Correlating threat data – orchestration & next generation takedowns

Friday 5 October 11:00 - 11:30, TIS room

Tobias Knecht (Abusix)



What if takedowns could take place within seconds of detection? Advances in No-SQL platform processing speed combined with cloud-driven hyperscale sensor networks have made it possible to analyse very large data sets of abuse incidents in near real time. Tobias will explain how Abusix has enabled fast correlation with smart reporting of threat observations, quickly linking abused servers with attacked networks and users. The next frontier is to orchestrate playbooks and human trust factors required for fully automated takedowns, effectively closing the time gap within which miscreants cause harm.

Tobias has managed abuse departments for some of the world’s largest hosting companies, he was a co-founder of the Global (Abuse) Reporting Project and is Co-Chair of the RIPE Anti-Abuse Working Group.



Back to VB2018 Programme page

Other VB2018 papers

Android app deobfuscation using static-dynamic cooperation

Yoni Moses (Check Point)
Yaniv Mordekhay (Check Point)

Hide'n'Seek: an adaptive peer-to-peer IoT botnet

Adrian Șendroiu (Bitdefender)
Vladimir Diaconescu (Bitdefender)

Draw me like one of your French APTs – expanding our descriptive palette for digital threat actors

Juan Andres Guerrero-Saade (Chronicle)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.