Enterprise Security with Elastic XDR

Enterprise Security has significantly changed in the era of cloud computing, Big data, machine learning, etc. New threats with higher levels of sophistication are born every day, which requires more evolving technologies and processes to counter them.

Elastic XDR builds on the power of Big data and the Elastic Stack to deliver a limitless and unified solution that provides detection, prevention, and response capabilities across the different levels of the organization's infrastructure.

In this tutorial, you’ll learn about the Security mechanisms for Enterprise Security and how Elastic XDR actionnate the big data to protect organizations from security threats.

Learning Objectives

By participating in this tutorial, you’ll:

  • Learn about the fundamentals of Enterprise Security
  • Learn about the role of big data in the core of enterprise security
  • Learn about the design and implementation of Modern Security Operation Centers and Security as a Service
  • Gain experience with Elastic Stack

Tutorial Details

  • Duration: 3 half days.
  • Prerequisites: An understanding of fundamental security concepts; familiarity with cloud computing and linux systems.
  • Technologies: Elasticsearch, Kibana, Logstash, Beats, Elastic Agent.
  • Assessment Type: Installation of the Elastic Stack and Ingest some sample data.
  • Hardware Requirements:
    • Desktop or laptop computer capable of running the latest version of Chrome or Firefox.
    • Internet connection.
  • Operating System: Windows/ preferably Linux with 4 GB RAM and 20 GB space or more to install the stack.
  • Downloads required:
    • Elasticsearch: latest version
    • Kibana: latest version
    • Logstash: latest version
    • Filebeat: latest version
    • Elastic Agent: latest version
  • Number of trainees: 30 trainees max.
  • Languages: English.

Tutorial Outline

Class 0 — Enterprise Security Fundamentals
  • Episode 1 — Overview of Enterprise Security
    • Introduction to Enterprise security, current challenges and opportunities.
  • Episode 2 — Big data in the core of Enterprise Security
    • Security data sources, Log management, Security Events correlation, etc.
Class 1 — Modern Security Operation Centers & Security-a-a-Service
  • Episode 1 — Architecture, Implementation, Operation of a SOC
    • Architecture design, State of the art of used technologies, SOC operations, Maturity levels, etc.
  • Episode 2 — MITRE ATT&CK Framework, Proactive Security, and Threat Hunting
    • Understanding the MITRE ATT&CK Framework, Exploration of the Enterprise Matrix, Introduction to Threat Hunting and Proactive Security.
  • Episode 3 — Security as a Service: MSSPs vs MDRSs
    • Understanding Security as a service and the different delivery models: MSSPs vs MDRSs.
Class 2 — Hands on the Elastic Stack for security services
  • Episode 1 — Know what: Elasticsearch, Logstash, Kibana?
    • Introduction to Big data management and exploration with the Elastic Stack.
  • Episode 1 — Deployment of the Elastic Stack & ingest of sample data
    • Hands on Lab about the deployment of the Elastic Stack and ingestion of some sample data.
  • Episode 2 — Elastic XDR, Security Analytics, ML with Elastic Stack, etc.
    • Exploration of Elastic Security features and capacities, and illustration with simple scenarios.