SFISSA’s August meeting will be on Thursday, August 17th, 2017 at Nova University, Fort Lauderdale. The meeting will take place from 6PM to 9:30PM, followed by their usual networking hour.
Any Event, Anywhere
With the development of security operations centers, the collection of tools employed has grown significantly. This growth has led to a convoluted infrastructure to supply these tools with events. To remedy this “spaghetti nexus” the usage of an open source platform, namely Kafka, seamlessly enables the consolidation of event sources as well as consolidating the consumption of these events. However, in some organizations, pieces of this information, whether security-related, operations-related, etc., must be filtered and transmitted to interested third parties. Without an open source messaging platform in place, this further complicates network architecture design and implementation. Additionally, outages may occur on tools that are used to consume these events. So a resilient and robust caching mechanism must also be employed. Enter the Kafka-clustered node environment, built on open source technology in combination with enterprise-grade resources. This presentation will demonstrate how such a platform can enable any organization to address these challenges.
Presentation Speaker & Bio
Peter Titov spent 10 years on active duty with the US Air Force specializing in electronic warfare and electronic, signal, and communication intelligence gathering operations. He conducted analyst activities for the US Air Force CERT as well as developed innovative detection platforms with Weapons & Tactics also in support of the Air Force CERT. His experience includes penetration testing and developing a SOC from the ground up for a major US financial firm during Operation Ababil in 2012. He has developed, deployed, and trained SOC members in incident analysis and incident response procedures. Following his military career he streamlined SOC operations at another major US financial firm, created and deployed content as the Splunk SME (subject matter expert), as well as engaged in APT Hunt activities. He currently develops ArcSight content and works as an engineer for ArcSight solutions in support of Hewlett Packard Enterprise pre-sales activities.
Defcon, Blackhat, and BSides Recap
Hewlett Packard Enterprise
Nova Southeastern University – Carl DeSantis Building
3301 College Avenue
Fort Lauderdale, Florida 33314