ASA Trial Workshop Slides for Archives NZ [2016-09-28]Ross Spencer
A dry-run of content I wanted to present to an Australian Society of Archivists workshop 21 October 2016.
This trial run was at Archives New Zealand on 28 September 2016.
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...DynamicInfraDays
Slides from Jeff Mitchell's talk "Hiding in Plain Sight: Managing Secrets in a Container Environment" at ContainerDays Boston 2016: http://dynamicinfradays.org/events/2016-boston/programme.html#secrets
Retours d'expériences sur la conception et déploiement d'une architecture complétement multi-cloud pour la solution Omnicloud d'Astrachain (accompagnement par webofmars)
Slides présentées lors du devops DDAY du 18/11/2021
ASA Trial Workshop Slides for Archives NZ [2016-09-28]Ross Spencer
A dry-run of content I wanted to present to an Australian Society of Archivists workshop 21 October 2016.
This trial run was at Archives New Zealand on 28 September 2016.
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...DynamicInfraDays
Slides from Jeff Mitchell's talk "Hiding in Plain Sight: Managing Secrets in a Container Environment" at ContainerDays Boston 2016: http://dynamicinfradays.org/events/2016-boston/programme.html#secrets
Retours d'expériences sur la conception et déploiement d'une architecture complétement multi-cloud pour la solution Omnicloud d'Astrachain (accompagnement par webofmars)
Slides présentées lors du devops DDAY du 18/11/2021
Embracing Culture, Sharing, and Systems from Employee 1.
Reference Article: https://rickmanelius.com/article/employee-1-and-beyond-system-set-checklist
Presented at the Boulder DevOps Presentation Meetup on 11/2019
Can we use data to train Machine Learning models, perform statistical analysis, yet without putting private data on risk? There are tools and techniques such as Federated Learning, Differential Privacy or Homomorphic Encryption enabling safer work on the data.
In this on demand webinar, join Storage Switzerland and Cloudian as we describe three ways cloud storage and on-premises storage can complement each other.
Learn how the new world of multi-cloud storage coupled with scalable on-premises storage can:
* Achieve limitless scalability and seamless capacity expansion
* Enable unified data management across clouds and on-prem
* Consolidate object and file data to a single storage environment
* Reduce costs and eliminate complexity
Advanced Administration, Monitoring and BackupMongoDB
Sailthru has been using MongoDB for 4 years, pushing the system to scale. Maintaining a high degree of client-side customizability while growing aggressively has posed unique challenges to our infrastructure. We have maintained high uptime and performance by using monitoring that covers expected use patterns as well as monitoring that catches edge cases for new and unexpected access to the database. In this session, we will talk about Sailthru's use of MongoDB Management Service (MMS), as well as areas in which we have implemented custom monitoring and alerting tools. I will also discuss our transition from a hybrid backup solution using on-premise hardware and AWS snapshots, to using backups with MMS, and how this has benefited Sailthru.
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned Omid Vahdaty
A while ago I entered the challenging world of Big Data. As an engineer, at first, I was not so impressed with this field. As time went by, I realised more and more, The technological challenges in this area are too great to master by one person. Just look at the picture in this articles, it only covers a small fraction of the technologies in the Big Data industry…
Consequently, I created a meetup detailing all the challenges of Big Data, especially in the world of cloud. I am using AWS & GCP and Data Center infrastructure to answer the basic questions of anyone starting their way in the big data world.
how to transform data (TXT, CSV, TSV, JSON) into Parquet, ORC,AVRO which technology should we use to model the data ? EMR? Athena? Redshift? Spectrum? Glue? Spark? SparkSQL? GCS? Big Query? Data flow? Data Lab? tensor flow? how to handle streaming? how to manage costs? Performance tips? Security tip? Cloud best practices tips?
In this meetup we shall present lecturers working on several cloud vendors, various big data platforms such hadoop, Data warehourses , startups working on big data products. basically - if it is related to big data - this is THE meetup.
