumo Logic

Pour les organisations modernes, les applications sont souvent l'interface client principale, et influencent directement les résultats tels que le chiffre d'affaires et la fidélisation de la clientèle. Quelle que soit votre progression dans votre parcours vers les solutions cloud natives, Elastic APM peut vous aider à améliorer les expériences clients en détectant plus tôt les goulets d'étranglement des performances et en identifiant plus rapidement les régressions à partir des nouveaux déploiements. Découvrez comment obtenir une vue complète des services qui alimentent vos applications, du front-end au back-end, pour garantir un fonctionnement optimal.

Elastic APM : développez vos logs et vos indicateurs pour obtenir une vue com...

Elasticsearch

Webinar: https://www.sumologic.com/online-training/#SettingUpSumo Designed for Administrators, this course shows you how to set up your data collection according to your organization’s data sources. Best practices around deployment options ensure you choose a deployment that scales as your organization grows. Because metadata is so important to a healthy environment, learn how to design and set up a naming convention that works best for your teams. Use Chef, Puppet or the likes? Learn how to automate your deployment. Test your deployment with simple searches, and learn to take advantage of optimization tools that can help you stay on top of your deployment.

Setting up Sumo Logic - June 2017

Sumo Logic

Comment transformer vos données en informations exploitables

Elasticsearch

The way we work, shop, and consume content has shifted in 2020. Unsurprisingly, search has become the cornerstone of those activities. Get to know the team behind Elastic Enterprise Search and hear how we’ve taken a different approach to enabling you to deliver new search experiences for your customers and teams. We’ll also show how some of our customers have thrived during the Covid 19 pandemic by leveraging the scalability and flexibility of Enterprise Search on Elastic Cloud. Plus, we’ll take you on a guided tour of the latest innovations and what’s new in our latest releases.

Keynote: Making search better, faster, easier

Elasticsearch

Combining Logs, Metrics, and Traces for Unified Observability

Elasticsearch

What's hot (20)

Elastic Security : Protéger son entreprise avec la Suite Elastic

Keynote: Elastic Observability evolution and vision

Building Elastic into security operations

Combining logs, metrics, and traces for unified observability

Reinventing enterprise defense with the Elastic Stack

Get full visibility and find hidden security issues

Keynote: Elastic Security evolution and vision

Using Data Science for Cybersecurity

Kubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali

SplunkLive! Munich 2018: Siemens Security Use Case

Democratizing Observability

Microsoft: Enterprise search for cloud native applications

Palestra de abertura: Evolução e visão do Elastic Security

Real-time analytics in IoT by Sam Vanhoutte (@Building The Future 2019)

Machine Analytics: Correlate Your Logs and Metrics

Elastic APM : développez vos logs et vos indicateurs pour obtenir une vue com...

Setting up Sumo Logic - June 2017

Comment transformer vos données en informations exploitables

Keynote: Making search better, faster, easier

Combining Logs, Metrics, and Traces for Unified Observability

Similar to Threat hunting with Elastic APM

Elastic SIEM (Endpoint Security)

Kangaroot

Hacking appliances

Jonathan Suldo

Operationalizing the IoT with Mtell and Apache Spark Alex Bates, CTO, Mtell The volumes of data generated by sensor networks have eclipsed those generated by social networks according to a recent estimate. This includes the time series data generated by the process control systems, maintenance and lab systems, and observations made by operators and engineers. This tidal wave of data generates both challenges and opportunities in the industrial IoT. Operations and maintenance personnel need to make better decisions about how they operate and maintain equipment, and engineers and stakeholders need to be able to predict more precisely what is occurring or what will happen in the future in continuous, discrete, and batch environments. This session will explore the evolution of descriptive, predictive, and prescriptive analytics, and toolsets incorporating Apache Spark which address the changing needs of industrial process stakeholders. Video Presentation: https://youtu.be/t38Dfkzwxl4

