SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
Survive the fog of system development! Developers' lives have gotten more complex in the last decade. There is too much to learn and understand now, and you need a co-pilot. Let AIOps be that co-pilot.
In this webinar, we'll share use cases and discuss:
What is AIOps?
Why AI and ML are well-suited for Ops and DevOps
A guide for assessing where to automate
DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully.
Learning Objectives:
1: Identify key principles of DevSecOps and see how it relates to DevOps principles.
2: Analyze common pitfalls and see where integration security takes part in DevSecOps.
3: Demonstrate how to do “Continuous Security” by using a lifecycle approach.
(Source: RSA Conference USA 2018)
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities.
Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey.
He will cover DevSecOps challenges he has faced and how he converted them into opportunities.
He will cover the following as part of the session.
DevSecOps Challenges.
DevSecOps Opportunities.
Converting Challenges into Opportunities.
Quick wins and lessons learned.
… and more useful takeaways!
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...Ed Fernandez
Adoption of ML at scale in the Enterprise, Machine Learning Platforms & AutoML
[1] Definitions & Context
• Machine Learning Platforms, Definitions
• ML models & apps as first class assets in the Enterprise
• Workflow of an ML application
• ML Algorithms, overview
• Architecture of a ML platform
• Update on the Hype cycle for ML & predictive apps
[2] Adopting ML at Scale
• The Problem with Machine Learning - Scaling ML in the
Enterprise
• Technical Debt in ML systems
• How many models are too many models
• The need for ML platforms
[3] The Market for ML Platforms
• ML platform Market References - from early adopters to
mainstream
• Custom Build vs Buy: ROI & Technical Debt
• ML Platforms - Vendor Landscape
[4] Custom Built ML Platforms
• ML platform Market References - a closer look
Facebook - FBlearner
Uber - Michelangelo
AirBnB - BigHead
• ML Platformization Going Mainstream: The Great Enterprise Pivot
[5] From DevOps to MLOps
• DevOps <> ModelOps
• The ML platform driven Organization
• Leadership & Accountability (labour division)
[6] Automated ML - AutoML
• Scaling ML - Rapid Prototyping & AutoML:
• Definition, Rationale
• Vendor Comparison
• AutoML - OptiML: Use Cases
[7] Future Evolution for ML Platforms
Appendix I: Practical Recommendations for ML onboarding in the Enterprise
Appendix II: List of References & Additional Resources
Survive the fog of system development! Developers' lives have gotten more complex in the last decade. There is too much to learn and understand now, and you need a co-pilot. Let AIOps be that co-pilot.
In this webinar, we'll share use cases and discuss:
What is AIOps?
Why AI and ML are well-suited for Ops and DevOps
A guide for assessing where to automate
DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully.
Learning Objectives:
1: Identify key principles of DevSecOps and see how it relates to DevOps principles.
2: Analyze common pitfalls and see where integration security takes part in DevSecOps.
3: Demonstrate how to do “Continuous Security” by using a lifecycle approach.
(Source: RSA Conference USA 2018)
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities.
Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey.
He will cover DevSecOps challenges he has faced and how he converted them into opportunities.
He will cover the following as part of the session.
DevSecOps Challenges.
DevSecOps Opportunities.
Converting Challenges into Opportunities.
Quick wins and lessons learned.
… and more useful takeaways!
