Monitoring & Defending Infrastructure Security Attacks

Abstract

Monitoring for attacks and defending them in real-time is crucial. Crunch through all the logs from the various sources (servers, applications, firewalls etc.) to gain insights from anomalies in real time. Making the right choices from the attacks can prove to be a nightmare. Even with the solutions already available in the market. In this workshop we can see attacks happening in real time using a centralised dashboard. By collecting logs from various sources we will monitor and analyse the attacks. Using data gleaned from the logs, we can apply defensive rules against the attackers. We will be using open source technologies to build this monitoring solution.

COURSE CONTENT

The workshop at the very least will include the following hands on topics:

• Understanding problems with traditional logging methods
• Introduction to ELK Stack (Elasticsearch, Logstash, Kibana)
• Setting up Elastic Stack
• Setting up Infrastructure to collect logs
• Correlating the logs and centralized management
• Creating dashboards with custom queries and visualizations
• Alerting for attack patterns and queries to Slack, Email
• Automated defence demo using Serverless technology (AWS Lambda)
• Use cases and future improvements
• Best practices and production deployment tips

PREREQUISITE

• Bring your laptop with admin/root privileges.
• You will need at least 10 GB of free space for virtual machines.
• Your laptop should be capable of running 64-bit VMs inside Virtual Box.

PARTICIPANTS REQUIREMENTS

• Attendee should be familiar with Linux command line usage

DURATION (1/2 DAY)

1 day

WHO SHOULD ATTEND

Security Engineers & Analysts, SOC Teams, IT/Network Administrators, Who interested to automate security monitoring

WHAT TO EXPECT

• Lot’s of hands-on to build your own FOSS based Security Monitoring System.
• Understanding and using open source tools to defend against attacks in near real-time
• Dealing with large amount and different kind of logs formats
• Best practices to deploy and manage the stack in your environments
• Give away check-lists, play books, walk-through guides

WHAT NOT TO EXPECT

We will be mostly doing how ELK will help to security monitoring, we don’t cover scaling ELK stack.

Madhu Akula

Never Ending Learner!

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27, 28, 29, 30), BlackHat (2018, 19, 21, 22 & 23), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19, 22), All Day DevOps (2016, 17, 18, 19, 20, 21 & 22), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21 & 22), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.