Correlating threat data – orchestration & next generation takedowns

Friday 5 October 11:00 - 11:30, TIS room

Tobias Knecht (Abusix)



What if takedowns could take place within seconds of detection? Advances in No-SQL platform processing speed combined with cloud-driven hyperscale sensor networks have made it possible to analyse very large data sets of abuse incidents in near real time. Tobias will explain how Abusix has enabled fast correlation with smart reporting of threat observations, quickly linking abused servers with attacked networks and users. The next frontier is to orchestrate playbooks and human trust factors required for fully automated takedowns, effectively closing the time gap within which miscreants cause harm.

Tobias has managed abuse departments for some of the world’s largest hosting companies, he was a co-founder of the Global (Abuse) Reporting Project and is Co-Chair of the RIPE Anti-Abuse Working Group.



Back to VB2018 Programme page

Other VB2018 papers

DOKKAEBI: Documents of Korean and Evil Binary

Jaeki Kim (Financial Security Institute)
Kyoung-Ju Kwak (Financial Security Institute)
Min-Chang Jang (Financial Security Institute)

Shedding skin - Turla's fresh faces

Kurt Baumgartner (Kaspersky Lab)
Mike Scott (Kaspersky Lab)

Code signing flaw in macOS

Thomas Reed (Malwarebytes)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.