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...Ed Fernandez
Adoption of ML at scale in the Enterprise, Machine Learning Platforms & AutoML
[1] Definitions & Context
• Machine Learning Platforms, Definitions
• ML models & apps as first class assets in the Enterprise
• Workflow of an ML application
• ML Algorithms, overview
• Architecture of a ML platform
• Update on the Hype cycle for ML & predictive apps
[2] Adopting ML at Scale
• The Problem with Machine Learning - Scaling ML in the
Enterprise
• Technical Debt in ML systems
• How many models are too many models
• The need for ML platforms
[3] The Market for ML Platforms
• ML platform Market References - from early adopters to
mainstream
• Custom Build vs Buy: ROI & Technical Debt
• ML Platforms - Vendor Landscape
[4] Custom Built ML Platforms
• ML platform Market References - a closer look
Facebook - FBlearner
Uber - Michelangelo
AirBnB - BigHead
• ML Platformization Going Mainstream: The Great Enterprise Pivot
[5] From DevOps to MLOps
• DevOps <> ModelOps
• The ML platform driven Organization
• Leadership & Accountability (labour division)
[6] Automated ML - AutoML
• Scaling ML - Rapid Prototyping & AutoML:
• Definition, Rationale
• Vendor Comparison
• AutoML - OptiML: Use Cases
[7] Future Evolution for ML Platforms
Appendix I: Practical Recommendations for ML onboarding in the Enterprise
Appendix II: List of References & Additional Resources
This is the latest version of the State of the DevSecOps presentation, which was given by Stefan Streichsbier, founder of guardrails.io, as the keynote for the Singapore Computer Society - DevSecOps Seminar in Singapore on the 13th January 2020.
Introduction to DevOps covering:
- Why DevOps
- How to build DevOps Teams in your organization
- Cloud Tools you can use for DevOps (Azure and AWS)
- Legacy Software and DevOps
- What is the Future of DevOps
- People to Follow
My talk about DevOps in Knowit Developer Summit 2018 in Oslo. This talk is a condensed version of the DevOps workshop I run for management teams and technical teams to start their journey as an organization towards DevOps. We refer to DASA DevOps Agile Skills Association's definitions of DevOps. The talk includes also Knowit DevOps Maturity Model high level description.
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterMatt Tesauro
Slide deck from AppSec California 2016 + some additional slides.
Abstract:
How many applications are in your company’s portfolio? What’s the headcount for your AppSec team? Whatever your situation is, I am sure the numbers are not in your favor. Its not time to find a new career, it's time to up your game. This talk will cover how to take your small merry band of AppSec professionals and scale it up to a virtual army. By taking the best of DevOps, Agile and CI/CD, you can iteratively up your AppSec game over time and begin your ascent out of the security hole you are in.
The talk covers real world experiences running AppSec groups at two different companies. Rackspace with approximately 4,000+ employees and Pearson with 40,000+. Both have an international presence and far more apps and developers that AppSec staff. The talk covers the key principles to speed and scale up AppSec programs using an AppSec Pipeline as well as practical examples of these practices put into use. Start early and begin to buy down the technical security dept which feels inevitable with more traditional AppSec program thinking.
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice.
Level: 200
Speaker: Nick Brandaleone - Solutions Architect, AWS
The catalyst for the success of automobiles came not through the invention of the car but rather through the establishment of an innovative assembly line. History shows us that the ability to mass produce and distribute a product is the key to driving adoption of any innovation, and machine learning is no different. MLOps is the assembly line of Machine Learning and in this presentation we will discuss the core capabilities your organization should be focused on to implement a successful MLOps system.
OWASP DefectDojo - Open Source Security SanityMatt Tesauro
Originally given at the project showcase at Global AppSec DC 2019, this talk covered what DefectDojo is, what's new and why you should be using it in your security program.
Using MLOps to Bring ML to Production/The Promise of MLOpsWeaveworks
In this final Weave Online User Group of 2019, David Aronchick asks: have you ever struggled with having different environments to build, train and serve ML models, and how to orchestrate between them? While DevOps and GitOps have made huge traction in recent years, many customers struggle to apply these practices to ML workloads. This talk will focus on the ways MLOps has helped to effectively infuse AI into production-grade applications through establishing practices around model reproducibility, validation, versioning/tracking, and safe/compliant deployment. We will also talk about the direction for MLOps as an industry, and how we can use it to move faster, with more stability, than ever before.
The recording of this session is on our YouTube Channel here: https://youtu.be/twsxcwgB0ZQ
Speaker: David Aronchick, Head of Open Source ML Strategy, Microsoft
Bio: David leads Open Source Machine Learning Strategy at Azure. This means he spends most of his time helping humans to convince machines to be smarter. He is only moderately successful at this. Previously, David led product management for Kubernetes at Google, launched GKE, and co-founded the Kubeflow project. David has also worked at Microsoft, Amazon and Chef and co-founded three startups.
