Securing Code, Pipelines and the Rearguard from Cyber Threats

Years ago, we broke operations and development silos, embraced observability and distributed tracing, now we are breaking the security silo: the same way we blended development, operations, and database engineering, we have to embed security in the whole process. Early threat modeling is necessary, and security people have to join platform and application design at an early stage. In order to protect company assets from increasingly sophisticated cyber threats, we need to adopt continuous security analysis on code and infrastructure as an essential part of our CI/CD pipelines. New tools and workflows are required, but most of all, we have to complete the cultural switch.

Keywords: DevOps, DevSecOps, Security, Threats


Ruggero Tonelli

Ruggero is a systems engineer focused on performance, automation, and security with a broader experience in architecting and running large-scale, resilient distributed systems. Currently, he is working as Principal Site Reliability Engineer @Netquest. Previously, he was leading the Systems and Data Engineering Team within a cyber threat intelligence company. Continuous improvement advocate and Chaos Engineering practitioner, Ruggero has spent 10+ years on defensive security, mostly using Open Source tools.

Threat Hunting on Linux and Mac with Auditbeat System Module

Many people are building a custom alerting and monitoring systems for Windows using Sysmon and Elastic Stack, but until recently, there hasn't been a reliable way to centrally monitor activity on a wide variety of Mac and Linux systems for much of the information that Sysmon gives you. You could collect auditd and system logs, but each system has differently formatted logs, and the information provided may not be as robust or helpful.

Enter the newly released Elastic Auditbeat System module; it is like Sysmon for Linux. Monitor a fleet of Linux systems for processes, installed packages, sockets, users, and host information. In this talk, we will discuss the Auditbeat System module, advantages and disadvantages, tips for configuring it, and how to use this data to monitor and hunt for intrusions using Kibana.

Keywords: Threat Hunting, Elastic Stack, ELK, Network Forensics


Aaron Jewitt

An American Expat living in Frankfurt, when Aaron is not hunting for hackers, he loves skiing and mountain biking, and he is always busy trying to keep up with his three boys. After spending 10 years at the NSA, Aaron has moved from the Red side to the Blue side; he has gone from being the hunted to being the hunter. Aaron is currently a Security Analyst at Elastic building Threat detection analytics in a distributed cloud-based environment.