Boston Elastic User Group @ Microsoft with Steve Kearns & SEMplicity

Microsoft - Conference Center Thomas Paul Room - 1 Memorial Dr Cambridge, 02142 - View Map Boston
Thu, Jan 26, 5:00 PM (EST)

18 RSVP'ed

About this event

Update: There is no longer a vaccination or health check requirement for entry into the venue.

 

Boston Elastic Stackers - Join us for an in-person meetup at the Microsoft campus on Thursday, January 26th, from 5:00-7:00pm EST. We're joined by George Boitano (SEMplicity) and Steve Kearns (VP of Product Management @ Elastic) for presentations followed by networking, food, and refreshments.


Registration ends on Tuesday, January 24th, as we need to provide a list of attendees to building security. Upon arrival, guests will need to provide an ID at the reception desk located on the “M” (Microsoft) floor. 



Event Details:

Date & Time:

Thursday, January 26th, from 5:00-7:00 pm EST. Please note the venue has a hard stop at 7:00 pm EST.

Location:

 1 Memorial Dr, Cambridge, MA 02142 - Conference Center - Thomas Paul Room

Parking: 

The parking garage is located at the back of the building. It is $12.00 after 4:00 pm. When entering the parking garage, it will prompt you to press the button to take a ticket; after the event is over, you can pay for the parking ticket in the lobby (just passing the security desk and near the elevator to the parking garage.)

Agenda:

  • 5:00 pm: Doors open; say hi, grab a seat, and eat some food.
  • 5:15pm: Detections & Transforms: The foundation for user & entity behavioral analytics - George Boitano (SEMplicity)
  • 6:00pm: Presentation by Steve Kearns (VP of Product Management @ Elastic)
  • 7:00 pm: Event ends


Talk Abstract: Detections & Transforms: The foundation for user & entity behavioral analytics - George Boitano (SEMplicity)

Tracking security events by user or entity is all about preserving state. What suspicious behavior have we observed from the user over the past month? Have they been clicking on malicious URLs, failing an abnormally high number of authentications, and connecting to unusual network segments? And what is the state of their machine? Was there a recent virus infection? Does it have multiple unpatched vulnerabilities?

Detections find the needles in the haystacks. But preserving, aggregating and analyzing these findings requires implementing state machines for users and entities. That's where transforms shine. We use transforms to maintain user and entity state, pivoting on user name, UUID, source IP and source hostname. Using transforms, we can now write 2nd-level detections to trigger high-severity alerts based on aggregated user or entity behavior. Analysts, during triage or investigation, can now quickly determine a user or entity state. And if we summarize these transforms, executives can now view and track a composite enterprise risk profile aggregated across all the user and entity states.

This presentation will briefly introduce the concepts of Detections & Transforms, and then build a quick transform live to create a user state machine based on observed behavior. If time permits, we will also create a quick detection to monitor user state and trigger on certain conditions.


Talk Abstract: TBD - Steve Kearns (VP of Product Management @ Elastic)



Speakers

When

Thursday, Jan 26
5:00 PM - 7:00 PM (EST)

Where

Microsoft - Conference Center Thomas Paul Room
1 Memorial Dr Cambridge02142

Host

  • Olivia Petrie

    Olivia Petrie

    Elastic

    Community Programs

Organizers

  • Lindsay Hill

    Lindsay Hill

    Community Organizer

  • Dan Morgan

    Dan Morgan

    Community Organizer

    View Profile
  • Richard Juknavorian

    Richard Juknavorian

    IT Squared

    Community Organizer

    View Profile
  • Theron Roe

    Theron Roe

    Community Organizer

    View Profile