Log Management 'Worst Practices' - log management tool from planning to deployment to operation. All the mistakes to avoid! All the pitfalls to skip! This was given at SANS Lunch and Learn a few times.
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
20 years of SIEM was prepared for the SANS webinar https://www.sans.org/webcasts/anton-chuvakin-discusses-20-years-of-siem-what-s-next/ and offers Anton's reflection on SIEM past and future
I was invited to give a vendor sponsored talk at Blackhat USA 2017 on how to use agile methods to improve and extend the capabilities of a SOC (Security Operations Center).
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
Shift Left Security - The What, Why and HowDevOps.com
The shift left approach in DevOps moves software testing earlier in its lifecycle to prevent defects early in the software delivery process. How can developers use this approach to ensure security? Josh Thorngren, VP of Marketing at Twistlock, will explain what it means to shift left, and share five steps to ensure a successful transition to a shift left approach with DevOps.
Join this webinar to learn:
Best practices in adopting a successful shift to the left
How ‘shifting left’ promotes security
How developers are the new security guards in protecting company information
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
20 years of SIEM was prepared for the SANS webinar https://www.sans.org/webcasts/anton-chuvakin-discusses-20-years-of-siem-what-s-next/ and offers Anton's reflection on SIEM past and future
I was invited to give a vendor sponsored talk at Blackhat USA 2017 on how to use agile methods to improve and extend the capabilities of a SOC (Security Operations Center).
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
Shift Left Security - The What, Why and HowDevOps.com
The shift left approach in DevOps moves software testing earlier in its lifecycle to prevent defects early in the software delivery process. How can developers use this approach to ensure security? Josh Thorngren, VP of Marketing at Twistlock, will explain what it means to shift left, and share five steps to ensure a successful transition to a shift left approach with DevOps.
Join this webinar to learn:
Best practices in adopting a successful shift to the left
How ‘shifting left’ promotes security
How developers are the new security guards in protecting company information
Azure Sentinel is Microsoft cloud-native SIEM and SOAR. Say goodbye to 6 months SIEM solution setup and architecture - get started with visibility on you environement just now, and use the rich ecosystem of connectors to extend intelligence to your complete security suite.
The presentation will describe methods for discovering interesting and actionable patterns in log files for security management without specifically knowing what you are looking for. This approach is different from "classic" log analysis and it allows gaining an insight into insider attacks and other advanced intrusions, which are extremely hard to discover with other methods. Specifically, I will demonstrate how data mining can be used as a source of ideas for designing future log analysis techniques, that will help uncover the coming threats. The important part of the presentation will be the demonstration how the above methods worked in a real-life environment.
It’s a fair question and one that is compounded by the convergence we see happening across many categories within cybersecurity. Security operations teams have a broad spectrum of choices from pure-play security orchestration and automation platforms to traditional SIEMs that are adding orchestration capabilities.
Visit - https://siemplify.co/blog/do-i-need-a-siem-if-i-have-soar/
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConTom Stiehm
DevSecOps adds on the DevOps by making Application Security part of the daily workflow of the team in order to improve the quality and security of a product. Shift AppSec practices left is the key enabler to making AppSec a first-class citizen in the development effort rather than an afterthought with limited ability to be successful.
Get advice from security gurus on how to get up & running with SIEM quickly and painlessly. You'll learn about log collection, log management, log correlation, integrated data sources and how-to leverage threat intelligence into your SIEM implementation.
SentinelOne was founded in 2013 by an elite group of cybersecurity and defense experts who share a strong passion for disruption, and a clear vision for a path forward in a post-antivirus era. Building on their experiences learned at Check Point Software Technologies, IBM, Intel Security, Palo Alto Networks, and White Hat Security, the team is committed to the mission of defeating advanced cyber threats and instilling confidence in our digital way of life.
Find out more at https://sentinelone.com
Presentation from Agile Base Camp 2 conference (Kiev, May 2010) and AgileDays'11 (Moscow, March 2011) about one of the most useful engineering practices from XP world.
DevOps is an increasingly useful tool for achieving business objectives, enabling your teams to work together to improve the efficiency and quality of software delivery. However, despite its growing popularity, there is still a lack of clarity over what DevOps actually means, how organizations should do it and what's the best way to get started.
DevOps 101 takes a brief look at the history of DevOps, why it started, what problems it is intended to solve and how you can start implementing it.
The slides were delivered by James Betteley, Head of Education at the DevOpsGuys in a one-hour webinar. The full recording is available here - https://youtu.be/4gC3WpbetKs?t=2s
James has spent the last few years neck-deep in the world of DevOps transformation, helping a wide range of organizations optimize the way they collaborate to deliver better software, faster. James was joined by Elizabeth Ayer, Portfolio Manager, from Redgate Software. Elizabeth looks after a range of Redgate products that help teams extend their DevOps practices to SQL Server databases.