Operationalizing the IoT with Mtell and Apache Spark

Julius Remigio, CBIP

Your efforts to protect your SAP systems won't be complete until you have reliable way to keep a constant eye on your transactions and applications. When you detect critical incidents right when they occur, you'll be able take immediate action in response. When you're under attack, your reaction time has a significant impact on the level of damage you can expect. It's not hard to see how a real-time solution like AKQUINET's SAST Security Radar pays for itself in short order. Detecting attacks based on log files and analyzing network traffic requires in-depth knowledge of the potential paths and patterns such incursions can follow. This is because events relevant to security have to be filtered out of a sea of data and placed in the proper context. -------------------------------------------------------------------------------- Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de

SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...

akquinet enterprise solutions GmbH

Why SureLog?

Ertugrul Akbas

Correlog Overview Presentation

Ameritech Systems Corporation

Overall Security Process Review CISC 662 1 Agenda Review of the following technologies and current products: SIEM CASB EDR (Enterprise Detection and Response) NGFW (Next Generation Firewalls) Threat Intelligence Summary of Term SANS Technology Institute - Candidate for Master of Science Degree What is a SIEM? SIEM - Security Information Event Management Logging and Event Aggregation Network (router,switch,firewall,etc) System (Server,workstation,etc) Application (Web, DB ) Correlation Engine 2+ related events = higher alarm (1+1=3) 3 At first glance SIEM's appliances and software look like an event aggregator. While a SIEM has the advantage of aggregating logs what puts them apart from the event aggregator market are the correlation engines. The correlation engines allow the ability to uncover threats/attacks across multiple related events which by themselves would not be a cause for alarm. SIEM 4 What is a SIEM? 5 Security information and event management (SIEM) is the technology that can tie all your systems together and give you a comprehensive view of IT security. IT security is typically a patchwork of technologies – firewalls, intrusion prevention, endpoint protection, threat intelligence and the like – that work together to protect an organization’s network and data from hackers and other threats. Tying all those disparate systems together is another challenge, however, and that’s where SIEM can help. SIEM systems manage and make sense of security logs from all kinds of devices and carry out a range of functions, including spotting threats, preventing breaches before they occur, detecting breaches, and providing forensic information to determine how a security incident occurred as well as its possible impact. Using SIEM How do SIEM Products help the following Security concerns? Countermeasures to detect attempts to infect internal system Identification of infected systems trying to exfiltrate information Mitigation of the impact of infected systems Detection of outbound sensitive information ( DLP) 6 These questions are a core part of a companies overall security architecture. If a SIEM isn't providing answers or solutions to these questions what is it doing? If you aren't using your SIEM to solve issues like these it may just be an expensive log aggregator/collection system sitting in your network collecting dust. SIEM Advantages Correlation of data from multiple systems and from different events detecting security and operational conditions Anomaly detection by using a baseline of events over time to find deviations from expected or normal behavior Comprehensive view into an environment based on event types, protocols, log sources, etc APT (advanced persistent threat) protection through detection of protocol and application anomalies Prioritization based on risk of threat to assets, staff can triage the most vulnerable targets Alerting and monitoring on events of interest to escalate pri ...

Overall Security Process Review CISC 6621Agend.docx

karlhennesey

The presentation provides the following: - McAfee Company Overview - McAfee Strategy - McAfee Security Operations Overview - Security Operations Challenges - ESM Overview - ESM Components - ESM Architecture - ESM Architecture - Large Customer Sample - ESM Integrations - ESM Use Cases - Sample - ESM Incident Scenario - Sample - ESM - Security Operations Please note all the information is based prior to Jan 2020.

