@siscaleus linked.com/company/siscale ... · devops designing, implementing and maintaining...
TRANSCRIPT
![Page 1: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/1.jpg)
Your AIOps Adoption Partner
www.siscale.com
@siscaleus
linked.com/company/siscale
facebook.com/siscaleai
![Page 2: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/2.jpg)
2Siscale Areas of Expertise
We augment your existing security team at a lower cost than your payroll and we leverage Big Data analytics and automation technologies for security ops. We give you customized machine learning solutions for specific data sets across your assets on premise or in the cloud
Security
We help you manage your ever growing streams of data while gathering actionable insights for data monetization. Gain full visibility within your infrastructure and enable faster and more efficient analysis.
Visibility and Performance
We solve the problem of siloed data residing in infrastructure or applications with a custom approach that truly gives you business insights across the full stack.
Big Data and Analytics
We help you choose a suitable cloud-based service provider for your business, ensure a smooth transition from a traditional data center and fast implementation. Our solutions accelerate your time to market and reduce your cost.
Cloud
We help you incrementally deploy AIOps across the four phases of IT operations-oriented machine learning: visualization and statistical analysis, automated pattern discovery, pattern based prediction, and root cause analysis.
AIOps
Data monetization / Talent / Reduced costs
![Page 3: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/3.jpg)
Challenge
AIOps Adoption
Benefits
Gain value through centralized data and improve key metrics like mean time to response and mean time to resolution.
Become more agile, responsive and efficient by applying automated analysis to your IT data.
Efficiency
Deliverables/Outcomes
SecurityLeverage Machine Learning capabilities and move away from a reactive to a proactive security approach.
Enhance Your SIEM
Transform your IT operations
Enable IT teams to focus more on analysis and optimization by taking tedious manual tasks out of their hands and into automated processes.
Siloed Data
Enabling IT Leaders for Performance Siscale and Elastic Unique Capabilities
Automation
Data Monetization
![Page 4: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/4.jpg)
AIOps: Changing How Businesses Manage IT
We combine big data and AI/ML to enhance and even replace IT operations processes/tasks. Especially monitoring and automation. With proven use cases.
How does Siscale deliver this?
You access the insight and revenue potential of big data. You are more productive, you
move faster, you pay less and your team has more time for the big picture.
The value of AIOps
We know the infrastructure and build on it incrementally. We deliver high quality you can actually afford. We are able to map solutions for your custom business process flowDid we mention proven use cases?
How are you different?
Visualisation and statistical analysisAutomated pattern discovery
Pattern based predictionRoot cause analysis
Recommendations and action
What, more precisely?
Cloud migration
Siloed data
Multiple
vendors
��Noise
I wish I knew earlier
Data overload
�
�
�
IT performance
issuesTo
o
expen
sive
Is there a problem? Why does this happen?
We don’t have data scientists
![Page 5: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/5.jpg)
Journey to AIOps
Dat
a m
onet
izat
ion/
bus
ines
s gr
owth
Steps to implement AIOps
AIOps Roadmap Model
Readiness
POC
Big Data/ML Use cases
Production
Implement/Optimize
Analytics
Islands of automation
AIOps
EducationAdoption
Interdomain automation
Custom ML specific to customer use cases
![Page 6: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/6.jpg)
Your AIOps Adoption Partner
Automated Root Cause Analysis with Elastic Stack
![Page 7: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/7.jpg)
● Designing, integrating and server, storage, network and security for supporting cloud native apps
● Combine solutions to avoid vendor lock-in
● Certified engineers at the highest level on all infrastructure technologies
Infrastructure
7Who we are and what we do?
