The Journey from Zero to SOC: How Citadel built its Security Operations from the Ground Up on Elastic

•

0 likes•1,203 views

See how Citadel Group replaced their IT ops infrastructure monitoring tool with Elastic Security and Elastic Cloud Enterprise — and how it positively impacted their enterprise software and services managed offerings for their end customers across the world.

Technology

The Journey
from
Zero to SOCAugust 2020
Sean Lengyel
Head of Cyber Security

About ME
- 12 years experience in IT &
Cyber Security
- 10 years in the Australian
Department of Defence
- Royal Australian Air Force
Veteran
- Built Citadel’s SOC from the
ground up

About Us
3
text
Text
© Citadel Group | Journey from Zero to SOC |
Health Solutions
Keeping People &
Information SafeEnterprise Solutions Technology Services
Professional Services

About Us – Security Operations
4© Citadel Group | Journey from Zero to SOC |
Where does the
Citadel SOC fit in?

About Us – Mission
5© Citadel Group | Journey from Zero to SOC |
Protect Customer Data

M
FA
TrustedDevice
About Us – Zero Trust
6© Citadel Group | Journey from Zero to SOC |
MFATrustedDevice
M
FA
Trusted Device
M
FAAny Device
MFA
Trusted Device
MFA
Trusted Device
Credential Manager
Launcher
Tenable.io
ASD Essential Eight
InTune MDM
Citadel SOE
Windows 10
MFAAny Device Elastic Endgame
Elastic Beats
Web Proxy Agents
MSCT/CIS Hardening
ASD Essential Eight
MFA
Any Device
MFA
Any Device
Any Device
Locked down
GooglePlay Store
Device Hardening
InTune MDM
Locked down
Apple App Store
Device Hardening
InTune MDM
Apple IOS Android
MFA
Trusted Device
Customer
Environments

Some of the problems we faced…
9© Citadel Group | Journey from Zero to SOC |
• Existing solution didn’t offer native SIEM capabilities
• SIEM capabilities were an expensive add-on
• Very expensive to ingest the all the logs we needed
• The licencing model meant that it would have made it
very costly to ingest the following logs:
- Windows Sysmon Events (Security & Observability)
- Windows Perfmon Events (Observability)
- Azure SQL Database Audit Events (Security)
- Azure NSG Firewall Events (Security)
- Endpoint Protection Agent Logs (Security)
- Azure Diagnostics (Observability)

The positives…
10© Citadel Group | Journey from Zero to SOC |
I was very lucky to be working with some very security conscious
Developers, Cloud Engineers & Application Specialists

Why Elastic?
12© Citadel Group | Journey from Zero to SOC |
Cost: Perfect for a growing organisation
Security Features: Great out of the box features that a SOC needs
Observability: Allows us to met our service operations needs
Scalability: The SOC can easily grow as the company grows
Machine Learning: Detecting outliers without needing complicated rules
Customisation: Building alerts tailored to our environments

Where are we now?
14© Citadel Group | Journey from Zero to SOC |

Where are we now?
15© Citadel Group | Journey from Zero to SOC |
ü Windows 10 Endpoint Logs
ü Azure AD Audit & Sign-in Logs
ü Azure Resources Audit Logs
ü SaaS Cloud Application Logs
ü Windows Customer Server Logs
ü Linux Customer Server Logs
ü SQL Database Audit Logs
ü On-prem & Cloud-based Firewall Logs
ü Web Application Firewall Logs
ü Office365 ATP Logs
ü MS Defender ATP Logs
ü Elastic Endgame Logs

SIEM Signals
16© Citadel Group | Journey from Zero to SOC |

SIEM Signals
17© Citadel Group | Journey from Zero to SOC |

Custom SIEM Signal
18© Citadel Group | Journey from Zero to SOC |

Elastic Endgame
19© Citadel Group | Journey from Zero to SOC |

Elastic Endgame – Custom Rule
20© Citadel Group | Journey from Zero to SOC |

Final Thoughts
21© Citadel Group | Journey from Zero to SOC |
We are in a good place now