McAfee - Enterprise Security Manager (ESM) - SIEM

Iftikhar Ali Iqbal

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning

Symantec

Autonomic cloud emerge as a result of emerging four properties of autonomic computing in cloud that are self-healing, self-monitoring, self-repairing and self-optimization We have defined a methodology to improve the security in cloud computing and also defined a methodology that can ensure the autonomic management in autonomic cloud computing We have selected 1 of the 7 properties of the autonomic cloud computing that is autonomic management Our main focus is on the security enhancement and avoidance of cloud intrusion in autonomic cloud computing Bilal Hussain CH "Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-6 , October 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18378.pdf

Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing

ijtsrd

Gartner_Critical Capabilities for SIEM 9.21.15

Jay Steidle

With sensitive data residing everywhere and the breach epidemic growing, the need for application and data protection solutions has become even more critical. Join Ulf Mattsson, Head of Innovation at TokenEx as he discusses: - New Security Challenges to Applications and Data in Cloud - New requirements from Regulations - Application and Data Security solutions for the Enterprise - Trends in integration of Security into Application development - Automating Security tasks in the Open Application development process - The new API Economy - Application Security in the new API Economy - Latest developments and standards in Identity Management for The API Economy - Emerging Data Protection options for Public, Hybrid and Private Cloud.

New enterprise application and data security challenges and solutions apr 2...

Ulf Mattsson

Reveelium Smart Predictive Analytics - Datasheet EN

ITrust - Cybersecurity as a Service

Machine Learning as service

Nihal Mehdi

Changing the Security Monitoring Status Quo

EMC

Gartner market guide ai ops platforms

Rajeev Mohal

Sourcefire Webinar - NEW GENERATION IPS

mmiznoni

Siem ppt

kmehul

LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

rver21

Web-Based Online Embedded Security System And Alertness Via Social Media

IRJET Journal

Similar to Threat hunting with Elastic APM (20)

Elastic SIEM (Endpoint Security)

Hacking appliances

Operationalizing the IoT with Mtell and Apache Spark

SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...

Why SureLog?

Correlog Overview Presentation

Overall Security Process Review CISC 6621Agend.docx

McAfee - Enterprise Security Manager (ESM) - SIEM

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning

Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing

Gartner_Critical Capabilities for SIEM 9.21.15

New enterprise application and data security challenges and solutions apr 2...

Reveelium Smart Predictive Analytics - Datasheet EN

Machine Learning as service

Changing the Security Monitoring Status Quo

Gartner market guide ai ops platforms

Sourcefire Webinar - NEW GENERATION IPS

Siem ppt

LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

Web-Based Online Embedded Security System And Alertness Via Social Media

More from FaithWestdorp

Elastiknn (https://elastiknn.com/) is an open-source Elasticsearch plugin for exact and approximate nearest neighbor search. Methods like word2vec and neural nets can convert various data modalities (text, images, users, items, etc.) into numerical vectors (i.e., embeddings), enabling data scientists and engineers to use nearest neighbor queries to search for semantically similar data (e.g., similar documents, images, users, etc.). Elasticsearch is a ubiquitous search solution, but its support for vector search is still evolving. Elastiknn fills the gap by bringing efficient exact and approximate vector search to Elasticsearch. This enables an enhanced search experience by combining traditional queries (e.g., products matching <some text query>) with nearest neighbor search queries (e.g., products with images similar to <a user-provided image>). In this talk, Alex will present the features of Elastiknn, some example use-cases, and a few of the interesting engineering challenges in building it.

Using Elastiknn for exact and approximate nearest neighbor search

FaithWestdorp

Observability from the Home

FaithWestdorp

Learn how Congress is starting to use Elasticsearch to modernize search, and how you can help to accelerate this change. Until just a decade ago, some of the most important precedents of Congress were stored and indexed on paper cards. This system was replaced by a slow, clunky SQL search and there was initially resistance when Xcential proposed to convert this to Elasticsearch (v1.7.2), because lawyers feared that ‘relevance’-based search would be less precise. With accurate results, 50 times faster, users were won over. Now there is a potential to use modern search, not only for precedents, but throughout the work of Congress and in state legislatures as well. We’ll talk about some of these projects, and how you could get involved (we’re hiring!).