● Integrate development and operations teams through the adoption of cloud-native technologies
● Full visibility and automation on top of data warehousing solutions
DevOps
● Designing, Implementing and Maintaining Security Analytics for increasing security operations efficiency through automation
● Automation capabilities for improved security
● Augment your existing security team
Security● Talented engineers blazing the
trail for ML and Automation solutions in IT
● Siscale certifies first engineers as experts in Elastic solutions, providing consulting expertise in DevOps, IT infrastructure and Security
● We contribute to the next wave of productivity in IT by helping customers with AIOps adoption, developing custom solutions on top of Elastic Stack
![Page 8: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/8.jpg)
8Winning the race for efficiency in IT
● Siloed teams (Lack of insight across the stack) : DB, Infrastructure, Security, Monitoring Tools, missing CMDB
● Need for fast response and proactiveness
● Multiple simultaneous reasons for failure
● Lots of Logs but not used (properly)
Challenges:
● Reduce Response time through Automation and Algorithms
● Unify Teams through Data using Elastic Stack
● Precision at investigation with Neural Networks (Tensorflow)
● Leverage existing Elastic Stack install base
RCA Enables:
![Page 9: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/9.jpg)
Siscale RCA Implementation
�
�
�
�
�
�
�
�
��
Data Sources (API, Logs, Beats, Anything)
Event1: Root CauseEvent2: Root CauseEvent3: False PositiveEvent4: False PositiveEvent5: False PositiveEvent6: Root Cause
Event1: False PositiveEvent2: Root CauseEvent3: False PositiveEvent4: False PositiveEvent5: False PositiveEvent6: False Positive
9
![Page 10: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/10.jpg)
Your AIOps Adoption Partner
Brute force attack prevention with Elastic Stack
![Page 11: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/11.jpg)
The simplest attacks can have the biggest impact
● Access to critical infrastructure devices
● Creating shadow accounts
● Access to sensitive data
● Can stop business critical services and applications
● Can carry DDoS attacks
● Block user accounts
Consequences
● Requires little effort to use
● Can be carried out by anyone
● Relies on user negligence
Brute Force Attack
![Page 12: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/12.jpg)
From attack initiation to first response in less then a minute with Elastic
Your infrastructureElastic Stack - collects infrastructure events
Elastic Machine Learning detects the high number of failed logins
Watcher
Notifies security team
Initiates command to block the source IP
of the attacker
![Page 13: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/13.jpg)
Your AIOps Adoption Partner
POC - Elastic Stack
![Page 14: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/14.jpg)
Project Milestones - Elastic Stack POC Security Analytics
14
1 2 3 4
Setup
● POC design● Production design
recommendations● Elastic Stack implementation● Elastic-security implementation
Assessment & Initiation
● Scope validation● Team onboarding● Infrastructure
readiness
Analytics
● Data injection● Data transformation● Data presentation● Use Cases Implementation
POC Readout
● Validating Use Cases● Documentation● Production Deployment● Recommendations
• Log ingestion with platform agents (Beats)• Restrict user access based on role (X-Pack
Security)• Potentially compromised account (X-Pack ML)• Automated notifications for security events
(X-Pack Watcher)• Correlate distinct log sources into a single alert
(Logstash)• Dashboards (Visual builder/Vega/Other plugins)• Potential system compromise (X-Pack ML)• Repeated offender (X-Pack ML)• Automate activity initiation on a system based
on a certain event (X-Pack Watcher)• Queue and track security events (Logstash/API)• Haversine function applied on authentication
logs (X-Pack ML)
Use case examples:
*$25,000.00 including travel
![Page 15: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/15.jpg)
Elastic Stack Security Analytics PoC – Success Stories
Urgent care provider with offices in NY, NJ and WA with over 2,500 employees. Agile
and fast with continuous mergers and integrations.
Publishing company based in New York with over 5,000 employees. Globally spread data centers with on-premise,
cloud and hybrid infrastructure.
Challenges:• Need of a Security Analytics solution to serve as a
Forensics and Compliance tool• Lack of specialized staff for handling security
operations• Fast-integration and visibility of new IT
environments as a result to acquisitions
Challenges :• Need for Centralized Log Aggregation• Lack of Security Analytics/Threat Hunting Solution • Siloed organization handling infrastructure• Automation
X-Pack 5 nodes-Security AnalyticsX-Pack 32 nodes-Security Analytics / Log
Agg / APM
• Reference architecture for POC• Production architecture recommendation• POC artifacts Scripted/DevOps
Installation/Scaling• Dynamic data ingestion support with reusable
ingestion pipelines• 100% POC use cases validated• IT staff augmentation with data insight
![Page 16: @siscaleus linked.com/company/siscale ... · DevOps Designing, Implementing and Maintaining Security Analytics for increasing ... We contribute to the next wave of productivity in](https://reader035.vdocuments.us/reader035/viewer/2022070714/5ed4513934baa90fdf050e3a/html5/thumbnails/16.jpg)
Security Analytics PoC Results
Focus on relevant events and enable
fast response
Ingest any data source
Automatically initiate activity on another
system
Empower your data with machine
learning
Gain insights into separate data
sources
On the fly dashboards
Unify segregated
data
Collect data from any API based system
Automated file ingestion
Industry standard RBAC
security
Complex alerts
Fast response