StreamAlert: A Serverless, Real-time Intrusion Detection Engine

Tuesday, January 31, 2017 - 9:30am–10:00am

Jack Naglieri, Security @ Airbnb

Abstract: 

StreamAlert is a serverless, real-time intrusion detection engine. By building upon technologies such as AWS (platform-as-a-service), Terraform (infrastructure-as-code) and Chef (configuration-as-code), any Security organization can quickly deploy StreamAlert and have it scale to terabytes per hour. StreamAlert enables you to write both simple and complex rules against any of your application, system, or network logs. StreamAlert will remove all of the headaches typically associated with availability, scalability, segmentation, and maintenance (patching, upgrades, etc...). This lets your team focus on their core competency—catching attackers.

Jack Naglieri, Security @ Airbnb

Jack Naglieri is a security engineer at Airbnb, with a passion for DevOps, Security, and Infrastructure. His exposure to information security began as an incident responder for Verisign. After graduation from George Mason University, he moved to the San Francisco Bay area and spent two years at Yahoo as an incident responder. He then transitioned into a security engineering role, with the challenge of deploying security monitoring tools at scale. A year and a half later, he joined Airbnb, and is now open-sourcing a framework that enables real-time data analysis at scale—StreamAlert.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {202476,
author = {Jack Naglieri},
title = {StreamAlert: A Serverless, Real-time Intrusion Detection Engine},
year = {2017},
address = {Oakland, CA},
publisher = {{USENIX} Association},
month = jan,
}

Presentation Video