Some of our online materials (mixed content from several cloud vendor):
Website:
https://big-data-demystified.ninja (under construction)
Meetups:
https://www.meetup.com/Big-Data-Demystified
https://www.meetup.com/AWS-Big-Data-Demystified/
You tube channels:
https://www.youtube.com/channel/UCMSdNB0fGmX5dXI7S7Y_LFA?view_as=subscriber
https://www.youtube.com/channel/UCzeGqhZIWU-hIDczWa8GtgQ?view_as=subscriber
Audience:
Data Engineers
Data Science
DevOps Engineers
Big Data Architects
Solution Architects
CTO
VP R&D
SecOps Armageddon: A look into the future of security & operationsPhillip Maddux
Presented on November 7, 2018 at Triangle DevOps (https://www.meetup.com/triangle-devops/).
With the continuing evolution of the shift to the cloud and automation, this talk explores what the future might look like for security and operations. Will security and operations be abstracted away, resulting in only developers having jobs?
In this presentation I list and try to answer some useful questions about machine learning, and large-scale machine learning in particular.
I talk about things like what we can and cannot do with ML, do I need a cluster for large-scale ML, what are common problems with ML systems and future directions.
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...DynamicInfraDays
Slides from Jeff Mitchell's talk "The Secure Introduction Problem: Getting Secrets Into Containers" at ContainerDays NYC 2016: http://dynamicinfradays.org/events/2016-nyc/programme.html#secrets
Abstract:
So, it’s got a “tongue-in-cheek” title but what’s it all about?
I think one of the least well appreciated aspects of z/OS and its middleware is the richness of instrumentation it gives you: Here I describe it and just some of the ways you can get value from SMF.
While I'm aware MY concerns might not match YOUR concerns EXACTLY there's much common ground.
I'd like to make you smarter - or appear to be. :-)
Simply Business is a leading insurance provider for small business in the UK and we are now growing to the USA. In this presentation, I explain how our data platform is evolving to keep delivering value and adapting to a company that changes really fast.
Infrastructure - a journey from datacentres to cloudEqual Experts
What is infrastructure, and how do I avoid it forever? Where does the software that runs so much of the world, actually run? In this talk, we look at the terms "infrastructure" and "platform", what they currently mean and how they are built and managed; we rant about how bad a metaphor "The Cloud" is; and we speculate wildly about the future for our servers, our planet and ourselves
5 facets of cloud computing - Presentation to AGBCRaymond Gao
My presentation to AGBC (American German Business Club) on Cloud Computing and Social Causes. How doing non-profit work helps finding and validates Use Cases, the heart of any application, business venture, etc.
eDreams: mayor supervisión de la seguridad con Elastic StackElasticsearch
Descubre cómo eDreams utiliza Elastic Stack para obtener información sobre los usuarios, y cómo está implementando Elastic SIEM y el aprendizaje automático para agilizar la supervisión de la seguridad.
An overview of how recent changes in technology have changed priorities for databases to distributed systems, and how you can preserve consistency in distributed data stores like Riak.
Machine Learning Intro for Anyone and Everyonebigdata trunk
A fun and math free introduction to Machine Learning. It provides a step to step approach for everyone to get started with Machine Learning using Microsoft Azure ML
This was presented at
https://www.siliconvalley-codecamp.com/Session/2017/machine-learning-intro-for-anyone-and-everyone
You can subscribe to our channel and see other videos at
https://www.youtube.com/channel/UCp7pR7BJNnRueEuLSau0TzA
LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...LogDNA
How do you stay up to date in order to build on-premise and cloud offerings deployable anywhere at any time with high availability, regardless of region or cloud provider?
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
More Related Content
Similar to SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the End Nigh?
Embracing Culture, Sharing, and Systems from Employee 1.
Reference Article: https://rickmanelius.com/article/employee-1-and-beyond-system-set-checklist
Presented at the Boulder DevOps Presentation Meetup on 11/2019
Can we use data to train Machine Learning models, perform statistical analysis, yet without putting private data on risk? There are tools and techniques such as Federated Learning, Differential Privacy or Homomorphic Encryption enabling safer work on the data.
In this on demand webinar, join Storage Switzerland and Cloudian as we describe three ways cloud storage and on-premises storage can complement each other.
