Heidi has seen many Security Operations Centers (SOC) over her career. She has seen many SIEM tools and many SOC cultures. She describes why she chose Elastic and sees the future in Elastic.  Nathan Stacey and Heidi discuss the evolution of security operations centers (SOCs) and the role of Elastic in modernizing the SOC. They talk about the transition from network operations centers (NOCs) to SOCs and the importance of integrating security and network teams. They also highlight the value of bringing in large quantities of data and the role of AI in analyzing and correlating that data. They discuss the Elastic Common Schema and its impact on data normalization and correlation. Overall, they emphasize the open and agile nature of Elastic in meeting the evolving needs of SOCs. Takeaways: -SOCs have evolved from network operations centers (NOCs) and now require the integration of security and network teams. -Bringing in large quantities of data and leveraging AI can provide a more comprehensive and holistic view of security incidents. -The Elastic Common Schema enables data normalization and correlation across different log sources. -Elastic's open and agile approach allows for customer-driven development and the ability to meet the evolving needs of SOCs. Sound Bites: "SOCs are transitioning and moving towards the new, and Elastic is part of that new." "The goal is to bring in all the data to have a full picture and enable effective security operations." "Elastic allows for a more efficient and effective SOC by providing an event rendered view and leveraging AI for analysis." 00:00 Heidi Gerken's Background in Security Operations Centers 03:00 The Transition from NOCs to SOCs 07:02 Challenges of Managing Large Data Sets in SOCs 13:07 The Role of AI and Machine Learning in SOC Efficiency 28:03 The Importance of Elastic Common Schema in SOC Operations

Paul Vout discusses his experience participating in a SatCom cyber exercise focused on satellite-based cyber threats and techniques. The exercise aimed to simulate attacks on a real satellite called Moonlighter, with a focus on directional control and energy consumption. Paul highlights the importance of precise coordination of cameras and solar panels on satellites and the potential vulnerabilities in these areas. He also emphasizes the need for a structured process and framework in OT cyber exercises to guide analysts and improve training. Overall, the exercise provided valuable insights into securing satellite systems and can inform the cybersecurity practices in other OT domains. Watch the full video here:Youtube: https://youtu.be/hEAusX3nkHI Keywords SatCom, cyber exercise, satellite, directional control, energy consumption, OT cyber, supply chain, process, framework, training, elastic, elasticsearch, red team, blue team Takeaways SatCom cyber exercises provide valuable insights into securing satellite systems and can inform cybersecurity practices in other OT domains. The directional control and energy consumption of satellites are critical areas to focus on in SatCom cyber exercises. A structured process and framework are essential in OT cyber exercises to guide analysts and improve training. Understanding the supply chain and the specific components of satellite systems is crucial for effective cybersecurity. Elastic's ability to ingest and interpret multiple sources of data makes it a valuable tool in SatCom cyber exercises. Sound Bites "Directional control of a satellite is extremely important, as is the manipulation of power generation and consumption." "Satellite cybersecurity requires a focus on specific satellite components and understanding the supply chain." "A structured process and framework in OT cyber exercises can improve training and guide analysts." Chapters 00:00 Introduction to the SatCom Cyber Exercise 03:49 The Importance of Directional Control and Energy Consumption 10:21 The Value of Focusing on SatCom Cybersecurity 18:22 Lessons Learned and Best Practices for OT Cyber Exercises 26:22 The Role of Elastic in Analyzing Satellite Telemetry Data

Nathan Stacey interviews Michael Young about sizing in Elastic. They discuss the concept of distributed systems, the value of data tiering, and the challenges of split brain scenarios. They also touch on the different tiers in Elastic (hot, warm, cold, and frozen) and how they impact performance and cost.  The conversation provides insights into the importance of understanding the resources and requirements of an Elastic cluster to optimize its performance.Where to see this video: Youtube of this full video as well as the channel with the rest of our videoshttps://youtu.be/ND0mn6Xsu3E Keywords Elastic, sizing, distributed systems, data tiering, split brain, hot tier, warm tier, cold tier, frozen tier, performance, cost optimization, elasticsearch, tuning Takeaways Understanding the resources and requirements of an Elastic cluster is crucial for optimizing its performance. Data tiering in Elastic allows for the efficient management of data based on its value and performance needs. Split brain scenarios can occur in distributed systems and can lead to conflicts and inconsistencies in data. Elastic offers different tiers (hot, warm, cold, and frozen) to accommodate different performance and cost requirements. Proper sizing and configuration of an Elastic cluster can ensure efficient data management and high performance. Quotes "Enabling people to think about the things that matter with sizing so they could be more informed." "A few tweaks here and there changes that cluster from ho-hum to crazy fast." "Elastic can actually get down to single-digit millisecond response times." Chapters 00:00 Introduction and Background 02:18 The Importance of Sizing 08:57 Overview of the Series 11:38 Data Tiering in Elastic 31:42 Understanding Split Brain Scenarios