For more information visit www.devopsguys.com and www.red-gate.com
Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin
The presentation will discuss how to bring order (in the form of standards!) to the chaotic world of logging.
It will give a brief introduction to logs and logging and explain how and why logs grew so chaotic and disorganized.
Next it will cover why log standards are sorely needed.
It will offer a walk-through that highlights the critical areas of log standardization. Current standard efforts will be discussion.
Finally, the presentation will cover a few of the emerging and yet-to-emerge trends related to logging and log management.
Azure Sentinel is Microsoft cloud-native SIEM and SOAR. Say goodbye to 6 months SIEM solution setup and architecture - get started with visibility on you environement just now, and use the rich ecosystem of connectors to extend intelligence to your complete security suite.
The presentation will describe methods for discovering interesting and actionable patterns in log files for security management without specifically knowing what you are looking for. This approach is different from "classic" log analysis and it allows gaining an insight into insider attacks and other advanced intrusions, which are extremely hard to discover with other methods. Specifically, I will demonstrate how data mining can be used as a source of ideas for designing future log analysis techniques, that will help uncover the coming threats. The important part of the presentation will be the demonstration how the above methods worked in a real-life environment.
It’s a fair question and one that is compounded by the convergence we see happening across many categories within cybersecurity. Security operations teams have a broad spectrum of choices from pure-play security orchestration and automation platforms to traditional SIEMs that are adding orchestration capabilities.
Visit - https://siemplify.co/blog/do-i-need-a-siem-if-i-have-soar/
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConTom Stiehm
DevSecOps adds on the DevOps by making Application Security part of the daily workflow of the team in order to improve the quality and security of a product. Shift AppSec practices left is the key enabler to making AppSec a first-class citizen in the development effort rather than an afterthought with limited ability to be successful.
Get advice from security gurus on how to get up & running with SIEM quickly and painlessly. You'll learn about log collection, log management, log correlation, integrated data sources and how-to leverage threat intelligence into your SIEM implementation.
SentinelOne was founded in 2013 by an elite group of cybersecurity and defense experts who share a strong passion for disruption, and a clear vision for a path forward in a post-antivirus era. Building on their experiences learned at Check Point Software Technologies, IBM, Intel Security, Palo Alto Networks, and White Hat Security, the team is committed to the mission of defeating advanced cyber threats and instilling confidence in our digital way of life.
Find out more at https://sentinelone.com
Presentation from Agile Base Camp 2 conference (Kiev, May 2010) and AgileDays'11 (Moscow, March 2011) about one of the most useful engineering practices from XP world.
DevOps is an increasingly useful tool for achieving business objectives, enabling your teams to work together to improve the efficiency and quality of software delivery. However, despite its growing popularity, there is still a lack of clarity over what DevOps actually means, how organizations should do it and what's the best way to get started.
DevOps 101 takes a brief look at the history of DevOps, why it started, what problems it is intended to solve and how you can start implementing it.
The slides were delivered by James Betteley, Head of Education at the DevOpsGuys in a one-hour webinar. The full recording is available here - https://youtu.be/4gC3WpbetKs?t=2s
James has spent the last few years neck-deep in the world of DevOps transformation, helping a wide range of organizations optimize the way they collaborate to deliver better software, faster. James was joined by Elizabeth Ayer, Portfolio Manager, from Redgate Software. Elizabeth looks after a range of Redgate products that help teams extend their DevOps practices to SQL Server databases.
For more information visit www.devopsguys.com and www.red-gate.com
Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin
The presentation will discuss how to bring order (in the form of standards!) to the chaotic world of logging.
It will give a brief introduction to logs and logging and explain how and why logs grew so chaotic and disorganized.
Next it will cover why log standards are sorely needed.
It will offer a walk-through that highlights the critical areas of log standardization. Current standard efforts will be discussion.
Finally, the presentation will cover a few of the emerging and yet-to-emerge trends related to logging and log management.
The Use of Formal Methods on the iFACTS Air Traffic Control ProjectAdaCore
The next talk in our series from the recent Open-DO Conference is from Neil White,Principal Engineer with Altran Praxis. His talk provides an overview of the formal methods used on the iFACTS project. iFACTS is delivering increased Air Traffic Control capability to the UK.
Dominique Cerutti : Leading the disruptions | Zinnov Confluence '16 MunichZinnov
Keynote delivered by Dominique Cerutti, CEO Altran
While the emergence of AI announces a new wave of breakthrough technologies and innovations which will shake up industries organizations and operations, Dominique Cerutti will explore in his speech the different strategic orientations that industry leaders must envisage to manage innovation in their organizations. How to drive and organize a variety of ER&D activities and focus on value adding areas? Which type of partners and engagement policies shall be set up to leverage on the new opportunities revealed by the disruptions ahead?