Learn how the new world of multi-cloud storage coupled with scalable on-premises storage can:
* Achieve limitless scalability and seamless capacity expansion
* Enable unified data management across clouds and on-prem
* Consolidate object and file data to a single storage environment
* Reduce costs and eliminate complexity
Advanced Administration, Monitoring and BackupMongoDB
Sailthru has been using MongoDB for 4 years, pushing the system to scale. Maintaining a high degree of client-side customizability while growing aggressively has posed unique challenges to our infrastructure. We have maintained high uptime and performance by using monitoring that covers expected use patterns as well as monitoring that catches edge cases for new and unexpected access to the database. In this session, we will talk about Sailthru's use of MongoDB Management Service (MMS), as well as areas in which we have implemented custom monitoring and alerting tools. I will also discuss our transition from a hybrid backup solution using on-premise hardware and AWS snapshots, to using backups with MMS, and how this has benefited Sailthru.
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned Omid Vahdaty
A while ago I entered the challenging world of Big Data. As an engineer, at first, I was not so impressed with this field. As time went by, I realised more and more, The technological challenges in this area are too great to master by one person. Just look at the picture in this articles, it only covers a small fraction of the technologies in the Big Data industry…
Consequently, I created a meetup detailing all the challenges of Big Data, especially in the world of cloud. I am using AWS & GCP and Data Center infrastructure to answer the basic questions of anyone starting their way in the big data world.
how to transform data (TXT, CSV, TSV, JSON) into Parquet, ORC,AVRO which technology should we use to model the data ? EMR? Athena? Redshift? Spectrum? Glue? Spark? SparkSQL? GCS? Big Query? Data flow? Data Lab? tensor flow? how to handle streaming? how to manage costs? Performance tips? Security tip? Cloud best practices tips?
In this meetup we shall present lecturers working on several cloud vendors, various big data platforms such hadoop, Data warehourses , startups working on big data products. basically - if it is related to big data - this is THE meetup.
Some of our online materials (mixed content from several cloud vendor):
Website:
https://big-data-demystified.ninja (under construction)
Meetups:
https://www.meetup.com/Big-Data-Demystified
https://www.meetup.com/AWS-Big-Data-Demystified/
You tube channels:
https://www.youtube.com/channel/UCMSdNB0fGmX5dXI7S7Y_LFA?view_as=subscriber
https://www.youtube.com/channel/UCzeGqhZIWU-hIDczWa8GtgQ?view_as=subscriber
Audience:
Data Engineers
Data Science
DevOps Engineers
Big Data Architects
Solution Architects
CTO
VP R&D
SecOps Armageddon: A look into the future of security & operationsPhillip Maddux
Presented on November 7, 2018 at Triangle DevOps (https://www.meetup.com/triangle-devops/).
With the continuing evolution of the shift to the cloud and automation, this talk explores what the future might look like for security and operations. Will security and operations be abstracted away, resulting in only developers having jobs?
In this presentation I list and try to answer some useful questions about machine learning, and large-scale machine learning in particular.
I talk about things like what we can and cannot do with ML, do I need a cluster for large-scale ML, what are common problems with ML systems and future directions.
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...DynamicInfraDays
Slides from Jeff Mitchell's talk "The Secure Introduction Problem: Getting Secrets Into Containers" at ContainerDays NYC 2016: http://dynamicinfradays.org/events/2016-nyc/programme.html#secrets
Abstract:
So, it’s got a “tongue-in-cheek” title but what’s it all about?
I think one of the least well appreciated aspects of z/OS and its middleware is the richness of instrumentation it gives you: Here I describe it and just some of the ways you can get value from SMF.
While I'm aware MY concerns might not match YOUR concerns EXACTLY there's much common ground.
I'd like to make you smarter - or appear to be. :-)
Simply Business is a leading insurance provider for small business in the UK and we are now growing to the USA. In this presentation, I explain how our data platform is evolving to keep delivering value and adapting to a company that changes really fast.