Thank you!
sean.lengyel@citadelgroup.com.au

What's hot

Building Elastic into security operations

Elasticsearch

October 2020 meetup

Daliya Spasova

Cisco Connect 2018 Singapore - Next generation hyperconverged infrastructure

NetworkCollaborators

Cisco Connect 2018 Singapore - Cisco Incident Response Services

NetworkCollaborators

Los equipos de SecOps asumen más responsabilidad que nunca para aumentar actividad desde una fuerza de trabajo recientemente remota, lo que acelera la necesidad de la transformación digital. Conoce cómo evolucionó Elastic Security para ayudar a los equipos de SecOps tomar un enfoque más amplio e inclusivo en base a la seguridad y preparar a sus organizaciones para el éxito. Además, conoce la visión de lo que vendrá.

Conferencia principal: Evolución y visión de Elastic Security

Elasticsearch

Keynote: Elastic Security evolution and vision

Elasticsearch

Managing access permissions in the public cloud can be a very complex process. In fact, by 2023, 75% of cloud security failures will result from the inadequate management of identities, access and privileges, according to Gartner. Join us as Guy Flechter, CISO of AppsFlyer, presents a real-world case of how his company works to enforce least-privilege and to govern identities in their cloud. This webinar will also provide an overview of how to govern access and achieve least privilege by analyzing the access permissions and activity in your public cloud environment. With thousands of human and machine identities, roles, policies and entitlements, this webinar will give you the tools to examine the access open to people and services in your public cloud, and determine whether that access is necessary. In this workshop, you will learn about: The risks of IAM misconfiguration and excessive entitlements in cloud environments The challenges in identifying and mitigating Identity and access risks for both human and machine identities How to automate cloud identity governance and entitlement management with Ermetic

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...

DevOps.com

Cisco Connect 2018 Singapore - Cybersecurity strategy

NetworkCollaborators

Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...

NetworkCollaborators

Palestra de abertura: Evolução e visão do Elastic Security

Elasticsearch

Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World

NetworkCollaborators

Découvrez pourquoi Elastic Cloud est la solution idéale pour exploiter toutes les offres d'Elastic. Bénéficiez d'une flexibilité d'achat et de déploiement au sein de Google Cloud, de Microsoft Azure, d'Amazon Web Services ou des trois à la fois. Apprenez quels avantages vous apporte une offre de service géré et déterminez la solution qui vous permet de la gérer par vous-même grâce à des outils intégrés d'automatisation et d'orchestration. Et ce n'est pas tout ! Familiarisez-vous avec les fonctionnalités qui peuvent vous aider à scaler vos opérations au fur et à mesure de l'évolution de votre déploiement, à stocker vos données d'une manière rentable et à optimiser vos recherches. Ainsi, vous n'aurez plus à abandonner de données et obtiendrez les informations exploitables dont vous avez besoin pour assurer le fonctionnement de votre entreprise.

Tirez pleinement parti d'Elastic grâce à Elastic Cloud

Elasticsearch

Cisco Connect 2018 Singapore - Do more than keep the lights on

NetworkCollaborators

Cisco Connect 2018 Singapore - Data center transformation a customer perspec...

NetworkCollaborators

Cisco Connect 2018 Singapore - delivering intent for data center networking

NetworkCollaborators

Cisco Connect 2018 Singapore - Cisco CMX

NetworkCollaborators

Managing Compliance in Container Environments

Twistlock

Elastic Security: Proteção Empresarial construída sobre o Elastic Stack

Elasticsearch

Keynote: Looping through data, insight, and action

Elasticsearch

Red Hat OpenShift is enabling quicker adoption of DevOps practices. Containers are an essential component of DevOps and the OpenShift Kubernetes Container Platform is integral for orchestration within these environments. Data security is now challenged to keep pace with the size and scope of container usage. The migration from legacy in-house deployments to hybrid-cloud installations has created new attack surfaces as data is shared more freely in Kubernetes deployments. Protecting data at rest and in motions is a necessity. Learn how you can keep data protected and securely share data in OpenShift environments with real-time data protection solutions.