Sign up for a free Machine Learning Ops Workshop: http://bit.ly/MLOps_Workshop_List
Weaveworks will cover concepts such as GitOps (operations by pull request), Progressive Delivery (canary, A/B, blue-green), and how to apply those approaches to your machine learning operations to mitigate risk.
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
DevSecOps without DevOps is Just SecurityKevin Fealey
The best DevSecOps practices are built alongside strong DevOps practices. However, DevSecOps processes and tooling are often decided within a security silo, rather than by a DevSecOps collective. Security ends up more integrated and efficient than in the past, but the approach is still “bolt-on” and not ultimately streamlined.
Collaboration between security and other DevOps groups around roadmaps and sharing of resources can lead to greater efficiency and innovation, while better supporting the value stream.
This talk will discuss foundational considerations when building a DevSecOps practice. You will learn about the top prerequisites for a successful DevSecOps practice – most of which are provided by groups other than security; and we’ll discuss case studies, both from organizations who have embraced DevOps as a foundation for DevSecOps, and those who haven’t. Attendees will walk away with questions to ask their counterparts in DevOps to understand current DevOps maturity and where security can leverage existing and planned DevOps resources to enable effective DevSecOps.
MLOps journey at Swisscom: AI Use Cases, Architecture and Future VisionBATbern
What powers the AI/ML services of Switzerland's leading telecommunication company? In this talk, we will provide an overview of the different AI/ML projects at Swisscom, from Conversational AI and Recommender Systems to Anomaly Detection. Moreover, we will show how we automate, scale, and operationalise these ML pipelines in production, highlighting the MLOps techniques and open source tools that are used. Finally, we will present Swisscom's roadmap towards the cloud with AWS and discuss how we envision a common MLOps solution for the organisation.
Since 2012, leading IT research firm EMA has conducted more than five separate AIOps research projects, including reviews of more than 70 AIOps-related customer deployments. Deep insights into this topic continue with these slides—based on the research webinar--that provide the latest insights into how to best succeed in AIOps deployments and unify IT in the process.
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
A high level introduction to DevOps. Explains what it is, how popular DevOps has become, why DevOps is popular, how DevOps differs from traditional approaches and some next steps to implementation.
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
Agile Network India | Agility Day @Noida | SRE & AIOps | Murugan MuthayanAgileNetwork
Abstract:
Site Reliability Engineering (SRE) and AIOps are two of the most discussed topics in the IT world these days. SRE incorporates Infrastructure and Operation aspects to create scalable and reliable software systems that are highly automatic and self-healing. Artificial Intelligence for IT Operations (AIOps) takes a further step to automate and enhance IT operations by using data analytics and machine learning. This session covers the benefits of SRE & AIOps and how to adapt it.
Key Takeaways:
1. Understand the concepts of SRE & AIOps
2. Understand the importance and benefits of SRE & AIOps
3. How do we adapt to SRE & AIOps?
This is the latest version of the State of the DevSecOps presentation, which was given by Stefan Streichsbier, founder of guardrails.io, as the keynote for the Singapore Computer Society - DevSecOps Seminar in Singapore on the 13th January 2020.
Introduction to DevOps covering:
- Why DevOps
- How to build DevOps Teams in your organization
- Cloud Tools you can use for DevOps (Azure and AWS)
- Legacy Software and DevOps
- What is the Future of DevOps
- People to Follow
My talk about DevOps in Knowit Developer Summit 2018 in Oslo. This talk is a condensed version of the DevOps workshop I run for management teams and technical teams to start their journey as an organization towards DevOps. We refer to DASA DevOps Agile Skills Association's definitions of DevOps. The talk includes also Knowit DevOps Maturity Model high level description.
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterMatt Tesauro
Slide deck from AppSec California 2016 + some additional slides.
Abstract:
How many applications are in your company’s portfolio? What’s the headcount for your AppSec team? Whatever your situation is, I am sure the numbers are not in your favor. Its not time to find a new career, it's time to up your game. This talk will cover how to take your small merry band of AppSec professionals and scale it up to a virtual army. By taking the best of DevOps, Agile and CI/CD, you can iteratively up your AppSec game over time and begin your ascent out of the security hole you are in.
