Category Archives: Events

VB-Trend 2018 Splunk Conference

Today I attended VB-Trend 2018 Splunk conference organized by system integrator VolgaBlob.

VB-Trend 2018

Video fragments from the event:

Comparing to “Splunk Discovery Day“, the conference was much smaller (less than 100 people), focused on technical aspects, Information Security and informal communication. And I need to say that there really was a lot of talks with colleagues from different companies, not only about Splunk, but also about Vulnerability Management, Application Security and Container Security.

Continue reading

Splunk Discovery Day Moscow 2018

Today I attended the Splunk Discovery Day 2018 conference. It is something like a local equivalent of the famous Splunk .conf. More than 200 people have registered. The event was held in the luxury Baltschug Kempinski hotel in the very center of Moscow with a beautiful view of the Red Square and St. Basil’s Cathedral.

Recently, I have been working more and more with Splunk: I develop connectors, write searches and dashboards, optimize them. Splunk has become the main data visualization tool for me.

Splunk Discovery Day Moscow 2018

Video from the event (27 minutes). This is NOT a complete recording of speeches, but rather some fragments and slides.

At the same time, I make most of data analysis with my own Python scripts. Currently this approach seems more effective. But as for providing final results in a beautiful way and making various notifications, in this sphere Splunk is really convenient and useful. Of course, I can make own a Web GUI application that will do something similar for my tasks, it doesn’t make sense if there is an Enterprise level tool that is very good for this.

My tasks are not quite typical for Splunk clients from Security Teams who look at it in the context of SIEM and SOC mainly. Asset Inventory is actually similar to Business Intelligence: almost all connectors are non-standard, and there are no strict requirements for real time (we operate with days and months, not seconds). We have same approach: “Bring some data to Splunk and get insights from it.” And in this sense, it is great that this event was NOT for the information security experts mainly.

Continue reading

ISACA Moscow Vulnerability Management Meetup 2018

Last Thursday, September 20th, I spoke at ISACA Moscow “Vulnerability Management” Meetup held at Polytechnic University. The only event in Moscow devoted solely to Vulnerability Management. So I just had to take part in it. 🙂

ISACA VM 2018 Alexander Leonov

The target audience of the event – people who implement the vulnerability management process in organizations and the employees of Vulnerability Management vendors. I noticed groups of people from Altex-Soft (Altx-Soft), Positive Technologies and Vulners.

It was very interesting to see such concentration of Vulnerability and Compliance Management specialists in one place. Questions from the audience were relevant and often concerned the weaknesses of competitors. 😉 Here I will make a brief overview of the reports. You can also read here about previous year event at “ISACA Moscow Vulnerability Management Meetup 2017“.

Talking about the audience, there were fewer people than last year, but still a lot:

ISACA VM 2018 auditorium small

The event was recorded. I will add video here as soon as it’s ready.

upd. Video in Russian. My presentation starts at 1:35:56

The event was conducted entirely in Russian, including all the slides. So, maybe I will make English subtitles and voiceover, at least for my part.

Continue reading

CyberThursday: Asset Inventory, IT-transformation in Cisco, Pentest vs. RedTeam

Two weeks ago I was speaking at a very interesting information security event – CyberThursday. This is a meeting of a closed Information Security practitioners group. The group is about 70 people, mainly from the financial organizations, telecoms and security vendors.

CyberThursday 2018 Asset Inventory

These meetings have a rather unique atmosphere. Almost everyone knows each other. The event has no permanent place. It constantly moves between the offices of large Russian companies. The hoster, usually a CISO, can bring his IT and InfoSec colleagues. For others, only “bring a friend” format is available. This helps keep the event focussed and very informal. Participants propose and approve the topics by voting in the chat group. There is no place for marketing, all topics are practical and relevant.

Continue reading

Qualys Security Conference Virtual 2018. New Agents, Patch Management and Free Services

Today I attended a very interesting online event – Qualys Security Conference Virtual 2018. It consisted of 11 webinars, began at 18:00 and will end at 03:45 Moscow time. Not the most convenient timing for Russia, but it was worth it. 🙂

Qualys Security Conference 2018

Last time I was at offline QSC event in 2016, so for me it was especially interesting to learn about the new features of Qualys platform.

Continue reading