Infrastructure - a journey from datacentres to cloudEqual Experts
What is infrastructure, and how do I avoid it forever? Where does the software that runs so much of the world, actually run? In this talk, we look at the terms "infrastructure" and "platform", what they currently mean and how they are built and managed; we rant about how bad a metaphor "The Cloud" is; and we speculate wildly about the future for our servers, our planet and ourselves
5 facets of cloud computing - Presentation to AGBCRaymond Gao
My presentation to AGBC (American German Business Club) on Cloud Computing and Social Causes. How doing non-profit work helps finding and validates Use Cases, the heart of any application, business venture, etc.
eDreams: mayor supervisión de la seguridad con Elastic StackElasticsearch
Descubre cómo eDreams utiliza Elastic Stack para obtener información sobre los usuarios, y cómo está implementando Elastic SIEM y el aprendizaje automático para agilizar la supervisión de la seguridad.
An overview of how recent changes in technology have changed priorities for databases to distributed systems, and how you can preserve consistency in distributed data stores like Riak.
Machine Learning Intro for Anyone and Everyonebigdata trunk
A fun and math free introduction to Machine Learning. It provides a step to step approach for everyone to get started with Machine Learning using Microsoft Azure ML
This was presented at
https://www.siliconvalley-codecamp.com/Session/2017/machine-learning-intro-for-anyone-and-everyone
You can subscribe to our channel and see other videos at
https://www.youtube.com/channel/UCp7pR7BJNnRueEuLSau0TzA
LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...LogDNA
How do you stay up to date in order to build on-premise and cloud offerings deployable anywhere at any time with high availability, regardless of region or cloud provider?
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
20 years of SIEM was prepared for the SANS webinar https://www.sans.org/webcasts/anton-chuvakin-discusses-20-years-of-siem-what-s-next/ and offers Anton's reflection on SIEM past and future
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Log management and compliance: What's the real story? by Dr. Anton ChuvakinAnton Chuvakin
Title: Log management and compliance: What's the real story? by Dr. Anton Chuvakin
One of the problems in making an Enterprise Content Management (ECM) strategy work with compliance initiatives is that compliance needs accountability at a very granular level. Consequently, IT shops are turning to log management as a solution, with many of those solutions being deployed for the purposes of regulatory compliance. The language however, regarding log management solutions can sometimes be vague which can lead to confusion. This session will lend some clarity to the regulations that affect log management. Topics will include:
Best practices for how to best mesh compliance ECM and compliance strategies with log management
Tips and suggestions for monitoring and auditing access to regulated content, with a focus on Microsoft Sharepoint logging.
An examination of a handful of the regulations affecting how organizations view log management and information security including The Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, The North American Electric Reliability Council (NERC), HIPAA and the HITECH Act.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
The Art of the Pitch: WordPress Relationships and Sales
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the End Nigh?
1. The Future of Log Centralization fo
SIEMs and DFIR
Is the End Nigh?
Dr. Anton Chuvakin
https://medium.com/anton-on-security
https://cloud.withgoogle.com/cloudsecurity/podcast
Office of the CISO, Google Cloud
August 2023
2. Outline
● Logs … still centralized?
○ What worked well?
○ What was always a challenge?
● What changed?
○ So, should we still centralize?
● What does the possible future look like?
5. Time Machine to 2003!
● Log centralization
● Syslog dominates
● Syslog UDP is still cool (in a late
1980s kinda way)
● SIEM does not exist, yet SIM and
SEM do
● Log management is a generic term,
not a market name…
9. Scenario 1 Multi-cloud at Scale
● Big presence in Google Cloud
● Also, big presence in another
cloud
● AND finally, still sizable
present on premise
● Where do the logs go?
10. Scenario 2 Useful Logs, “Useless” Logs
● Megabytes of alerts
● Gigabytes of priority logs
● AND petabytes of information logs
● Now, add observability traces
● Do we centralize … at per GB
price?
11. Scenario 3 Very SaaSy (But not SASE!)
● Lots of SaaS use - CRM, HR,
marketing, etc
● CASB in use
● No data centers
● Do we centralize log at …
eh…well…eh… WHERE?
13. “Will the future be more secure? It'll be just as
insecure as it possibly can, while still
continuing to function. Just like it is today.”
-- Marcus Ranum (in ~early 2000)
14.