The talk covers real world experiences running AppSec groups at two different companies. Rackspace with approximately 4,000+ employees and Pearson with 40,000+. Both have an international presence and far more apps and developers that AppSec staff. The talk covers the key principles to speed and scale up AppSec programs using an AppSec Pipeline as well as practical examples of these practices put into use. Start early and begin to buy down the technical security dept which feels inevitable with more traditional AppSec program thinking.
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice.
Level: 200
Speaker: Nick Brandaleone - Solutions Architect, AWS
The catalyst for the success of automobiles came not through the invention of the car but rather through the establishment of an innovative assembly line. History shows us that the ability to mass produce and distribute a product is the key to driving adoption of any innovation, and machine learning is no different. MLOps is the assembly line of Machine Learning and in this presentation we will discuss the core capabilities your organization should be focused on to implement a successful MLOps system.
OWASP DefectDojo - Open Source Security SanityMatt Tesauro
Originally given at the project showcase at Global AppSec DC 2019, this talk covered what DefectDojo is, what's new and why you should be using it in your security program.
Using MLOps to Bring ML to Production/The Promise of MLOpsWeaveworks
In this final Weave Online User Group of 2019, David Aronchick asks: have you ever struggled with having different environments to build, train and serve ML models, and how to orchestrate between them? While DevOps and GitOps have made huge traction in recent years, many customers struggle to apply these practices to ML workloads. This talk will focus on the ways MLOps has helped to effectively infuse AI into production-grade applications through establishing practices around model reproducibility, validation, versioning/tracking, and safe/compliant deployment. We will also talk about the direction for MLOps as an industry, and how we can use it to move faster, with more stability, than ever before.
The recording of this session is on our YouTube Channel here: https://youtu.be/twsxcwgB0ZQ
Speaker: David Aronchick, Head of Open Source ML Strategy, Microsoft
Bio: David leads Open Source Machine Learning Strategy at Azure. This means he spends most of his time helping humans to convince machines to be smarter. He is only moderately successful at this. Previously, David led product management for Kubernetes at Google, launched GKE, and co-founded the Kubeflow project. David has also worked at Microsoft, Amazon and Chef and co-founded three startups.
Sign up for a free Machine Learning Ops Workshop: http://bit.ly/MLOps_Workshop_List
Weaveworks will cover concepts such as GitOps (operations by pull request), Progressive Delivery (canary, A/B, blue-green), and how to apply those approaches to your machine learning operations to mitigate risk.
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
DevSecOps without DevOps is Just SecurityKevin Fealey
The best DevSecOps practices are built alongside strong DevOps practices. However, DevSecOps processes and tooling are often decided within a security silo, rather than by a DevSecOps collective. Security ends up more integrated and efficient than in the past, but the approach is still “bolt-on” and not ultimately streamlined.
Collaboration between security and other DevOps groups around roadmaps and sharing of resources can lead to greater efficiency and innovation, while better supporting the value stream.
This talk will discuss foundational considerations when building a DevSecOps practice. You will learn about the top prerequisites for a successful DevSecOps practice – most of which are provided by groups other than security; and we’ll discuss case studies, both from organizations who have embraced DevOps as a foundation for DevSecOps, and those who haven’t. Attendees will walk away with questions to ask their counterparts in DevOps to understand current DevOps maturity and where security can leverage existing and planned DevOps resources to enable effective DevSecOps.
MLOps journey at Swisscom: AI Use Cases, Architecture and Future VisionBATbern
What powers the AI/ML services of Switzerland's leading telecommunication company? In this talk, we will provide an overview of the different AI/ML projects at Swisscom, from Conversational AI and Recommender Systems to Anomaly Detection. Moreover, we will show how we automate, scale, and operationalise these ML pipelines in production, highlighting the MLOps techniques and open source tools that are used. Finally, we will present Swisscom's roadmap towards the cloud with AWS and discuss how we envision a common MLOps solution for the organisation.
Since 2012, leading IT research firm EMA has conducted more than five separate AIOps research projects, including reviews of more than 70 AIOps-related customer deployments. Deep insights into this topic continue with these slides—based on the research webinar--that provide the latest insights into how to best succeed in AIOps deployments and unify IT in the process.
