Scaling Threat Detection for Migros with Efficient Network Flow Data Storage

This meetup will be hosted by Migros at Limmatstrasse 152 in Zurich, Switzerland. Save the date, more details coming soon.

Schedule

• 17:30 Doors open, welcome, Networking
• 18:00 Intro
• 18:05 Threat Detection at Scale by Roger Blum & Pascal Imthurn @ Migros
• 18:50 Leveraging Time Series Data Streams for Efficient Network Flow Data Storage by Robert Cowart @ElastiFlow
• 19:30 Snacks, Drinks

Talks

Threat Detection at Scale by Roger Blum & Pascal Imthurn @ Migros

Migros, the largest retailer in Switzerland, has very interesting challenges in many areas. That is also valid in the field of Cyber Threat Detection. We aspired to build a very scalable infrastructure, allowing also for custom requirements to be implemented. Therefore, we designed an architecture and a SIEM Use Case rule management system to do exactly that. Let us explain.

Our presentation covers the implementation and operation of a SIEM (Security Information and Event Management) based on Elasticsearch. This SIEM is used for multiple partner companies within the Migros group. The talk will address the following aspects:

• Architecture of the Elastic Infrastructure: We’ll explain how our infrastructure is set up and which components are used for threat detection.
• Maintenance and Deployment of Detection Rules: We’ll demonstrate how we maintain threat detection rules and roll them out automatically in our SIEM.

Leveraging Time Series Data Streams for Efficient Network Flow Data Storage by Robert Cowart - CEO & Co-Founder @ElastiFlow

Network Flow data is not a typical time-series data source, presenting unique challenges in terms of storage and management. ElastiFlow has created an innovative method using Elasticsearch's Time Series Data Streams (TSDS) to address these challenges, enabling users to achieve up to a 70% reduction in flow data storage requirements.
In this talk we will delve into the journey of developing this solution, exploring the process that led us to the final TSDS-based approach and examining the advantages and disadvantages along the way.