Get full visibility and find hidden security issues

1
ElasticON Security
Braden Preston
Director of Product, Elastic Endpoint Security
Get Full Visibility

Every person and every asset is
a target

5 1B 5
Data Domains
Practitioners analyze
endpoint, cloud,
network, application,
user, and more!
Events Per Day
Most organizations
average 1 billion
events per day
SOC Analysts
Security Operation
Centers vary in size,
but most have less
than 5 analysts
THE DATA DILEMMA

Solve the dilemma by answering 4 key questions
What data do I need to collect?1
Now that I have it, how do I manage the data?3
How do I make it actionable?4
How do I get that data?2

What data do I need
to collect?
• MITRE ATT&CK™ provides the
data sources required to detect
250 adversary techniques
• There are 50 unique data
sources
• Examples include, “Process
Monitoring”, “DNS Records”,
“Authentication Logs”, and more!

What data do I need
to collect?
• MITRE ATT&CK™ provides the
data sources required to detect
250 adversary techniques
• Examples include, “Process
Monitoring”, “DNS Records”,
“Authentication Logs”, and more!
• There are 50 unique data
sources

Elastic Agent
• Centrally manage all data
collection and endpoint
protection
• Single click integration of data
sources
• Customizable configurations
for complete control and
configurability.

Elastic Security
• A single application for data
analysis across all data domains
and sources
• Configurable data lifecycle
management
• Elastic Common Schema
• No penalties for adding data
sources, endpoints or ingesting
data
• Flexible Storage Tiers

Elastic Common Schema (ECS)
How data is normalized inside Elastic
Deﬁnes a common set of ﬁelds and
objects to ingest data into
Elasticsearch
Enables cross-source analysis of
diverse data
Designed to be extensible
ECS is adopted throughout the
Elastic Stack
Contributions & feedback welcome
at https://github.com/elastic/ecs
Searching without ECS
src:10.42.42.42
OR client_ip:10.42.42.42
OR apache2.access.remote_ip:
10.42.42.42
OR context.user.ip:10.42.42.42
OR src_ip:10.42.42.42
Searching with ECS
source.ip:10.42.42.42

Threat Hunting
• Proactively Search for
embedded attacks
• Save Analysis in integrated case
management
• Customizable timeline
templates to empower even the
most junior analysts.

Automated
Detection
• Speed and scale of
Elasticsearch to detect known
and unknown threats
• Easily automate threat
detection using queries
KQL/DSL, machine learning,
thresholds, and more!
• 200 free protections;
built in the open

Threat Prevention
• Kernel Level data collection
enables deep visibility
• Protect your Windows, macOS,
and Linux hosts.
• Prevent malware

Data Dilemma Solved by Elastic Security
Common framework for data collection1
Configurable data management with an open standard for
analysis
3
Actionable Data - Threat Hunting, Automated Detection, Threat
Prevention
4
Single agent for data collection and endpoint protection2

19
Closing slide
This presentation includes forward-looking
statements that are subject to risks and
uncertainties. Actual results may diﬀer materially
as a result of various risk factors included in the
reports on the Forms 10-K, 10-Q, and 8-K, and in
other ﬁlings we make with the SEC from time to
time. Elastic undertakes no obligation to update
any of these forward-looking statements.

Try free on Cloud:
ela.st/security-trial
Take a quick spin:
demo.elastic.co
Connect on Slack:
ela.st/slack
Join the Elastic Security community

Thank You
Search. Observe. Protect.

23
Closing slide
This presentation includes forward-looking
statements that are subject to risks and
uncertainties. Actual results may diﬀer materially
as a result of various risk factors included in the
reports on the Forms 10-K, 10-Q, and 8-K, and in
other ﬁlings we make with the SEC from time to
time. Elastic undertakes no obligation to update
any of these forward-looking statements.