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
A high level introduction to DevOps. Explains what it is, how popular DevOps has become, why DevOps is popular, how DevOps differs from traditional approaches and some next steps to implementation.
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
Agile Network India | Agility Day @Noida | SRE & AIOps | Murugan MuthayanAgileNetwork
Abstract:
Site Reliability Engineering (SRE) and AIOps are two of the most discussed topics in the IT world these days. SRE incorporates Infrastructure and Operation aspects to create scalable and reliable software systems that are highly automatic and self-healing. Artificial Intelligence for IT Operations (AIOps) takes a further step to automate and enhance IT operations by using data analytics and machine learning. This session covers the benefits of SRE & AIOps and how to adapt it.
Key Takeaways:
1. Understand the concepts of SRE & AIOps
2. Understand the importance and benefits of SRE & AIOps
3. How do we adapt to SRE & AIOps?
2011 06 15 velocity conf from visible ops to dev ops finalGene Kim
My presentation called "Creating the Dev/Test/PM/Ops Supertribe: From Visible Ops To DevOps"
2011 Velocity Conference:
http://velocityconf.com/velocity2011/public/schedule/detail/21123
What Are IT Environments, and Which Ones Do You Need?Enov8
Test environments are an essential part of any IT environment, providing a secure space where companies can test new software before releasing it to the public. With careful planning and consideration, you can ensure that your IT environment has all the tools and resources, including the correct test data, needed to run successful tests and ensure the quality of your solutions as they progress through the release cycle.
DevSecOps is a new way to deliver security as part of the Software Supply Chain. It supports a built-in process and faster security feedback loop for DevOps teams.
The 7 deadly sins of Overall Equipment Effectiveness (OEE)Claire Healey
Overall Equipment Effectiveness (OEE) is an effective methodology to help improve the productivity of manufacturing processes and accurately measure true plant productivity. Its measureable components are availability, performance and quality.
Having an automated OEE system can provide
accurate data which can highlight significant
production improvement opportunities. However,
OEE can be complex and there are some pit falls
you should avoid to ensure that your expectations
are met and that a rapid Return On Investment (ROI)
is achieved. Explore the 7 deadly sins of OEE…
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0Joakim Lindbom
Corporations are struggling with overly complex systems and system landscapes. DevOps is presented as one piece of the puzzle to go for much leaner and simpler landscapes - all in order to increase the readiness for change and innovation.
The presentation also discusses the the basic thought error behind organising according to Design-Build-Run, which is the basis for most ICT IM outsourcing.
Beyond the Scrum: Implementing Lean Software Practices in Your OrganizationThoughtWorks Studios
This was a presentation made at the Better Software Conference in June 2009 at Las Vegas. This presentation talks about how you can maximize your team’s throughput, reduce cycle time in your release management process and improve product quality.
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
Similar to SOC Lessons from DevOps and SRE by Anton Chuvakin (20)
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
20 years of SIEM was prepared for the SANS webinar https://www.sans.org/webcasts/anton-chuvakin-discusses-20-years-of-siem-what-s-next/ and offers Anton's reflection on SIEM past and future
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Log management and compliance: What's the real story? by Dr. Anton ChuvakinAnton Chuvakin
Title: Log management and compliance: What's the real story? by Dr. Anton Chuvakin
One of the problems in making an Enterprise Content Management (ECM) strategy work with compliance initiatives is that compliance needs accountability at a very granular level. Consequently, IT shops are turning to log management as a solution, with many of those solutions being deployed for the purposes of regulatory compliance. The language however, regarding log management solutions can sometimes be vague which can lead to confusion. This session will lend some clarity to the regulations that affect log management. Topics will include:
Best practices for how to best mesh compliance ECM and compliance strategies with log management
Tips and suggestions for monitoring and auditing access to regulated content, with a focus on Microsoft Sharepoint logging.
An examination of a handful of the regulations affecting how organizations view log management and information security including The Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, The North American Electric Reliability Council (NERC), HIPAA and the HITECH Act.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
3. A security operations center provides centralized
and consolidated cybersecurity incident
prevention, detection and response capabilities.
