With the current trends towards zero trust networks, deployment of billions of IoT devices, interconnection of critical infrastructure to the cloud, well-organised threat agents, and the rise of fully autonomous systems, both the control of our environments and the security of our networks/systems are hard to achieve. As a matter of fact, it will not be manageable with traditional security safeguards and practices.
In our 1 ½ years of research we had the target to build not just another SIEM and so we have identified, modified and combined the best available technologies and practices, providing an alternative capability to master the current and future security challenges, all without any log, IDS/IPS, AV or EP data feeds. We've focused on network-related information analytics, combining technologies such as deep packet inspection, big data search, graph databases and machine learning to identify technologies and malicious intent.
We have analysed more than 20 billion flows in all kind of networks and would like to share our results and findings, how to apply such approaches to a security analytics system, a hunting platform or a security safeguard, identifying analyze attacks and compromises not detected by other state of the art safeguards. Furthermore we want to speak about the often propagated "end of DPI" as a result of encrypted traffic. We think our work might change the view on such predictions.