3. !3
Agenda
▪ Who are we and what are our challenges
▪ Background of the Tech and Problem Space: Data Growth VS Security
▪ Powering our SOC: Elastic @KPN
▪ SOC @KPN tomorrow: what does the future look like
4. !4
KPN Security Services
Who are we?
▪ Managed Security Services Provider in the Netherlands
▪ 400 colleagues to deliver our services
▪ SOC/SIEM services 24/7/365
▪ We service Major Accounts in the Netherlands (NS, UWV)
5. !5
Big Data & Security
What are our threats?
▪ We face exponential growth of data and at the same time we have to keep
our organization and the ones of our customers’ secure.
▪ Technological limits of security and data tools.
▪ Visibility gaps
▪ Misinterpretation of threats & mismanagement of collected machine data
▪ Security data overload
▪ Delays in threat detection and undetected threats.
6. !6
KPN Security Services
Our goals
▪ Simplify and Bring Under Control Data Chaos, Complexity, and Costs
▪ Gain More Complete and Accurate Security Analysis and Visibility
▪ Flexibility to manage Data Sources, Streams, and Destinations
▪ Utilize our Security Resources Efficiently
7. ▪ Single tenant
▪ Manual configuration
▪ Normalized data only
▪ Basic API
Old implementation design
8. ▪ Supports non-cef
▪ ArcSight Logstash Plugin
▪ Indexing too much?
▪ Elastic vs Old API
▪ X-Pack with TLS
▪ Kibana Pipeline
Management
▪ 15 Nodes, 3 Masters, 64GB
Ram, 6 Cores, 30GB Heap
Space
Current implementation design
9. ▪ Multi-Tenant
▪ Event Broker
▪ Data Enrichment
▪ Anomaly Detection
▪ Custom Alerts
▪ Automated
Normalization Layer
▪ Fully Scalable
Plans for the future
10. !10
Summary
KPN’s Security System Tomorrow
▪ How does the future of our SOC look like?
▪ Through this Open Architecture we can easily enrich and expand our Data
Platform with other log data of various point solutions
▪ We can make use of AI for threat intel and forensic investigations