Bullet title (Inter 24 pt)
• Try to keep your use of bullet slides to a minimum
• Be creative and think visually
• If you need to source something copy and paste the text box at the
bottom left onto your page
Subtitle sentence case (Inter 18pt)

Bullet slide title treatment can be up to two lines in
length (Inter bold 24 pt)
• Bullets are sentence case (Inter 18pt)
– Second-line bullets are Inter 14pt
• Third-line bullets are Inter 12pt
• Limit the number of bullets on a slide
• Text highlights are orange, but not underlined
• Try not to go below the recommended font sizes

‒ Second-line bullets are Inter 14pt
‒ Third-line bullets are Inter 12pt

Place a quote from someone
really, really important and it will
shrink to fit this space…
Author Name Here

Author Name Here
Place a quote from someone
really, really important and it will
shrink to fit this space…

Chart Slide With Multiple Colors
Sub-title or chart title here in sentence case

Pie Chart Slide With Multiple Colors
62%
Supporting text
goes here under
the number
62%
Supporting text
goes here under
the number

Pie Chart Slide With Multiple Colors

Transition Slide Title Goes
Here and Can Be a Few
Lines Long
Subtitle goes here in sentence
case

Transition Slide Title
Short and Sweet

1M 1M 1M
HEADER HERE
Supporting text
goes here under
the number
HEADER HERE
Supporting text
goes here under
the number
HEADER HERE
Supporting text
goes here under
the number
Big Number Treatment

1M 1M 1M
HEADER HERE
Supporting text
goes here under
the number
HEADER HERE
Supporting text
goes here under
the number
HEADER HERE
Supporting text
goes here under
the number
Big Number Treatment (Dark Mode)

Table Layout Treatment
Subtitle text placeholder sentence case
HEADER HEADER HEADER HEADER
Information Information Information Information
Option 1

Option 2

Option 3

Option 4

Get full visibility and find hidden security issues

Please use this area
for content, screen
shot, or quote; the
next few slide show
examples

We mine and analyze
4 billion events every
day to detect security
hacks and threats.

51
With organic logging growing 50%
year over year, and monitoring
infrastructure spend at nearly 10%,
one rogue log can ruin the platform.
The checks and balances necessary
to make sure we don’t hit that
roadblock are built with the Elastic
Stack and Beats.
TEXT GOES HERE IN ALL CAPS
Additional text goes here to support the content and can
be a couple lines in length and sits bottom left aligned

52
With organic logging growing 50%
year over year, and monitoring
infrastructure spend at nearly 10%,
one rogue log can ruin the
platform. The checks and balances
necessary to make sure we don’t
hit that roadblock are built with the
Elastic Stack and Beats.
TEXT GOES HERE IN ALL CAPS
Additional text goes here to support the content and can
be a couple lines in length and sits bottom left aligned

”
The Elastic Stack is critical to us. Every day
millions of users and customers worldwide
trust Box to execute mission-critical
business functions.
“

Some text can go here
Some text can go here

You can use
this area for a
text treatment
that supports
your chosen
imagery

Slide Title Here With
a Few Bullets
Subtitle goes here
• Bullet one goes here in
sentence case and no period
• Bullets should be kept short
and sweet; stay focused
• Use bullets to help break up
content that you need to
have on the screen

Slide Title Here With
a Few Bullets
Subtitle goes here
● Bullet one goes here in
sentence case and no
period
● Bullets should be kept short
and sweet; stay focused
● Use bullets to help break up
content that you need to
have on the screen

Slide Title Here
With Key Points
Subtitle goes here
Header Here
Body copy goes here and just increase the
indent level to get to the proper formatting
Header Here
Header Here
Header Here
LOGGING METRICS APM
ADVANCED
SEARCH
SECURITY
ANALYTICS
DATA
SCIENCE
FOUNDATIONSPECIALIZATIONS

Slide Title Here
With Key Points
Subtitle goes here
Header Here
Header Here
Header Here
Header Here

Image Treatment With Caption Layout
How to add your own photos and crop properly…
Your image will populate the
container but you will likely need
to adjust the crop. Double click
on the image to adjust. Use the
blue dots to adjust the size.
Click on the grayed out portion
of the image and drag to the
left or right until you are happy
with the crop.
1 2 3Right click on the image and go
to replace image. Select a new
image from your machine.

