Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Elastic{ON} Tour D.C. - Tackling Cyber with RockNSM

Elastic Co
October 27, 2017
Technology
0
2.4k

Elastic{ON} Tour D.C. - Tackling Cyber with RockNSM

Elastic{ON} Tour D.C. - October 26, 2017

Cyber is a human versus human problem. RockNSM covers your data gaps and delivers information to your humans so they can find the adversary.

Derek Ditch Missouri Army National Guard

Elastic Co

October 27, 2017
Tweet

More Decks by Elastic Co

See All by Elastic Co
Les Vendredis noirs : même pas peur ! - Breizhcamp
elastic
15
780
Confoo Montreal: Ingest node: enriching documents within Elasticsearch
elastic
16
810
Elastic{ON} 2018 - Sipping from the Firehose: Scalable Endpoint Data for Incident Response
elastic
6
4.2k
Elastic{ON} 2018 - A Security Analytics Platform for Today
elastic
3
11k
Elastic{ON} 2018 - The State of Geo in Elasticsearch
elastic
7
12k
Elastic{ON} 2018 - Reliable by design - Applying formal methods to distributed systems
elastic
5
4.7k
Elastic{ON} 2018 - Bigger, Faster, Stronger - Leveling Up Enterprise Logging
elastic
1
4.9k
Elastic{ON} 2018: Latest in Logstash
elastic
1
4.5k
Elastic{ON} 2018 - Lessons Learned from Workday's Search Application Journey from POC to Production
elastic
2
2.4k

Other Decks in Technology

See All in Technology
どうするコスト最適化のトレードオフ
tetsuyaooooo
1
530
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
160
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
2
380
VS CodeでAWSを操作しよう
smt7174
8
1.7k
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
170
JSON攻略法.pdf
miyakemito
8
5.1k
LLM開発・活用の舞台裏@2024.04.25
yushin_n
1
340
IaCジェネレーターとBedrockで詳細設計書を生成してみた
tsukasa_ishimaru
1
280
アクセス制御にまつわる改善 / Improving access control
itkq
0
550
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
160
Azure Container Apps + Bicep 〜 こんな感じで運用しています
kaz29
2
480
MapLibreとAmazon Location Service
dayjournal
1
160

Featured

See All Featured
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.8k
Raft: Consensus for Rubyists
vanstee
132
6.3k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
17
6.4k
Web development in the modern age
philhawksworth
202
10k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Stop Working from a Prison Cell
hatefulcrawdad
266
19k
The Art of Programming - Codeland 2020
erikaheidi
42
12k
The Language of Interfaces
destraynor
151
23k
Become a Pro
speakerdeck
PRO
11
4.5k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3.1k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
Thoughts on Productivity
jonyablonski
58
3.8k

Transcript

  1. 1 CPT Derek “dcode” Ditch October 27, 2017, MOCYBER Twitter:

    @dcode http://rocknsm.io Fending Off the Adversary with a

  2. 2 $ whois dcode • keybase.io/dcode • github.com/dcode • linkedin.com/in/dditch

    Some of my identities on the web

  3. 3 $ whois derek.ditch • Cyber Officer* in the Missouri

    Army National Guard, 17 years of service • Senior sensor platform engineer for major US bank • Former senior intrusion analyst in NTOC • MS Computer Science, published research in critical infrastructure protection • Father of 3 boys • Live in San Antonio My physical persona * I was previously an all-source intelligence officer

  4. 4 $ whois MOCYBER • We’re an ad-hoc unique &

    beautiful snowflake ‒Part Army CPT ‒Part National Guard DCO-E ‒Part Air National Guard • We’re all volunteer militia • Since 2010, 31 missions & exercises The Team

  5. 5 Less talk… more ROCK

  6. 6 What is ROCK? A collection platform designed for Network

    Security Monitoring focused on: • Security. Passive sensors are one of the most valuable information assets on your network. Keep them to yourself. • Performance. Processing line-rate network data is taxing on your systems. Let's make the most of them. • Analysis. Connect the dots that make sense at collection time to aid human-driven analysis. • Production-Ready. Sometimes you have to spin up a sensor on short notice. If you wait until the last minute, it better only take a minutes.

  7. 7 What is ROCK? Yeah, but what’s in it?

  8. 8 Basically… all the things you need. Nothing you don’t.

  9. 9 I only want to sell you an idea... and

    it won't cost you... or the taxpayers a dime.

  10. 10 What’s the goal? Accept some foundational ideas: • Secure

    Architecture • Smart tactics • Defend with a purpose

  11. 11 I’m not trapped in here with you… you’re trapped

    in here with me. ~ Adversary in Your Network, Probably

  12. 12 Secure Architecture

  13. 13 What’s the goal? Accept some foundational ideas: • Secure

    Architecture • Smart tactics • Defend with a purpose

  14. 14 14 ...

  15. 15 15 ...

  16. 16 Let’s explore this tabletop scenario

  17. 17 Assume Everything is Compromised.

  18. 18 Smart Tactics • Passive first! • Use ephemeral infrastructure

    • Minimize use of privileged tokens • Collect all the things and cross reference your observations

  19. 19 What’s the goal? Accept some foundational ideas: • Secure

    Architecture • Smart tactics • Defend with a purpose

  20. 20 Cyber is a human versus human conflict. ~ Me

  21. 21 Analysis Focused Operations

  22. 22 Analysis Focused Operations

  23. 23 Analysis Focused Operations

  24. 24 Analysis Focused Operations

  25. 25 Analysis Focused Operations

  26. 26 Analysis Focused Operations

  27. 27 Analysis Focused Operations

  28. 28 SOF Truths • Humans are more important than hardware.

    • Quality is better than Quantity. • Special Operations Forces (SOF) cannot be mass produced. • Competent SOF cannot be created after emergencies occur. • Most Special Operations require non-SOF assistance.

  29. 29 Thanks! CPT Derek "dcode" Ditch [email protected] | [email protected] http://linkedin.com/in/dditch

    Try RockNSM today! http://rocknsm.io