Elasticsearch Goes to Congress

FaithWestdorp

Announcing the open source release of Zombie Technology Elimination Project (ZTEP), gamifying the retirement of deprecated tech, powered by Elasticsearch! Model the progress of a code migration effort as zombies that are still left to defeat! Support a culture of recognition by publicly celebrating the contributions of Zombie Hunters (code migrators) by awarding points and featuring them on the Hunter Heroes Leaderboard. Inspired by the original ZTEP project by Mike Finney (@FinneyCanHelp) and others at Carfax: https://www.gamification.co/2013/09/11/gamifying-the-destruction-of-zombie-technology Based on the behavioral science of Octalysis gamification framework: https://yukaichou.com/gamification-examples/octalysis-complete-gamification-framework/

Eliminate your zombie technology ray myers - 11-5-2020

FaithWestdorp

Mejorando las busquedas en nuestras aplicaciones web con elasticsearch

FaithWestdorp

Evolving with Elastic: GetSet Learning

FaithWestdorp

EmPOW: Integrating Attack Behavior Intelligence into Logstash Plugins

FaithWestdorp

Examining OpenData with a Search Index using Elasticsearch

FaithWestdorp

From the trenches: scaling a large log management deployment

FaithWestdorp

Logstash and Maxmind: not just for GEOIP anymore

FaithWestdorp

Elasticsearch's aggregations & esctl in action or how i built a cli tool...

FaithWestdorp

Searching for NLP: Using Elasticsearch to Create MVPs of NLP-enabled User Ex...

FaithWestdorp

Introduction to machine learning using Elastic

FaithWestdorp

Upgrade your attack model: finding and stopping fileless attacks with MITRE A...

FaithWestdorp

Elastic Observability

FaithWestdorp

Guide to Data Visualization in Kibana

FaithWestdorp

Elastic's recommendation on keeping services up and running with real-time vi...

FaithWestdorp

Bio: Jeff Moore is a Systems Engineer at Bandwidth with a focus on administering and extending Kubernetes, AWS, and the Elastic Stack to support internal customer use-cases. Originally a die-hard Kubernetes fan, his passions have now also extended to the Elastic Stack due to insights of the amazing things that can be done with well-architected data. He has lived in Raleigh for most of his life and currently has a love/hate relationship with the factory automation game Factorio. Jeff is a Certified Kubernetes Administrator with plans to complete the Elastic Certified Engineer exam. Abstract: In this talk, Jeff will talk about how he designed a command-line tool built on the go-elasticsearch project - making interactions with the elasticsearch APIs much easier. He will also go into the inspirations of the project, lessons learned, and future work.

Esctl in action elastic user group presentation aug 25 2020

FaithWestdorp

More from FaithWestdorp (18)

Using Elastiknn for exact and approximate nearest neighbor search

Observability from the Home

Elasticsearch Goes to Congress

Eliminate your zombie technology ray myers - 11-5-2020

Mejorando las busquedas en nuestras aplicaciones web con elasticsearch

Evolving with Elastic: GetSet Learning

EmPOW: Integrating Attack Behavior Intelligence into Logstash Plugins

Examining OpenData with a Search Index using Elasticsearch

From the trenches: scaling a large log management deployment

Logstash and Maxmind: not just for GEOIP anymore

Elasticsearch's aggregations & esctl in action or how i built a cli tool...

Searching for NLP: Using Elasticsearch to Create MVPs of NLP-enabled User Ex...

Introduction to machine learning using Elastic

Upgrade your attack model: finding and stopping fileless attacks with MITRE A...

Elastic Observability

Guide to Data Visualization in Kibana

Elastic's recommendation on keeping services up and running with real-time vi...

Esctl in action elastic user group presentation aug 25 2020

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Histor y of HAM Radio presentation slide

vu2urc

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Real Time Object Detection Using Open CV

Khem

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Finology Group – Insurtech Innovation Award 2024

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Histor y of HAM Radio presentation slide

GenCyber Cyber Security Day Presentation

Automating Google Workspace (GWS) & more with Apps Script

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Advantages of Hiring UIUX Design Service Providers for Your Business

HTML Injection Attacks: Impact and Mitigation Strategies

A Year of the Servo Reboot: Where Are We Now?