Secure Data Sharing in OpenShift Environments

DevOps.com

What's hot (20)

Building Elastic into security operations

October 2020 meetup

Cisco Connect 2018 Singapore - Next generation hyperconverged infrastructure

Cisco Connect 2018 Singapore - Cisco Incident Response Services

Conferencia principal: Evolución y visión de Elastic Security

Keynote: Elastic Security evolution and vision

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...

Cisco Connect 2018 Singapore - Cybersecurity strategy

Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...

Palestra de abertura: Evolução e visão do Elastic Security

Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World

Tirez pleinement parti d'Elastic grâce à Elastic Cloud

Cisco Connect 2018 Singapore - Do more than keep the lights on

Cisco Connect 2018 Singapore - Data center transformation a customer perspec...

Cisco Connect 2018 Singapore - delivering intent for data center networking

Cisco Connect 2018 Singapore - Cisco CMX

Managing Compliance in Container Environments

Elastic Security: Proteção Empresarial construída sobre o Elastic Stack

Keynote: Looping through data, insight, and action

Secure Data Sharing in OpenShift Environments

Similar to The Journey from Zero to SOC: How Citadel built its Security Operations from the Ground Up on Elastic

Cloud Security by CK

Narinrit Prem-apiwathanokul

智慧市政大未來主題一

Mavis CHU

IoT World Forum Press Conference - 10.14.2014

Bessie Wang

Alfresco Virtual DevCon 2020 - Security First!

Jason Jolley

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes

ThousandEyes

Success with enterprise Internet of Things (IoT) initiatives begins with strong partnerships between IT and operations technology (OT) organizations and identifying relevant use cases with measurable ROI. Next, choosing the right IoT architecture and technology requires determining the capabilities are needed at the edge and what are needed in the cloud and datacenter to minimize cost and enable analytics-driven action. This session will discusses the challenges involved with introducing sensors and smart devices into your network, including building infrastructure and analytics capabilities , and securing data and applications. Learn how Dell'S IoT-specific gateways, edge analytics software and infrastructure solutions provide flexible architecture options for multiple IoT use cases.

MT81 Keys to Successful Enterprise IoT Initiatives

Dell EMC World

As a novel computing platform in network, IoT will bring many security challenges to enterprise networks, and create new opportunities for security industry. This talk will provide a general overview of enterprise network security problems, especially the data security, caused by IoT. After that, a few existing security technologies are evaluated as necessary elements of a holistic network security that cover IoT devices. These technologies include : (a) IoT security monitoring and control; (b) FOTA for firmware vulnerability management; (c) NetFlow based big data security analysis. In the end, the practice of standard security protocols (such as OpenIoC and IODEF) will be strongly advocated for delivering effective IoT security solutions.

IoT Security: Problems, Challenges and Solutions

Liwei Ren任力偉

SwitchIT-02.2018-Company-overview.pptx

WILFRIEDKOUASSIKAN

Softwide Security Company Introduction 2024

Softwide Security

Tomorrow Starts Here - Security Everywhere

Cisco Canada

I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...

IftikharUddin Syed CRISC, EHCE, ITIL, M.S. IT Security

Micro-segmentation protects your network by limiting the lateral movement of ransomware and other threats in your network. Yet successfully implementing a defense-in-depth strategy using micro-segmentation may be complicated. In this second webinar in a series of two webinars about ransomware, Yitzy Tannenbaum, Product Marketing Manager from AlgoSec and Jan Heijdra, Cisco Security Specialist, will provide a blueprint to implementing micro-segmentation using Cisco Secure Workload (formerly Cisco Tetration) and AlgoSec Network Security Policy Management. Join our live webinar to learn: • Why micro-segmentation is critical to fighting ransomware • Understand your business applications to create your micro-segmentation policy • Validate your micro-segmentation policy is accurate • Enforce these granular policies on workloads and summarized policies across your infrastructure • Use risk and vulnerability analysis to tighten your workload and network security • Identify and manage security risk and compliance in your micro-segmented environment

