Session

Noisebusters and the signal in the dark - identify malicious alerts locally and in real-time

Ever opened your security events dashboard to just turn it right off again. Because there were just too many alerts and you had neither the time nor the nerve to investigate.

Usually, we pay vendors to solve this problem and so we ship our data to some SaaS.
But, what if you could filter out the noise in real-time, without involving any vendor (nor any AI).
I'll show you how we pre-correlate security events locally on each node to save the human as much work as possible.

This is ongoing research for the Austrian Armed Forces to create a sovereign kubernetes SOC that reduces data volume.

You'll see several attack chains buried in (simulated) noise, where entire steps are undetectable but the in-place correlation still extracts the entire attack path.
This solution is for data-center operators or anyone who has a few k8s clusters and no nerve to check each alert.

Dr. Constanze Roedig

Independent OpenSource Maintainer and Cybersecurity Researcher

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top