Stamus Networks is excited to return to Black Hat Europe 2024 at Excel London, United Kingdom 9-12 December, 2024. Our team will be there demonstrating the new Clear™ NDR at Arsenal, Black Hat Europe’s open-source showcase. Additionally, Stamus Networks Co-Founder Éric Leblond will be teaching conference visitors about the Suricata Language Server, one of Stamus Networks’ many open-source projects, introducing attendees to Clear NDRTM, the latest evolution of open-source network security, and discussing a new approach to leverage the benefits of AI and machine learning that gives defenders complete visibility and control over their AI-based defenses.
Black Hat Europe is always a great week full of thought leadership and practical knowledge shared through research, developments, and recent trends in information security. Security experts from Europe and around the world will be sharing their findings and discussing real-world problems and the solutions they have identified to solve them. It’s a great opportunity for network security practitioners to see the direction of the industry and gain a better understanding of the work their peers are doing to protect their respective organizations.
We have four speaking engagements scheduled at the event:
Session 1: The Anti-"Black Box" Cybersecurity Algorithm Transparency and Explainable AI
- 11 December
- 11:35 AM
- Business Hall - Theater A
For years, cybersecurity was largely based on some level of blind faith. Enterprises selected vendors and were asked to trust how their technology worked without really seeing or understanding how it operated – the traditional "black box" model.
The closed and opaque nature of artificial intelligence (AI) has the potential to exacerbate the black box situation to the point where enterprises would not fully know how their network and business assets are being protected. As Gartner noted in an Emerging Technologies report last December, "As artificial intelligence technology matures, there is an expectation for the AI-enabled decisions to not only be accurate but also be understandable — calling upon AI-based systems to be increasingly transparent with their associated risks managed and mitigated by inclusion of explainable AI."
In threat detection, AI already plays a role in gathering source data as well as multi-source analysis in data lakes, SIEM or XDR platforms. GenAI has the potential for defenders to query the data to help identify new IoCs and TTPs, however the lack of transparency poses both practical and ethical challenges for enterprises.
A new approach is to leverage the benefits of AI and machine learning, implemented with extreme transparency – exposing the actual code used in AI algorithms to defenders so they can tune them to optimize for their organization's specific business or security requirements. This not only gives defenders complete visibility and control over their AI-based defenses, but also taps into the open-source heritage of sharing technology advances to strengthen community defenses.
Session 2 & 3: Streamlining Suricata Signature Writing: Mastering the Art with Suricata Language Server
- 11 December
- 12:45 PM
- Business Hall - Arsenal Station 5
- 11 December
- 3:25 PM
Writing signatures for Suricata and other intrusion detection systems (IDS) is considered by many to be a form of art. One of the main reasons is that the rule writer needs to start by examining a network trace to identify patterns that are representative to a threat/behavior without being too broad (to avoid false positives) or too narrow (to avoid being escaped at the first change of a bit in the attack). But the language used to write signatures is the second reason. It is not really expressive and doesn't have advanced constructs. As a result signatures require complex writing to do things that could appear simple. And there are implicit conventions and structures that must be followed to guarantee correct integration in the detection engine.
The open-source Suricata Language Server (SLS) has been developed to solve these problems. SLS is a Language Server Protocol implementation that allows the user to benefit from built-in Suricata diagnostic capabilities when editing rules. SLS provides advanced diagnostics as well as auto-completion.
In this talk, Éric Leblond will show you how SLS can be used and how to make sense of the error messages. You will also discover what Suricata features are used behind the scene to make this possible.
Session 4: Clear NDR - Community Edition: The Next Evolution in Open-Source Network Security
- 12 December
- 12:45 PM
- Business Hall - Arsenal Station 2
For the last decade, SELKS has been the go-to open source platform for network security professionals, combining Suricata's power with an all-in-one toolkit. Now, we're unveiling its revolutionary successor: Clear™ NDR - CE (community edition) from Stamus Networks.
This isn't just an upgrade; it's a complete reimagining of what open source network security can be. We've rebuilt the platform from the ground up, focusing on:
- Streamlined User Experience: An intuitive interface that makes complex threat hunting and incident response accessible to both seasoned analysts and newcomers alike.
- Commercial-Grade Performance: Leveraging the architecture of our Stamus Security Platform, Clear™ NDR - CE delivers the speed and scalability required for modern, high-traffic networks.
- Feature Parity: Inherit many of the advanced features previously exclusive to our commercial platform, including
- 100% Open Source Commitment: Clear™ NDR - CE remains completely free to use, modify, and distribute. We believe in the power of community collaboration to drive innovation in network security.
In this talk, Leblond will dive into the technical details of Clear™ NDR - CE, showcasing its capabilities through real-world scenarios. We'll also discuss our vision for the future of open source network security and how you can get involved in shaping this exciting new platform.
Whether you're a long-time SELKS user, a security enthusiast, or simply curious about the future of network defense, this session will provide a comprehensive introduction to Clear™ NDR - CE and its potential to transform the way you protect your networks.
Key Takeaways:
- Discover the key advancements in Clear™ NDR - CE compared to SELKS
- Learn how to leverage its powerful features for enhanced threat detection and response
- Understand the benefits of open source in the network security landscape
- Gain insights into how you can contribute to and benefit from the Clear™ NDR - CE community
See you in London!
We are so excited to meet you there and hear all about the work you are doing. If you plan on attending the event, please stop and visit us at stand 411, where you can see a demonstration of Clear™ NDR and meet with our on-site team.
If you haven’t already done so, make sure to visit https://www.blackhat.com/eu-24/ to purchase tickets, reserve your room, and view the agenda for the week. We look forward to seeing you there! To stay updated with new blog posts and other news from Stamus Networks, make sure to subscribe to the Stamus Networks blog, follow us on Twitter, LinkedIn, and Facebook, or join our Discord.