Data Cloud, More than a CDP by Matt Robison

How to Troubleshoot Apps for the Modern Connected Worker

Artificial Intelligence: Facts and Myths

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Real Time Object Detection Using Open CV

What Are The Drone Anti-jamming Systems Technology?

Handwritten Text Recognition for manuscripts and early printed texts

A Domino Admins Adventures (Engage 2024)

Strategies for Landing an Oracle DBA Job as a Fresher

Threat hunting with Elastic APM

1. Threat Hunting with APM Search. Observe. Protect. Ruben Perez (Sr. Solutions Architect @ Elastic) May 28, 2020 sled@elastic.co

2. Distributed Workforce, the New Norm

3. - Monitor software services and applications in real time to make it easier to pinpoint and remedy performance problems, quickly. - Automatically collect unhandled errors and exceptions. - Automatically retrieve basic host-level and agent speciﬁc metrics. Application Performance Monitoring

4. Elastic Enterprise Search Elastic SecurityElastic Observability Kibana Elasticsearch Beats Logstash 3 solutions powered by 1 stack Elastic Stack

5. Business Deployment Abstract Applications VMs/Containers Other DBs, Services & Middleware Orchestration InfrastructureAPM Metrics Logs Uptime Uptime APM Metrics APM Logs APM APM Metrics Logs Uptime Metrics Logs Uptime APM

6. APM Supported Technologies RealUserMonitoring

7. Combine autonomous monitoring with alerts of unknown & defined events. Correlate ML & Watcher with APM view from same screen Reduces the need to toggle between tabs to generate ML jobs or Watcher alerts on events of APM monitored services. Apply APM metadata as filters in different solution views The Elastic solutions all have a variant view of the dataset, but can share APM metadata as filters to cull the view Event Detection

8. Decrease MTTR by sequencing ML and APM analysis APM service(s) driving anomalous event(s) Observe how ML triggered events are inﬂuenced by APM services. Analyze in ML & APM views ML anomalies can contain a hyperlink to the APM analysis view of the service(s) that inﬂuenced the event. ML + APM Analysis

9. Server & service information can assist in securing the network APM Server information can be shared in SIEM Leveraging the same dataset as APM, SIEM can be used to track and identify potential threats to the business Tagging can help reduce MTTR APM data can be tagged for use in the various Elastic solutions, especially SIEM, as a ﬁltration mechanism Highlight unexpected processes Rogue processes or unauthorized access requests can be quickly identiﬁed with APM & SIEM monitoring Threat Hunting with APM

10. APM data can be used by SIEM to perform signal detections Customize signal detection rules for APM data Apply target inﬂuencer(s) of the signal detection leveraging APM metadata Select any MITRE attack models to apply to the signal rule Each MITRE attack model has collection techniques that can be applied Schedule the signal for continued threat hunting Flexibility to select signal detection frequency APM Driven Threat Hunting https://www.elastic.co/campaigns/mitre-attack

11. Show Me Something Search. Observe. Protect.

12. SLED Virtual Group ● Are you interested in learning more about Elastic? ● Do you want to represent your community at the next Elastic Virtual Group? ● Come check out your opportunity to be a leader and have your voice heard: ○ https://community.elastic.co/state-and-local-government-and- education-sled-virtual/ At our next Virtual Group, led by Jenny Morris, we will be learning more about how to Leverage Elastic machine learning features to enhance your security posture.

13. Training Subscriptions Annual pass Year-round learning solution for a named user Training on the go Flexible options include live, virtual and On-Demand training Immersive learning Hands-on, solution-based training Extensive curriculum Classes span the Elastic Stack with new content added regularly Explore all beneﬁts

14. Elastic Use Cases Elastic Enterprise Search Elastic SecurityElastic Observability https://www.elastic.co/customers/

15. Elastic is a Search Company. www.elastic.co Thank you, any questions? Search. Observe. Protect.

Threat hunting with Elastic APM

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Threat hunting with Elastic APM

Similar to Threat hunting with Elastic APM (20)

More from FaithWestdorp

More from FaithWestdorp (18)

Recently uploaded

Recently uploaded (20)

Threat hunting with Elastic APM