Gartner
First Things First: A SOC is Still …
a SOC :-)
SOC is first a team.
Next a process.
And it uses
technology too.
4. 2003 or 2023? Sec Ops is Ripe
for Transformation
We can’t store and analyze
all data, resulting in
blindspots
It’s cost prohibitive to
ingest all the data we need
It takes too long to
investigate alerts
We struggle to build
effective detection and
have too many false
positives/negatives
Our processes are too
manual, we are too slow to
respond to and remediate
threats
We don’t have enough
skilled engineers to make
everything work
6. BARD SAYS: What is the essence
of the DevOps revolution in IT?
DevOps is a set of practices that combines software development
(Dev) and IT operations (Ops). It aims to shorten the systems
development life cycle and provide continuous delivery with high
quality. DevOps is a culture, movement, or practice
that emphasizes the collaboration and communication of both
software developers and other information technology professionals
while automating the process of software delivery and infrastructure
changes.
The DevOps revolution in IT is about breaking down the silos
between development and operations teams and creating a more
collaborative and efficient way of working. It’s about automating
tasks, reducing manual errors, and improving communication and
collaboration.
DevOps can help organizations deliver software faster, more
reliably, and with higher quality. It can also help
organizations reduce costs and improve efficiency.
7. Google vs Enterprise “SecOps”
Problem What does Google do? What do most enterprises do?
Efficiency Automation/SRE is a mindset – part of the hiring
process, part of OKRs, and performance reviews
Experimenting with SOAR, full adoption is tough due
to minimal automation culture
Employee Shortage Requires coding interviews, high pay, attracts the
best, invests in growth
Hires traditional roles, no coding, rarely outsources,
less pay, less growth, more stress
Employee Burnout 40/40/20 between eng, operations, and learning Utilization is almost always >100%
Expensive Investment in efficiency solves for human costs Cost-prohibitive data ingestion, oftentimes paying
SIEM + DIY, increasing $ from complexity
Efficacy TI strongly embedded in D&R, mostly utilized
towards proactive work, strong collaboration across
Alphabet & benefits from developer hygiene
CTI team produces great reports, SOC doing fire
drills, >90% false positive rate, uneven distribution of
skill (Tier 3)
9. Let’s focus on
5 key areas today
Eliminate Toil
Use SLOs
Evolve Automation
Practice Release Engineering
Strive for Simplicity
10. Causes of Toil Less Gathering, More Analysis –
basics to automate
Key Activities To Implement
1. Too much technical debt
2. Priorities or goals are not aligned
3. Lack of training or support
4. Lack of collaboration
5. The business value to fix is too hard to
realize
● Gathering machine information
● Gathering user information
● Process executions
● All context needed to help get to final
(human) judgement
Activity
Train your team on toil & automation
Create an Automation Queue
Implement Blameless Postmortems
Conduct Weekly Incident Reviews
Implement SOAR
Hire Automation Engineer(s)
Implement CD/CR pipelines with metrics
Eliminate Toil
“...manual, repetitive, automatable, tactical, devoid of
enduring value, and that scales linearly as a service grows.”
01
11. ● Analyst utilization gets optimized
● More creative work, less toil
● Time back to do more proactive work
● Deeper operationalization of intel
● SecOps can scale with the business!
Unit
costs
per
event
Evolve
Automation
02
10X is an Underestimate!
12. Use SLOs
Tips, gotchas, and core metrics to consider
03
Core metrics
Metric
event volume
event source counts
pipeline latency
triage time median
triage time at 95%
Incident resolution times
Common metrics (false positives, # of
incidents, etc)
Key tips Gotchas
1. Optimize metrics for optimal value
2. Manage with indicators + objectives
3. Metrics matter (in context)
4. Defeating attackers beats SLOs
5. Choose metrics that actually matter
6. Make your SLO’s open (within your
company)
● Fast =/= better – don’t incentivize
speed, incentivize thoroughness
● More =/= better – solving 5000 cases
manually is not better than automating
of that; #NoHeroes
13. Practice Release Engineering
04
Ad Hoc
Visibility
Significant Development
effort up front to implement
playbooks
Review playbooks when a
major problem occurs
Response
Orchestration
Security
Analytics
Significant Development
effort up front to implement
use cases
Add/Update detections in
response to major new threat
Onboard log sources as part
of major tech transformation
Review logs for new sources
when a problem comes up
Periodic
Quarterly review of playbook
performance and effectiveness
Dev Sprint to update playbooks
Quarterly review of detection efficacy
Update/Deprecate ineffective
detections
Add/Update detections in response to
major threat
Onboard log sources annual or
quarterly planned schedule
Review data monthly for new log
sources and to identify issues/outages
Continuous
Real-time alerts for detection efficacy drift
Update/Deprecate ineffective detections
at point of discovery
Active Threat Monitoring to proactively
identify new threats to build detections for
Onboard new log sources as they are
ready.