Github Project: https://github.com/Xzeryn/Elastic-Stack-Docker Summary Nathan Stacey, Scott Karter and Frank Gutierrez discuss their project of building a simplified and easy way to set up the Elastic Stack using Docker Compose. They explain the motivation behind creating this project, which is to provide a simple and accessible way for users to deploy Elastic for education, proof of concept, and air-gapped environments. They walk through the installation process and highlight the different profiles and components involved. They also discuss future plans, including adding support for Podman, exploring different cluster architectures, and incorporating Elastic's Rally for benchmarking. Takeaways Scott and Frank have built a simplified and accessible way to set up the Elastic Stack using DockerThe project is aimed at providing an easy way to deploy Elastic for education, proof of concept, and air-gapped environmentsThey walk through the installation process and highlight the different profiles and components involvedFuture plans include adding support for Podman, exploring different cluster architectures, and incorporating Elastic's Rally for benchmarking Benchmarking Elastic Stack with RallySimplified Deployment of Elastic Stack with Docker "A simplified and easy way to get the elastic stack set up""We chose the way that we think you could get started to educate yourself or to deploy it for a POC or to deploy it in an air gap environment, the simplest way""To get the whole solution installed on AirGap, it's a single product" Chapters 00:00 Introduction and Project Overview 02:11 Motivation for Building the Solution 04:55 Elastic Package Repository and Elastic Artifact Repository 08:20 Future Iterations and Plans 19:44 Code Overview and Repository 27:03 Future Use Cases and Enhancements

Nathan Stacey and Eric Cobb discuss a demo showcasing the use of AI in Elastic. Eric explains how Elastic is a data platform that can handle structured and unstructured data, and demonstrates how they can extract insights from unstructured text data using generative AI. The demo focuses on analyzing news articles related to fentanyl arrests and visualizing the data on a map. Nathan also highlights the scalability and speed of Elastic, as well as the new AI capabilities introduced in version 8.14. Takeaways Elastic is a data platform that can handle structured and unstructured dataGenerative AI can be used to extract insights from unstructured text dataThe demo showcased the analysis of news articles related to fentanyl arrests and visualizing the data on a mapElastic is scalable and can handle large amounts of data with sub-second response timeVersion 8.14 introduced new AI capabilities, including the ability to ask questions and receive answers from the data Using AI to Extract Insights from Unstructured Data in ElasticAnalyzing Fentanyl Arrests with Elastic's Data Platform and AI Quotes: "We are a data platform, data is data to us. It doesn't matter if it's structured or unstructured.""Elastic wanted to show that you can analyze any kind of data, not just security or telemetry based.""Elastic has made it easy to get generative AI insights from your data, even without being a developer." Chapters 00:00 Introduction and Background 01:17 Elastic's Efforts in the Government Sector 05:48 Demo: Enriching and Analyzing Data 12:57 Demo: AI Capabilities and Natural Language Questions 15:06 Demo: Geospatial Analysis and Visualization 23:39 Playground: Making AI Accessible to Non-Developers 28:05 Feedback and Future Improvements

Summary In this conversation, Andrue McElhaney, a Senior Solution Architect at Elastic, discusses his journey in technology and his passion for training. He emphasizes the importance of hands-on experience and practical learning in becoming an expert. He also shares insights on learning Elastic and transitioning to the platform, highlighting the value of starting small, leveraging the community, and finding consistency. Andrue concludes with a key takeaway: start with a project, build a team, and find your own path to success Takeaways Hands-on experience and practical learning are crucial in becoming an expert in technology.When learning Elastic, start small and leverage free cloud trials to get hands-on experience with the platform.Engage with the Elastic community through forums, meetups, and conferences to learn from others' experiences.Building consistency and finding a training model that works for your organization is key to successful transition to Elastic.Start with a project, build a team, and focus on continuous learning and improvement. Learning Elastic: Starting Small and Leveraging the CommunityKey Takeaways: Starting with a Project and Continuous Learning "Hands-on experience with your stuff... It's great for that muscle memory.""Start with the free cloud trials... See the functionality for yourself.""Automation and orchestration... Spin things up quickly and tear them down Titles 01:18 Andrue's Journey: From Video Games to Elastic Expert 10:16Training and Transitioning to Elastic 14:24The Role of DevOps in Technology Training and Deployment 21:56Utilizing the Elastic Community and Resources 26:23Andrue's Advice for Learning Elastic