2021 01-27 reducing risk of ransomware webinar

AlgoSec

Emc World Keynote Mirchandani

Orange Business Services Business development IT

MILCOM 2013 Keynote Presentation: Larry Payne

AFCEA International

Cloud technology for hospitality

PT Datacomm Diangraha

SAMSUNG SDS.pdf

ShashankKumar241736

Digital Transformation in a World of Connected Devices

MuleSoft

Smart & Secure City Solutions by Rupinder Singh

IPPAI

Sutedjo - open banking may 27, 2021

PT Datacomm Diangraha

#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco

ITSitio.com

Similar to The Journey from Zero to SOC: How Citadel built its Security Operations from the Ground Up on Elastic (20)

Cloud Security by CK

智慧市政大未來主題一

IoT World Forum Press Conference - 10.14.2014

Alfresco Virtual DevCon 2020 - Security First!

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes

MT81 Keys to Successful Enterprise IoT Initiatives

IoT Security: Problems, Challenges and Solutions

SwitchIT-02.2018-Company-overview.pptx

Softwide Security Company Introduction 2024

Tomorrow Starts Here - Security Everywhere

I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...

2021 01-27 reducing risk of ransomware webinar

Emc World Keynote Mirchandani

MILCOM 2013 Keynote Presentation: Larry Payne

Cloud technology for hospitality

SAMSUNG SDS.pdf

Digital Transformation in a World of Connected Devices

Smart & Secure City Solutions by Rupinder Singh

Sutedjo - open banking may 27, 2021

#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco

More from Elasticsearch

The hallmark of a great search experience is always delivering the most relevant results, quickly, to every user. The difficulty lies behind the scenes in making that happen elegantly and at a scale. From App Search’s intuitive drag and drop interface to the advanced relevance capabilities built into the core of Elasticsearch — Elastic offers a range of tools for developers to tune relevance ranking and create incredible search experiences. In this session, we’ll explore some of Elasticsearch’s advanced relevance ranking features, such as dense vector fields, BM25F, ranking evaluation, and more. Plus we’ll give you some ideas for how these features are being used by other Elastic users to create world-class, category defining search experiences.

An introduction to Elasticsearch's advanced relevance ranking toolbox

Elasticsearch

Eze Castle Integration is a managed service provider (MSP), cloud service provider (CSP), and internet service provider (ISP) that delivers services to more than 1,000 clients around the world. Different departments within Eze Castle have devised their own log aggregation solutions in order to provide visibility, meet regulatory compliance requirements, conduct cybersecurity investigations, and help engineers with troubleshooting infrastructure issues. In 2019, they partnered with Elastic to consolidate the data generated from different systems into a single pane of glass. And thanks to the ease of deployment on Elastic Cloud, professional consultation services from Elastic engineers, and on-demand training courses available on Elastic Learning, Eze Castle was able to go from proof-of-concept to a fully functioning ""Eze Managed SIEM"" product within a month! Learn about Eze Castle's journey with Elastic and how they grew Eze Managed SIEM from zero to 100 customers In less than 14 months.

From MSP to MSSP using Elastic

Elasticsearch

Descubre lo fácil que es crear búsquedas relevantes y enriquecidas en sitios web de cara al público para impulsar las conversiones, incrementar el consumo de contenido y ayudar a los visitantes a encontrar lo que necesitan. Realiza un recorrido por las herramientas de Elastic a las que puedes sacar partido para transformar con facilidad tu sitio web, lo que incluye nuestro nuevo y potente rastreador web.

Cómo crear excelentes experiencias de búsqueda en sitios web

Elasticsearch

Al igual que la mayoría de las organizaciones modernas, tus equipos probablemente usan más de 10 aplicaciones basadas en la nube a diario, pero dedican demasiado tiempo a buscar la información que necesitan en todas estas. Gracias a las características integradas de Elastic Workplace Search, podrás comprobar lo sencillo que resulta poner el contenido relevante al alcance de tus equipos gracias a la búsqueda unificada para todas las aplicaciones que usan para llevar a cabo su trabajo.