15. So You Want to Decentralize?
● How to assure retention?
○ … and impress our “friends”, the auditors!?
○ … and assure evidence availability for IR
● How to normalize?
● How to correlate?
● How to ML?
16. Decisions, Decisions, etc
“Damn the torpedoes, we are centralizing
anyway”
● Compliance mandates (PCI DSS, etc)
● Need guaranteed data retention
● Have a scope of data to normalize
“Hold your horses, we need to think about it”
● Still need to centralize …
● … but not everything
● Centralized/distributed for low stakes data
“Decentralized all the way!”
● Heavy cloud, and especially SaaS use
● No center to centralize into
● Focus on best-effort search
● “Magical” normalization (OCSF)
17. Why Bite the Bullet and CENTRALIZE ANYWAY!?!
● Specific mandate that says “centralize logs”
○ Centralize does not mean ONE place.
● Contractual pressure to have logs available in 100%
cases
○ “If you need it done, you do it yourself!”
● Cost effective (=cloud-native) tool is available to store
logs … and not pay “per GB”...
● Don’t pay for 4 copies of the same data…
21. Recommendations
● Stick to centralized approach to logs/data that you alert on or
analyze directly
○ Use cloud-native, SaaS SIEM platform for this
● Be ready for the world where you cannot centralize all logs in one
place
○ Start reviewing the tools that support distributed queries over
decentralized stores
○ Beware of their inherent limitations, however
● Long term, assume centralized/decentralized model for log
analysis
22. Resources
● “Log Centralization: The End Is Nigh?”
● “Anton Chuvakin Discusses “20 Years of SIEM – What’s Next?”” SANS
webinar
● “20 Years of SIEM: Celebrating My Dubious Anniversary” blog
● “On “Output-driven” SIEM” blog (2012)
● “Anton and The Great XDR Debate, Part 1”
● … and of course https://medium.com/anton-on-security
● and https://cloud.withgoogle.com/cloudsecurity/podcast/
Namely, this one: https://gartner.com/document/4017131… that says "Federated security log management (SLM) is emerging as an alternative to centrally collecting logs."
https://medium.com/anton-on-security/log-centralization-the-end-is-nigh-b28efaa98379
Let’s go through a few basic examples. The very example that inspired that line of thinking involved multi-cloud. If you are present in multiple public cloud providers, and present there at scale, it is very likely that you are NOT collecting logs into one place in one cloud. Various complexities, egress costs, storage costs all play into this becoming a questionable decision for most organizations. So you perhaps centralize per cloud, but what if we include SaaS services into this? Then it becomes an even bigger mess, as most large organizations use 100s of those.
https://medium.com/anton-on-security/log-centralization-the-end-is-nigh-b28efaa98379
Another trivial example refers to the log types that are useful for investigations or in bulk, but where each individual record is unlikely to be used for detection. For example, I’ve noticed that many organizations don’t collect and retain DHCP logs (of course, Chronicle customers do!). They fail to do it not because these logs are not useful (they are very useful as context), but because they don’t use them for any direct detections, and thus see them as “too costly to centralize” (especially if their SIEM vendor charges per EPS…).
https://medium.com/anton-on-security/log-centralization-the-end-is-nigh-b28efaa98379
Another trivial example refers to the log types that are useful for investigations or in bulk, but where each individual record is unlikely to be used for detection. For example, I’ve noticed that many organizations don’t collect and retain DHCP logs (of course, Chronicle customers do!). They fail to do it not because these logs are not useful (they are very useful as context), but because they don’t use them for any direct detections, and thus see them as “too costly to centralize” (especially if their SIEM vendor charges per EPS…).
https://www.query.ai/federated-search/
“Open federated search retrieves information from across vendor solutions and environments. It uses API integrations with third parties to perform a unified search across the data sources that are participating in the federation, and it does this without requiring data transfer or centralization. This approach also provides the flexibility to choose and integrate the best-of-breed security solutions vs having a single-vendor lock-in.”
https://www.query.ai/wp-content/uploads/2023/05/QWP-002_Evaluating-Federated-Search-for-Security.pdf