How Mr. Robot’s Technical Consultant, Ryan Kazanciyan, used Kibana on the Show

This post is part of the Elastic{ON} 2018 blog series where we recap specific demos and related deep-dive sessions from the conference. From machine learning forecasting to APM to security analytics with Mr. Robot — check out the list at the bottom of this post. 

From behind the scenes to onstage in front of thousands, Ryan Kazanciyan, technical consultant for USA Network’s Mr. Robot, knows how to entertain a crowd. At Elastic{ON} 2018, he described how Elliott, the show’s protagonist, used the Elastic Stack to track the Dark Army in a pivotal point in the season. He sheds light on how the team approaches creating realistic security events and piques the interest of technology professionals and security buffs across the globe.

The team at Mr. Robot creates characters, story arcs, and realistic threats that enthrall its audience. And it doesn’t happen by accident. Their writers and technical consultants dive head first into the security events that they describe on the show. They take inspiration from real-life attacks and carefully craft each screenshot that appears on a character’s computer. When a security event is featured on the show, the team never relies on flashy visuals that have no place in reality (think four hands typing on the same keyboard). The show is built on the details, which are heavily vetted by people like Kazanciyan. Days (or weeks) of technical research come to fruition in major plot points that change the course of the story.

In the episode entitled, “Disassembled: 3.4_Runtime-Error.R00”, Elliott secretly allows the Dark Army to continue their attacks so he can track their every move with real-time visualizations in Kibana and anticipate their next steps. We can see their log entries, login attempts, and their executed commands on compromised systems — the same information that's tied to real security events. The Mr. Robot team enjoys hiding Easter eggs in plain sight, so keep a close eye if you want to explore the same interactive dashboard that Elliott uses in the episode. Kazanciyan goes on to mention that the feedback from the Elastic community was the largest they’ve seen from incorporating a specific technology — and he got more positive reactions live during the keynote.

Kazanciyan presented an in-depth session on scalable security and incident response describing security events from Evil Corp and beyond. He discusses the importance of finding a story in the data and how visualizations in Kibana have made that role simpler. Although his night job was consulting on the show, he describes how threat detection in the real world also involves connecting the dots.

And don’t miss two of our resident experts diving into what it takes to build a security analytics platform in the world of threats today. Threat hunting is about being proactive, combining human expertise with machine efficiency, and using tools that are seriously fast.

See what else we covered during the conference in these recaps: 

• Geo Roadmap for Elasticsearch and Kibana: Layers, GeoJSON, Vega
• But First, Coffee - An Elastic{ON} Canvas Story
• Operational Data Analysis with the Elastic Stack
• Monitor Kubernetes with Beats Autodiscover Feature
• Here to Help - An Elastic{ON} Canvas Story
• Data Rollups in Elasticsearch
• App Search with Elasticsearch
• A Preview of SQL in Canvas with Rashid, Creator of Kibana
• Using Kibana and Beats for Security Analytics
• Machine Learning Forecasting on Elasticsearch Data 
• APM for the Elastic Stack - A Recap
• Machine Learning, Logging, and More on Hosted Elasticsearch