Last Day to Save $200 on Cyber Security Training at SANS San Francisco Summer!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Osquery: A Modern Approach to CSIRT Analytics

  • Wednesday, March 20th, 2019 at 3:30 PM EDT (19:30:00 UTC)
  • Dave Shackleford and Milan Shah
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Uptycs

You can now attend the webcast using your mobile device!

Overview

Speed to detection and the ability to provide a comprehensive view of breached systems are the bread and butter of modern CSIRTs. However, having a reliable, comprehensive and consolidated view of high-fidelity system data can often be a frustrating barrier to reducing dwell time, and activating remediation and communication plans.

Join Milan Shah, Uptycs Co-Founder and CTO, as he explores how the open source, universal agent, osquery, is providing a single view of the truth with a comprehensive data set inclusive of 100s of system attributes across operating systems, containers and cloud workloads. Then, see how Uptycs Osquery-Powered Security Analytics Platform further enhances incident investigation with query speeds that match your train of thought, complete historical state recreation, hundreds of performance optimized pre-scheduled queries for continuous monitoring, and more.   

Attendees of this webinar will gain an understanding of:

  • How osquery works, and what data it collects
  • How osquery would fit into a comprehensive IR capability (integration with existing tooling, required team skills, etc)
  • How Uptycs reduces the time and costs associated with deploying osquery at scale

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.


Milan Shah

Milan Shah is a hands on security technologist who enjoys experimenting with the latest in cybersecurity technology. He has also successfully brought some of those technologies to market via a series of startups that he helped to create. Currently, Milan serves as the CTO of Uptycs, a company providing a SaaS solution built around Facebook's osquery universal agent. Prior to co-founding Uptycs, Milan was SVP of Products and Engineering at Core Security, where he delivered on a vision for a new class of automated pen testing solutions. Milan has also served as VP of Engineering at CA Technologies and IMlogic, which was successfully acquired by Symantec. The first part of his career was spent as a member of the early Windows NT development team, and he was a key architect of Microsoft Exchange. Milan holds a Masters in EECS degree from MIT, and a Bachelors in EECS from University of Illinois, Urbana.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.