Agenda Slide
Use color to highlight
Enter title for section one here and use sentence case1
Enter title for section three here and use sentence case3
Enter title for section four here and use sentence case4
Enter title for section five here and use sentence case5
Enter title for section two here and use sentence case2
Option 1ANOTE THIS SLIDE IS NOT IN THE LAYOUT OPTIONS.
ALWAYS START A NEW PRESENTATION USING THE
CORPORATE TEMPLATE AND ADD YOUR CONTENT
TO THIS SLIDE.

Bullet slide title treatment can be up to two lines in length (Inter bold 24 pt)
○ Second-line bullets are Inter 14pt
■ Third-line bullets are Inter 12pt
Agenda Slide
Enter title for section one here and use sentence case1
Enter title for section three here and use sentence case
Enter title for section four here and use sentence case
Enter title for section five here and use sentence case
Enter title for section two here and use sentence case2
Option 1BNOTE THIS SLIDE IS NOT IN THE LAYOUT OPTIONS.
TO THIS SLIDE.
3
4
5

Agenda Slide
Enter title for section one here and use sentence case
Enter title for section two here and use sentence case
1
2
3
4
5
Option 2NOTE THIS SLIDE IS NOT IN THE LAYOUT OPTIONS.
TO THIS SLIDE.

Agenda Slide
1
2
3
4
5
TO THIS SLIDE.

Process Diagram Treatment, 5 Ideas
See style page for more color options
1 2 3 4 5
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number

Process Diagram Treatment, 5 Ideas + Highlight
1 2 3 4 5
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number

Supporting text
goes here under
the number
1 2 3 4
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number

Supporting text
goes here under
the number
1 2 3
Supporting text
goes here under
the number
Supporting text
goes here under
the number

1 2 3 4
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
5
Supporting text
goes here under
the number

Process Diagram Treatment, 5 Ideas + Highlight
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
1 2 3 4 5

1 2 3 4
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number

1 2 3
Supporting text
goes here under
the number
Supporting text
goes here under
the number
Supporting text
goes here under
the number

Title Here Title Here Title Here
• One bullet here
• Two bullet here
• Three bullet here
• One bullet here
• Two bullet here
• One bullet here
• Two bullet here
Box With Bullet Treatment

• One bullet here
• Two bullet here
• One bullet here
• Two bullet here
• One bullet here
• Two bullet here
Box With Bullet Treatment with Color Choice

• One bullet here
• Two bullet here
Title Here
• One bullet here
• Two bullet here
Title Here
• One bullet here
• Two bullet here
Title Here
Box Bullet Treatment

• One bullet here
• Two bullet here
• One bullet here
• Two bullet here
• One bullet here
• Two bullet here
Box Bullet Treatment with Color Scheme

Screenshot Treatment With Browser Window
How to drop in your screen shot…
The browser window is like a
frame so anything you drop
behind it will show through.
Drop in your screen shot, go
to the format menu and crop
it to show only what you
want.
2
Last, be sure to right click on
your screen shot, go to order
and send to back.
3
1

Screenshot Treatment With Title and Browser Window

NOTE USE THIS LAYOUT
FOR PLACING ONE FULL
BLEED SCREENSHOT

Use This Slide for Code, Light Version
Use template colors to highlight
curl –XPUT localhost:9200/_template/twitter –d ‘
{
“template” : “twitter_*”,
“setting” : {
“number_of_shards” : 4,
“number_of_replicas” : 1
}
}’

Use This Slide for Code, Dark Version
Use template colors to highlight
curl –XPUT localhost:9200/_template/twitter –d ‘
{
“template” : “twitter_*”,
“setting” : {
“number_of_shards” : 4,
“number_of_replicas” : 1
}
}’

Color Palette
254
197
20
47
67
145
250
115
79
240
78
152
151
156
171
67
71
83
0
119
204
0
191
179
PRIMARY

Styles and Treatments
SHAPES
LOGOS
Please use logos according
to brand guidelines. These
logos can be sized up and
down without losing quality.
Please press shift before
sizing to keep proper
proportions.
Various template colors can
be used for shapes. Shapes
should have a 3pt line stroke.

Video or Large Image Treatment
Sub header goes here

3 solutions
Elastic Enterprise Search Elastic SecurityElastic Observability

Elastic Enterprise Search
Workplace Search App Search Site Search

Elastic Observability
Logs Metrics APM Uptime

Endpoint SIEM
Elastic Security

3 solutions powered by 1 stack
Kibana
Elasticsearch
Beats Logstash
Elastic Stack

The Elastic Stack
Reliably and securely take data from
any source, in any format, then search,
analyze, and visualize it in real time.

