Elastic AI Security Analytics & HPC Incident Response with Runtime Integrity

Join the Elastic Kansas City User Group and Invary on Wednesday, March 26th for a meetup. We'll have presentations from Dr. Wes Peck (CTO at Invary), Justin Higdon (Principal Solutions Architect at Elastic) and Dane Engquist (Principal Solutions Architect at Elastic), followed by networking, refreshments, and pizza.

📅Date and Time:
Wednesday, March 26th, from 6:00-8:00 pm CDT

📍Location:
RSM Building: 4622 Pennsylvania Ave Suite 1100, Kansas City, MO 64112 -The meetup will take place in the Plaza Room

🚗 Parking:
Parking validations will be available at the front desk on the 11th floor for anyone using the attached parking garage.

Parking Garage Instructions:
Upon arrival at the north parking garage entry, pull a paper ticket to access the parking garage and when you arrive at the office, stop by the 11th floor RSM reception and we can validate your parking ticket.

Visitors are welcome to park anywhere in the parking garage that is not marked "reserved". Parking garage levels LL2, P1 and P6 all have direct elevator access to the 10th and 11th floors. If you park on any other floor,
you will need to go to P1 or P6 to get to the 10th or 11th floors.

🪧 Arrival Instructions:
When you arrive at the RSM building, head to the 11th floor

📝 Agenda:

• 6:00 pm: Doors open
• 6:30 pm: Enhancing Decision-Making and Incident Response in HPC Clusters through Runtime Integrity Appraisals in Elasticsearch - Dr. Wes Peck (CTO at Invary)
• 7:00 pm: Elastic AI Security Analytics Workshop - Justin Higdon (Principal Solutions Architect at Elastic) and Dane Engquist (Principal Solutions Architect at Elastic)
• 7:30-8:00 pm: Networking

💭 Talk Abstracts:
Enhancing Decision-Making and Incident Response in HPC Clusters through Runtime Integrity Appraisals in Elasticsearch - Dr. Wes Peck (CTO at Invary)

High-Performance Computing (HPC) clusters are the backbone of critical research, defense, and enterprise systems, making them high-value targets for advanced cyber threats. Ensuring the integrity of these systems at runtime is crucial to maintain operational security and minimize downtime. Invary’s Runtime Integrity platform addresses this challenge by verifying the integrity of operating systems in memory and detecting anomalies in real-time. By integrating these appraisals into Elasticsearch, organizations can leverage powerful data aggregation and visualization capabilities to enhance security decision-making and response.

This talk will explore how Invary integrates its Runtime Integrity appraisals with Elasticsearch to transform raw kernel measurements into actionable insights. We will cover the following key areas:

1. Runtime Integrity for HPC Clusters:
-Overview of Invary’s approach to runtime integrity, including real-time
measurement and verification of operating systems and kernels.
-The importance of integrity validation in HPC environments to detect known and unknown threats and deny attackers persistence in the kernel.
2. Integration with Elasticsearch:
-A technical walkthrough of how Invary’s appraisals are ingested into
Elasticsearch via HTTPS and logs.
-Demonstrating seamless integration workflows, including parsing and indexing runtime integrity data.
3. Data Aggregation and Visualization:
-Leveraging Elasticsearch’s advanced querying and dashboard features to analyze runtime integrity results.
-Creating visualizations that highlight integrity anomalies, system trends, and security postures.
4. Enabling Effective Decision-Making:
-Case studies showcasing how enriched runtime integrity data in Elasticsearch aids in prioritizing security incidents.
-Automating alerts for critical integrity violations to enable rapid responses.
5. Impact on Incident Response:
-Accelerating incident response times by providing clear, actionable insights to security teams.
-Reducing operational overhead through automated workflows and integration with existing SIEM/SOAR tools.
Attendees will gain practical insights into deploying Invary’s Runtime Integrity platform with Elasticsearch to secure HPC clusters. This integration not only enhances visibility into system integrity but also empowers security teams to make informed decisions and respond swiftly to emerging threats, ensuring the resilience of mission-critical computing environments.

Elastic AI Security Analytics Workshop - Justin Higdon (Principal Solutions Architect at Elastic) and Dane Engquist (Principal Solutions Architect at Elastic)

Join us for an interactive, hands-on workshop demonstrating how the Elastic AI Assistant can enhance your Security Operations (SecOps) workflows. This session will guide participants through the complete threat management lifecycle, from initial alert identification and triage to escalation and root cause analysis.

To fully participate in the hands-on lab, please bring your laptop.
Discover how to leverage the Elastic AI Assistant’s advanced capabilities to improve threat detection, investigation, and response. By the end of this workshop, attendees will have a practical understanding of how AI-driven security automation can lead to faster response times, deeper insights, and a stronger security posture.

Key Focus Areas:

• Daily Alert Prioritization
• Learn how to optimize time spent in the alert funnel by identifying high-priority threats.
• Alert Triage and Investigation
• Utilize AI-powered summarization and event correlation to streamline incident analysis.