Simon Best : Change, disruption and opportunity | Zinnov Confluence '16 MunichZinnov
Keynote delivered by Simon Best, Head of New Business, CIS, Airbus Defence & Space
Technology evolution is relentless yet increasingly incremental – often leading to shorter windows of business opportunity per investment. Companies therefore need to be ever more agile to continuously evolve their core products, explore new areas and know when and where to shift to capture new opportunities. Many companies have a wealth of capabilities and through a mix of knowing their strengths, promoting agility and business adventure, they can find new competitive edges.
Dr David Soldani : Leading the disruptions | Zinnov Confluence '16 MunichZinnov
Keynote delivered by David Soldani, Global Head 5G Technology, Nokia
Introduction of the most important use cases, within the three agreed usage scenarios, and spotlights on different regions. Why Nokia is the right choice for carriers and enterprises, and disclose the fundamental enabling technologies towards a new digital revolution. The talk concludes with an overview of global 5G plans and milestones, with special focus on the 3GPP standardization framework.
Information Security assessment of companies in Germany, Austria and Switzerland, February 2015.
Every day critical security incidents show the drastic extent of "successful" cyber attacks for organizations in terms of monetary and material loss. With increasing use of digital technologies and the growing spread of mobile and IoT cyber security is becoming a key factor for companies’ successful digital transformation. To analyze current challenges, trends and maturity of companies state of information security, Capgemini Consulting DACH conducted a survey in Germany, Austria and Switzerland. The 2014 Information Security Benchmarking Study shows that information security is insufficiently embedded in most companies‘ business strategy and operations to effectively safeguard organizations against current cyber threats.
https://www.de.capgemini-consulting.com/resources/information-security-benchmarking
Companies moving workloads to the AWS Cloud may look for additional help maintaining PCI Compliance, improving workload visibility, and creating consistent security across their IT environment. Palo Alto Networks’ VM-Series with GlobalProtect helps organizations segment and monitor network traffic coming from thousands of remote data collection devices, helping them ensure PCI Compliance. Join our upcoming webinar to hear Palo Alto Networks and AWS discuss best practices for creating consistent security across hybrid IT environments using VM-Series with GlobalProtect, and how Warren Rogers leveraged it to help achieve PCI Compliance. Leverage VM-Series as a subscription through the AWS Marketplace or as a Bring-Your-Own-License to exert positive control over applications, prevent threats within your application flows, and provide consistent security to your IT environment.
Join us to learn:
• Best practices for enabling application-level segmentation policies for services like Amazon Virtual Private Clouds
• How to help protect your AWS workload deployment from cyber threats while maintaining data segmentation
• How Warren Rogers implemented policies to control and monitor user activity within each defined group
Who Should Attend:
Directors, Security Managers, Security Engineers, Security Architects, IT System Administrators, System Administrators, IT Administrators, IT Managers, IT Architects, IT Security Engineers, Business Decision Makers
New technologies and new features and functionalities will make automotive lighting a $27.7 billion market by 2021 (and an exciting one at that)!
AUTOMOTIVE LIGHTING IS GROWING FAST ($27.7B IN 2021) BY INCREASING ITS DESIGN USES AND PROVIDING NEW FUNCTIONALITIES
With the recent integration of LED technology, lighting has evolved from a basic, functional feature to a distinctive feature with high-value potential in automotive. Indeed, LED technology has given manufacturers the opportunity for strong differentiation via lighting design and additional functionalities. This is particularly true for exterior lighting, but it is also spreading to interior lighting. These changes are heavily impacting the supply chain, with new suppliers and a new value chain emerging.
In 2015, the automotive lighting market totaled nearly $22.4B, up 5.4% from 2014. This growth was driven by increased lighting system content per vehicle and a more favorable product mix driven by strong adoption of LED-based front lighting systems. Indeed, headlamp and Day Running Light (DRL) systems represented 43% and 28% of total 2015 revenue, respectively. Other lighting systems (i.e. Rear Combination Light/Center High-Mounted Signal Light, interior light, and side turn-signal light) comprised the remaining 29% of 2015 revenue. The automotive lighting market will continue growing, reaching a market size of almost $27.7B by 2021 - +23.7% compared to 2015, and driven by different growth areas:
Short-term: increased LED technology penetration rate into different automotive lighting applications/systems, and increased lighting content per vehicle.
Middle/long-term: potential integration of new lighting technologies like OLED and laser, development of Advanced Front Lighting Systems (AFLS) and other security functions, and incredible developments employing lighting as a new design feature.
This report presents all automotive lighting applications and the associated market revenue for the period 2013 - 2021, with details concerning drivers and challenges, integration status of different lighting technologies and systems, recent trends, and market size per application.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
Brief overview of SIEM / log management technology era, technology and business drivers for better network security and visibility with log management and SIEM solutions, some selected players from DSS portfolio.
