Information Security Analyst at Adobe
For the past two years, Bogdan Simion has enjoyed working at Adobe as an Information Security Analyst, where he works to correlate large amounts of data from different environments in an effort to catch and stop threats. He is currently focusing his efforts on creating content in order to improve the host based monitoring capabilities. Bogdan is a big Splunk and OsQuery fan among other open sourced tools.
Are we alone in our infrastructure? A look into the dark corners of endpoints with Hubble.
Being tasked with monitoring an environment consisting of thousands of hosts serving several products scattered across AWS, Azure and data centers in multiple geographies using different Linux and Windows flavors is the stuff of nightmares for Security Professionals. Add in the fact that most vendors focus on Windows for endpoints while treating all other platforms as second tier makes things even harder. While faced with these challenges, after looking into and testing multiple products, we found our solution that does all this and even a bit extra and that is Hubble, a modular security and compliance framework for building robust host monitoring which leverages the capabilities of Facebook’s OsQuery.
This talk will cover an overview of the tool, what it is and isn’t, deployment, configuration, our findings and experiences in working with and how everyone can customize it to better fit their own environment whatever that may be without dishing any extra money as all of this is light on your systems and open sourced.