Summary The conversation covers topics related to creating chapters, endpoint security, machine learning, XDR, EDR, kernel, supply chain security, and zero trust in Windows environment. The discussion also delves into the evolution of security culture in the US military and the challenges faced in implementing Zero Trust. The conversation provides insights into the depth of detail required to defend against advanced adversaries and the importance of training and experience in cybersecurity.Keywordschapters, endpoint security, machine learning, XDR, EDR, kernel, supply chain security, zero trust, US military, cybersecurity cultureTakeaways The evolution of endpoint security and the challenges posed by advanced attacksThe role of machine learning in enhancing endpoint and extended detection and response (XDR) solutions The complexities and challenges of implementing Zero Trust in a Windows environment and the need to define a clear framework for protectionThe evolution of security culture in the US military and the emphasis on training and experience in cybersecurityThe depth of detail required to defend against advanced adversaries and the importance of understanding supply chain vulnerabilities The Significance of the Kernel in CybersecurityImpact of Supply Chain Security on Cybersecurity Posture "I always appreciate kind of the spy versus spy analogy because as soon as you come up with a good defense, attackers come up with another attack.""I feel like there's a change happening in the security world from audit D type logging type security to XDR.""The kernel is a key component for cybersecurity."

Elastic plays a crucial role in the aviation industry, particularly in areas such as operational energy, fuel efficiency, supply chain management, manufacturing, and cybersecurity. By analyzing data from aircraft engines and sensors, Elastic can help optimize fuel consumption, identify regional fuel usage patterns, and suggest improvements in efficiency. It can also assist in monitoring and securing the fuel supply chain, ensuring the quality and safety of the fuel. In manufacturing, Elastic can analyze data from the production process, identify efficiencies, and enable predictive analysis. Additionally, Elastic can be used to track and manage logistics in air transport, such as tracking food supplies and ensuring their safe delivery. Takeaways Elastic is used in the aviation industry to optimize fuel consumption and improve operational energy efficiency.It can analyze data from aircraft engines and sensors to identify regional fuel usage patterns and suggest improvements.Elastic helps monitor and secure the fuel supply chain, ensuring the quality and safety of the fuel.In manufacturing, Elastic enables analysis of production data, identification of efficiencies, and predictive analysis.It can track and manage logistics in air transport, such as tracking food supplies and ensuring their safe delivery. Sound Bites "Operational energy: Analyzing fuel consumption and energy resources in the Air Force.""Fuel supply chain: Monitoring and securing the quality and safety of fuel.""Manufacturing efficiency: Analyzing production data and enabling predictive analysis." Chapters 00:00Fuel Efficiency and Operational Performance 09:34Unstructured Data and Elastic 22:52Cybersecurity in the Airplane World 28:18Logistics and Supply Chain Management Keywords elastic, aviation industry, operational energy, fuel efficiency, supply chain management, manufacturing, cybersecurity, fuel consumption, regional fuel usage, efficiency improvements, fuel supply chain, manufacturing process, predictive analysis, logistics, air transport, food supplies

Audit logs vs Kernel data. Each are valuable, Paul Vout describes the reason that each are needed to assure cyber security

Summary LLMs and vector databases are powerful tools in information retrieval, but they still need a search engine to perform optimally. Vectors provide predictions based on the most likely context within the vector space, but without additional context, the interpretation can be difficult. LLMs understand language patterns and allow for semantic search without exact terms. Vector databases use coordinates to find content matches and determine relevance, but they lack the user's context. Elasticsearch as a vector database allows for additional context and combines multiple search modalities for better results. Keywords: LLMs, vector databases, search engine, information retrieval, context, semantic search, relevance, ElasticsearchTakeaways LLMs and vector databases need a search engine to perform optimallyVectors provide predictions based on the most likely context within the vector spaceLLMs allow for semantic search without exact termsVector databases lack the user's context, which affects relevanceElasticsearch as a vector database allows for additional context and combines multiple search modalities Understanding Context in Information RetrievalThe Power of Elasticsearch as a Vector Database "LLMs and vectors databases and vector search and retrieval augmented generation, all the above, still need a search engine to perform to their optimal accuracy and efficiency.""LLMs are trained on a large amount of content, so they understand the patterns of language usage.""With Elasticsearch as your vector database, you can vectorize your content using third-party models and then bring to bear your additional context that LLMs don't have any knowledge of." Chapters 00:00 The Role of Search Engines in Optimizing LLMs and Vector Databases 02:16 Limitations of Vector Databases and the Need for Additional Context 04:12 Elasticsearch: A Superior Vector Database with Multiple Search Modalities