Build an Information Security StrategyAndrew Byers
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
"You Got That SIEM. Now What Do You Do?" by Dr. Anton ChuvakinAnton Chuvakin
"You Got That SIEM. Now What Do You Do?" by Dr. Anton Chuvakin
Many who acquired SIEM tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful.Here you can learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course!
So You Got That SIEM. NOW What Do You Do? by Dr. Anton ChuvakinAnton Chuvakin
So You Got That SIEM. Now What Do You Do? Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin)
Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive."
So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful?
At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course! As a bonus track, how to revive a FAILED SIEM deployment you inherited at your new job will be discussed.
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinAnton Chuvakin
Title: Enterprise Logging and Log Management: Hot TopicsDate & Time: Thursday, April 1, 2010, 11:00am Eastern Capturing log information is critical to IT organizations for many reasons, including for security incident detection and response, and for compliance with numerous regulations and standards. Join one of the foremost experts on log management, Dr. Anton Chuvakin, as we discuss enterprise logging challenges and issues.
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with AnalyticsWSO2
We are at the dawn of digital businesses that are re-imagined to make the best use of digital technologies, such as automation, analytics, cloud, and integration. These businesses are efficient, are continuously optimized, proactive, flexible and are able to understand customers in detail. This slide deck explores how the WSO2 analytics platform plays a role in your digital transformation journey.
Stream Computing is an advanced analytic platform that allows user-developed applications to quickly ingest, analyze and correlate information as it arrives from thousands of real-time sources. The solution can handle very high data throughput rates, up to millions of events or messages per second.
Building Service Intelligence with Splunk IT Service Intelligence (ITSI) Splunk
Providing transformational impact and insight into key business services while maintaining operational oversight is often difficult in organizations. To effectively communicate business value and alignment organizations must find new methods to bridge the gap between business and operations. This half-day hands on workshop demonstrates how customers can quickly gain insight into high-value services while aligning business and IT Operations using Splunk’s IT Service Intelligence solution. By leveraging the machine data you are already collecting the exercise provides a transformational method to model high-value services and rapidly build custom visualizations and dashboards. From executive leaders to administrators these personalized service-centric views provide powerful analytics and machine learning to transform service intelligence across your organization.
Come experience how you can transform service intelligence in your organization.
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...Chris Miller
Things WILL get VERY technical when two experts face-off in a unique session that explores polar perceptions regarding various types of logs, verbosity levels, data extraction, responses for alerts, and more. Be it Domino, Sametime, or Traveler operating on-prem. or in Hybrid and Cloud environments, it is vital to have an understanding of log data structure, what is (or isn't) logged and why, and how to search logs effectively. But aren't there ways to find your information without having to pipe everything into the log? Where does one's best practice end and another's begin? From this collision of opposing viewpoints and real-world stories, you'll take away knowledge and tools ready to deploy to various scenarios, products, and log types.
Rodney Dowell, Director of Lawyers Concerned for Lawyers, and I did a 60 minute presentation on basic issues in starting and running a law firm for the Massachusetts Bar Association.
Single Source of Truth for Network AutomationAndy Davidson
The importance of building a single source of truth for information within your organisation, when you embark upon a network automation project. Simply automating router configuration steps is not "network automation".
Information processing and analytics cannot be focused only on “store-first” or batch-based approaches. To provide maximum business value, information must also be analyzed closer to the source, and at the speed in which it is being created. Streaming analytics utilizes various techniques for intelligently processing data as it arrives at the edge or within the data center, with the purpose of proactively identifying threats or opportunities for your business.
Similar to Anton's Log Management 'Worst Practices' (20)
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
Log management and compliance: What's the real story? by Dr. Anton ChuvakinAnton Chuvakin
Title: Log management and compliance: What's the real story? by Dr. Anton Chuvakin
One of the problems in making an Enterprise Content Management (ECM) strategy work with compliance initiatives is that compliance needs accountability at a very granular level. Consequently, IT shops are turning to log management as a solution, with many of those solutions being deployed for the purposes of regulatory compliance. The language however, regarding log management solutions can sometimes be vague which can lead to confusion. This session will lend some clarity to the regulations that affect log management. Topics will include:
Best practices for how to best mesh compliance ECM and compliance strategies with log management
Tips and suggestions for monitoring and auditing access to regulated content, with a focus on Microsoft Sharepoint logging.
An examination of a handful of the regulations affecting how organizations view log management and information security including The Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, The North American Electric Reliability Council (NERC), HIPAA and the HITECH Act.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
7. Log Management Process Files, syslog, other Immutable Logs Secure Share Collect SNMP, Email, etc Alert Search, Report and Analytics Store Search Report Make Conclusions “ As needed “ basis