Te damos la bienvenida a una nueva forma de realizar búsquedas

Elasticsearch

Comment transformer vos données en informations exploitables

Elasticsearch

À l'instar de la plupart des entreprises modernes, vos équipes utilisent probablement plus de 10 applications hébergées dans le cloud chaque jour, mais passent aussi bien trop de temps à chercher les informations dont elles ont besoin dans ces outils. Grâce aux fonctionnalités prêtes à l'emploi d'Elastic Workplace Search, découvrez combien il est facile de mettre le contenu pertinent à portée de la main de vos équipes grâce à une recherche unifiée sur l'ensemble des applications qu'elles utilisent pour faire leur travail.

Plongez au cœur de la recherche dans tous ses états.

Elasticsearch

Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]

Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox

Elasticsearch

Like most modern organizations, your teams are likely using upwards of 10 cloud-based applications on a daily basis, but spending far too many hours a day searching for the information they need across all of them. With the out-of-the-box capabilities of Elastic Workplace Search, see how easy it is to put relevant content right at your teams’ fingertips with unified search across all the apps they rely on to get work done.

Welcome to a new state of find

Elasticsearch

Building great website search experiences

Elasticsearch

Keynote: Harnessing the power of Elasticsearch for simplified search

Elasticsearch

Cómo transformar los datos en análisis con los que tomar decisiones

Elasticsearch

Spécialisée dans le développement et la gestion de solutions de veille documentaire et commerciale, Explore offre à ses clients une lecture précise et organisée de l’actualités des marchés et projets sur leurs territoires d'intervention. Afin de rendre leur offre plus agile et performante, Explore a choisi l’offre Elastic Cloud hébergée sur Microsoft Azure. Découvrez comment les équipes de production et de développement sont désormais en mesure de mieux exploiter les données pour les clients d’Explore et gagnent du temps sur la gestion de leur infrastructure.

Explore relève les défis Big Data avec Elastic Cloud

Elasticsearch

Comment transformer vos données en informations exploitables

Elasticsearch

Transforming data into actionable insights

Elasticsearch

"Elastic enables the world’s leading organization to exceed their business objectives and power their mission-critical systems by eliminating data silos, connecting the dots, and transforming data of all types into actionable insights. Come learn how the power of search can help you quickly surface relevant insights at scale. Whether you are an executive looking to reduce operational costs, a department head striving to do more with fewer tools, or engineer monitoring and protecting your IT environment, this session is for you. "

Opening Keynote: Why Elastic?

Elasticsearch

It has now been four years since the beta release of Elastic Cloud Enterprise which kicked off a wave of the Elastic public sector community running Elastic as a service within Government rather than utilizing purely hosted solutions. Fast forward to 2021 and we have multiple options for multiple mission needs. Learn top tips from Elastic architects and their experience enabling their teams with the automation and provisioning of Elastic tech to change the game in how government delivers solutions.

Empowering agencies using Elastic as a Service inside Government

Elasticsearch

The opportunities and challenges of data for public good

Elasticsearch

Enterprise search and unstructured data with CGI and Elastic

Elasticsearch

What's new at Elastic: Update on major initiatives and releases

Elasticsearch

More from Elasticsearch (20)

An introduction to Elasticsearch's advanced relevance ranking toolbox

From MSP to MSSP using Elastic

Cómo crear excelentes experiencias de búsqueda en sitios web

Te damos la bienvenida a una nueva forma de realizar búsquedas

Comment transformer vos données en informations exploitables

Plongez au cœur de la recherche dans tous ses états.

Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]

An introduction to Elasticsearch's advanced relevance ranking toolbox

Welcome to a new state of find

Building great website search experiences

Keynote: Harnessing the power of Elasticsearch for simplified search

Cómo transformar los datos en análisis con los que tomar decisiones

Explore relève les défis Big Data avec Elastic Cloud

Comment transformer vos données en informations exploitables

Transforming data into actionable insights

Opening Keynote: Why Elastic?

