Update: There is no longer a vaccination or health check requirement for entry into the venue.
Boston Elastic Stackers - Join us for an in-person meetup at the Microsoft campus on Thursday, January 26th, from 5:00-7:00pm EST. We're joined by George Boitano (SEMplicity) and Steve Kearns (VP of Product Management @ Elastic) for presentations followed by networking, food, and refreshments.
Registration ends on Tuesday, January 24th, as we need to provide a list of attendees to building security. Upon arrival, guests will need to provide an ID at the reception desk located on the “M” (Microsoft) floor.
Date & Time:
Thursday, January 26th, from 5:00-7:00 pm EST. Please note the venue has a hard stop at 7:00 pm EST.
1 Memorial Dr, Cambridge, MA 02142 - Conference Center - Thomas Paul Room
The parking garage is located at the back of the building. It is $12.00 after 4:00 pm. When entering the parking garage, it will prompt you to press the button to take a ticket; after the event is over, you can pay for the parking ticket in the lobby (just passing the security desk and near the elevator to the parking garage.)
Talk Abstract: Detections & Transforms: The foundation for user & entity behavioral analytics - George Boitano (SEMplicity)
Tracking security events by user or entity is all about preserving state. What suspicious behavior have we observed from the user over the past month? Have they been clicking on malicious URLs, failing an abnormally high number of authentications, and connecting to unusual network segments? And what is the state of their machine? Was there a recent virus infection? Does it have multiple unpatched vulnerabilities?
Detections find the needles in the haystacks. But preserving, aggregating and analyzing these findings requires implementing state machines for users and entities. That's where transforms shine. We use transforms to maintain user and entity state, pivoting on user name, UUID, source IP and source hostname. Using transforms, we can now write 2nd-level detections to trigger high-severity alerts based on aggregated user or entity behavior. Analysts, during triage or investigation, can now quickly determine a user or entity state. And if we summarize these transforms, executives can now view and track a composite enterprise risk profile aggregated across all the user and entity states.
This presentation will briefly introduce the concepts of Detections & Transforms, and then build a quick transform live to create a user state machine based on observed behavior. If time permits, we will also create a quick detection to monitor user state and trigger on certain conditions.
Talk Abstract: TBD - Steve Kearns (VP of Product Management @ Elastic)
VP Product Management
George Boitano is a developer, inventor and entrepreneur with over 20 years of experience in data security for large enterprises. As a founder of Security Integration in 1990, he served as technical officer and authored U.S. patent US5305456: Apparatus and Method for Computer System Integrated Security. After acquisition by Rocket Software in 2004. George consulted at LogLogic, Aveksa, Verisign, Secureworks and Dell Services as a developer for SIEM and IDM products. Since 2009, George has led SEMplicity, a boutique consultancy focused today on Elastic security and observability implementations and conversions for large enterprises. George holds a bachelor’s degree in physics from Harvard University.