Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A "beat" of security, with the Elastic Stack

A "beat" of security, with the Elastic Stack

From guessing a weak password to exploiting zero-day vulnerabilities, there are a lot of ways attackers can get into your private networks. So even if you follow all the best security practices, there’s a good chance you will face a security incident sooner or later. The questions are: how quickly will you find out? how will you respond? how will you know which systems are compromised? In this talk, we’ll show you how to use the Elastic Stack, and in particular Beats, to detect security breaches.

Monica Sarbu

April 12, 2017
Tweet

More Decks by Monica Sarbu

Other Decks in Technology

Transcript

  1. About us Monica Sarbu Software engineer and Beats team lead

    Tudor Golubenco Software engineer and Beats tech lead
  2. • NSA breaks in your network • Zero-day vulnerabilities •

    Heartbleed, Cloudbleed, Shellshock, etc. • Out of date software with known vulnerabilities • Weak passwords. Default passwords • Commit by mistake your AWS credentials in GitHub Security breaches 10
  3. • You never find out • You find out from

    the press • You find out from the attackers who request a ransom • You find out from the AWS bill • You find out yourself, but after the harm was done • You find out yourself, but you are not sure what the harm was • You find out yourself, no harm was done, and you can prove it How do you find out? 11
  4. auth logs • SSH logins (password or publickey, IP, GeoIP)

    • failed sudo attempts • useradd / groupadd