What does it really take to scale up a large Elastic security log deployment?


Jan 15, 2019, 11:00 PM – Jan 16, 2019, 1:00 AM


About this event

Come learn about what is NEW in the Elastic Stack release 6.5!

You may have heard, we released version 6.5 of the Elastic Stack! It is packed full of new features, and true to our OpenSource roots the release is for OpenSource, Basic license, and subscription users alike. Come learn how you can now replicate indices from one Elasticsearch cluster to another, organize Kibana into independent spaces, use a new Beat type that deploys as a function in serverless platforms, leverage a new infrastructure operations UI, use open source distributed tracing as part of our APM solution, parse through logs with a new log tail UI, capture SNMP polling data with a new plugin for logstash, organize beats in central management UI, and more!”

Brad Quarry is a Senior Solution Architect with Elastic. After 15 years of helping build and deploy parallel computing architectures, he is most comfortable putting himself squarely between the customer and the problem at hand. When he’s not hip deep in error logs, he enjoys playing with his two boys William (2y) and Sam (6mo), running, and geeking out watching Sci-Fi movies.

From the trenches: what does it really take to scale up a large Elastic security log deployment?

Elasticsearch for enterprise security log storage & management is a hot topic today. Specular gains in performance, functionality and cost are ready for harvest. But what exactly does it take to create a large Elastic log storage infrastructure? This talk will present war stories related to at 150,000 events per second Elastic log storage implementation with 2 month retention built at a large commercial client. We'll take the audience through sizing, design. staffing & cost; discuss architecture, storage density & ingestion: and share our gotchas & lessons learned. We will also talk a bit about evidentiary-quality log storage for compliance. If you are curious about what it would take for Elastic to hold your security logs, this talk will show you what to expect.

George Boitano is a developer, inventor and entrepreneur with over 25 years of experience in data security for large enterprises. As a founder of Security Integration in 1990, he served as technical officer and authored U.S. patent 5305456: Apparatus and Method for Computer System Integrated Security. As President, he created OEM channel partnerships with Netegrity, Inc. and other vendors, and managed the acquisition of the company by Rocket Software in 2004. George then consulted at LogLogic, Aveksa, Verisign, Secureworks and Dell Services, where he developed an interest in SIEM technology and acquired familiarity with the Managed Security Services business model. George holds a bachelor’s degree in physics from Harvard University.



January 15 – 16, 2019
11:00 PM – 1:00 AM UTC


  • Lindsay Hill

    Community Organizer

  • Dan Morgan

    Community Organizer

  • Richard Juknavorian

    IT Squared

    Community Organizer

  • Theron Roe

    Community Organizer

Contact Us