Real-time identification of new log sources
or log drops
Automatic creation of alerts for handling
Live Dashboards showing performance
and accuracy metrics for playbooks
Update/Deprecate ineffective playbooks
at point of discovery
Daily Review of SecOps work queues to
identify automation opportunities
14. "Complex systems require substantial human expertise in
their operation and management. This expertise changes in
character as technology changes but it also changes because
of the need to replace experts who leave. In every case,
training and refinement of skill and expertise is one part of the
function of the system itself. At any moment, therefore, a given
complex system will contain practitioners and trainees with
varying degrees of expertise.
Critical issues related to expertise arise from (1) the need to
use scarce expertise as a resource for the most difficult or
demanding production needs and (2) the need to develop
expertise for future use."
Human expertise in complex systems is
constantly changing
Strive for Simplicity
05
One consequence of not striving for simplicity
https://how.complexsystems.fail/
15. Actions
Reduce toil in your SOC -
shift toil to machines
Use SLOs / metrics
to drive change
Evolve automation in SIEM,
SOAR, threat intel, etc
Practice release engineering
for consistent improvement
Strive for simplicity with
processes, technology stack, etc
16. Improvement
The Power of
Continuous
Improvement
Exponential growth happens faster
when compounded more frequently
Organizing your people and processes
around continuous improvement means
more agility and less resources
Periodic improvement strategies leave
capability gaps between sprints Time
17. Resources
“Achieving Autonomic Security
Operations: Reducing toil”
“Achieving Autonomic Security
Operations: Why metrics matter (but
not how you think)”
“More SRE Lessons for SOC:
Release Engineering Ideas”
“Achieving Autonomic Security
Operations: Automation as a Force
Multiplier”
“More SRE Lessons for SOC:
Simplicity Helps Security”
And security operations is definitely ripe for transformation - many of the challenges that secops teams are faced with have been around for years.
Project deep dive
Add speaker notes or “Paste without formatting” (⌘+Shift+V on Mac) to retain this optimal font size for presenting in MP7
Maximum 5-6 bullets per slide
If presenting someplace other than SVL-MP7-Valley Oak, reduce the speaker notes font size
Shelly
Advanced API security is an add on to Apigee which is focused on premium security services.
It helps users design and build secure APIs. As being part of the API management platform, we are embedded in the entire API lifecycle and are able to provide visibility and controls to API security configurations
Operate securely means how do you secure your APIs in runtime. We detect any abuse on your APIs logic or sensitive information and provide in-product dashboards or integration with SIEM for further analysis and alerting.
Lastly, we bring to Apigee the experience we have in Google with security and Machine Learning in order to improve their security posture.
Project deep dive
We went through a significant modernization effort ourselves, especially in the years after the Aurora attack
In 2015, we had minimal automation in place, and there was a high unit cost to managing D&R events
Over the course of years, Alphabet’s estate grew exponentially, but we were able to achieve a 90% level of efficiency, thanks to our program grounded in SRE-based approaches
Through the years, this radical focus on automation freed up time to allow our engineers to focus on higher order events
More creative work, less toil based work
More proactive work and threat hunting
Better consumption, creation, and operationalization of threat intelligence across our workflows
And most importantly, our engineers have significant influence with upstream development teams, where entire classes of threats can be mitigated before it hits the D&R workflow
We’ve taken these learnings and paired them with our commercial capabilities to help our customers transform their SOC