Empowering agencies using Elastic as a Service inside Government

The opportunities and challenges of data for public good

Enterprise search and unstructured data with CGI and Elastic

What's new at Elastic: Update on major initiatives and releases

Recently uploaded

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Real Time Object Detection Using Open CV

Khem

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

AWS Community Day CPH - Three problems of Terraform

Advantages of Hiring UIUX Design Service Providers for Your Business

HTML Injection Attacks: Impact and Mitigation Strategies

Scaling API-first – The story of a global engineering organization

Data Cloud, More than a CDP by Matt Robison

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Powerful Google developer tools for immediate impact! (2023-24 C)

Real Time Object Detection Using Open CV

Handwritten Text Recognition for manuscripts and early printed texts

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

How to Troubleshoot Apps for the Modern Connected Worker

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

What Are The Drone Anti-jamming Systems Technology?

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Strategies for Landing an Oracle DBA Job as a Fresher

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

The Journey from Zero to SOC: How Citadel built its Security Operations from the Ground Up on Elastic

1. The Journey from Zero to SOCAugust 2020 Sean Lengyel Head of Cyber Security

2. About ME - 12 years experience in IT & Cyber Security - 10 years in the Australian Department of Defence - Royal Australian Air Force Veteran - Built Citadel’s SOC from the ground up

3. About Us 3 text Text © Citadel Group | Journey from Zero to SOC | Health Solutions Keeping People & Information SafeEnterprise Solutions Technology Services Professional Services

6. M FA TrustedDevice About Us – Zero Trust 6© Citadel Group | Journey from Zero to SOC | MFATrustedDevice M FA Trusted Device M FAAny Device MFA Trusted Device MFA Trusted Device Credential Manager Launcher Tenable.io ASD Essential Eight InTune MDM Citadel SOE Windows 10 MFAAny Device Elastic Endgame Elastic Beats Web Proxy Agents MSCT/CIS Hardening ASD Essential Eight MFA Any Device MFA Any Device Any Device Locked down GooglePlay Store Device Hardening InTune MDM Locked down Apple App Store Device Hardening InTune MDM Apple IOS Android MFA Trusted Device Customer Environments

7. Where did Our logging Journey start?

8. Where did our logging journey start?

9. Some of the problems we faced… 9© Citadel Group | Journey from Zero to SOC | • Existing solution didn’t offer native SIEM capabilities • SIEM capabilities were an expensive add-on • Very expensive to ingest the all the logs we needed • The licencing model meant that it would have made it very costly to ingest the following logs: - Windows Sysmon Events (Security & Observability) - Windows Perfmon Events (Observability) - Azure SQL Database Audit Events (Security) - Azure NSG Firewall Events (Security) - Endpoint Protection Agent Logs (Security) - Azure Diagnostics (Observability)

10. The positives… 10© Citadel Group | Journey from Zero to SOC | I was very lucky to be working with some very security conscious Developers, Cloud Engineers & Application Specialists

11. Why Elastic?

12. Why Elastic? 12© Citadel Group | Journey from Zero to SOC | Cost: Perfect for a growing organisation Security Features: Great out of the box features that a SOC needs Observability: Allows us to met our service operations needs Scalability: The SOC can easily grow as the company grows Machine Learning: Detecting outliers without needing complicated rules Customisation: Building alerts tailored to our environments

13. Fast forward to Today

15. Where are we now? 15© Citadel Group | Journey from Zero to SOC | ü Windows 10 Endpoint Logs ü Azure AD Audit & Sign-in Logs ü Azure Resources Audit Logs ü SaaS Cloud Application Logs ü Windows Customer Server Logs ü Linux Customer Server Logs ü SQL Database Audit Logs ü On-prem & Cloud-based Firewall Logs ü Web Application Firewall Logs ü Office365 ATP Logs ü MS Defender ATP Logs ü Elastic Endgame Logs

22. Thank you! sean.lengyel@citadelgroup.com.au

The Journey from Zero to SOC: How Citadel built its Security Operations from the Ground Up on Elastic

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to The Journey from Zero to SOC: How Citadel built its Security Operations from the Ground Up on Elastic

Similar to The Journey from Zero to SOC: How Citadel built its Security Operations from the Ground Up on Elastic (20)

More from Elasticsearch

More from Elasticsearch (20)

Recently uploaded

Recently uploaded (20)

The Journey from Zero to SOC: How Citadel built its Security Operations from the Ground Up on Elastic