Deploy anywhere.
SaaS Orchestration
Elastic Cloud
on Kubernetes
Elastic Cloud Elastic Cloud
Enterprise
Kibana
Elasticsearch
Beats Logstash
Powered by
the stack
3 solutions
Deployed
anywhere

Deploy anywhere.
SaaS Orchestration
Elastic Cloud Elastic Cloud on
Kubernetes
Elastic Cloud
Enterprise

Subscription Options
ELASTIC CLOUD
FREE PAID
Open Source
Features
Free Proprietary
Features
Paid Proprietary Features
+
Elastic Support
PAID
OPEN SOURCE BASIC GOLD PLATINUM ENTERPRISE
SELFMANAGEDSaaS

Resource-based Pricing
Endpoint Security
No endpoint-based pricing
SIEM
No seat/ingest-based pricing
APM
No agent-based pricing
Metrics
No host-based pricing
Logs
No ingest-based pricing
App Search
No docs-based pricing
Site Search
No query-based pricing
Workplace Search
No user-based pricing

31 Solution Logos
ENTERPRISE
SEARCH
OBSERVABILITY SECURITY
Elastic Logo + Tagline
FULL COLOR
REVERSE

Product Logos
ELASTIC CLOUD
ON KUBERNETES
ECK
KIBANA LOGSTASHELASTICSEARCHBEATS ELASTIC CLOUD
ELASTIC
CLOUD
ENTERPRISE

Product Logos
APMAPP SEARCH
WORKPLACE
SEARCH
METRICS SIEMLOGSSITE SEARCH ENDPOINT

Iconography Usage
Product Feature Icons
Do not use these icons for
anything other than what
they are created for.
Product Feature Icons are created
to correlate with a specific feature
within the product and are not
flexible in use. Please see labels as
a guide.
Generic Icons
These icons are made to fit across
multiple concepts within reason.
See labels as a general guide.
Please use discretion.
Training Icons
Do not use these icons for
anything other than what
they are created for.
Training Icons are created to
correlate with a specific feature
within the training relm and are not
flexible in use. Please see labels as
a guide.

Feature Icons
winlogbeat heartbeat packetbeat metricbeat functionbeat filebeat auditbeat index patterns Index
management
Life cycle
management
create single job create advanced
job
create multi
metric job
create population
job
machine
learning
advanced
settings
apm sql visualize dashboards
canvas upgrade assistant management security analytics add data search
profiler
users and
roles
saved objects reporting security settings
grok debugger language clients infra console discover dev tools watcher rollups cross cluster
replication
data visualizer
metrics monitoring notebook logging spaces logstash pipeline gis application timelion graph --

Training Icons
apm metrics Security analytics logging
specializationEngineering 1 Engineering 2 certification Advanced search Data science
subscription on-demand Instructor led
stack

Generic Icons
training support subscription
customers
structured schema schemaless rapid query
execution
sql No sql Horizontal scale
flexible data
model
downloads custom consulting community community
members
Sophisticated query
language
node idea chart
news user reliable extensible upgrade IoT plugin scale real-time high-five
location distributed visibility plan E commerce family vacation presentation education guide book
benefits certificate video contribution target Health monitor overlap conversation speaker government

Generic Icons
To do Source code Color outside
of the lines
blog Send
message
docs mobile browser Love
letter
connection

Generic Icons
training support subscription
customers
structured schema schemaless rapid query
execution
sql No sql Horizontal scale
flexible data
model
downloads custom consulting community community
members
Sophisticated query
language
node idea Light bulb
news user reliable extensible upgrade IoT plugin scale real-time high-five
location distributed visibility plan E commerce family vacation presentation education guide book
benefits certificate video contribution target Health monitor overlap conversation speaker government

Get full visibility and find hidden security issues

More Related Content

What's hot (20)

Similar to Get full visibility and find hidden security issues (20)

More from Elasticsearch (20)

Recently uploaded (20)

Get full visibility and find hidden security issues