SlideShare a Scribd company logo

Data Streaming with Apache Kafka in the Defence and Cybersecurity Industry

Kai Wähner
Kai Wähner

Agenda: 1) Defence, Modern Warfare, and Cybersecurity in 202X 2) Data in Motion with Apache Kafka as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics and AI / Machine Learning 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization Technologies discussed in the presentation include Apache Kafka, Kafka Streams, kqlDB, Kafka Connect, Elasticsearch, Splunk, IBM QRadar, Zeek, Netflow, PCAP, TensorFlow, AWS, Azure, GCP, Sigma, Confluent Cloud,

Software
1 of 56
Data Streaming in the Defence Industry Data in Motion for Situational Awareness, Threat Detection, Forensics, Zero Trust Zones Kai Waehner Field CTO kai.waehner@confluent.io @KaiWaehner confluent.io kai-waehner.de linkedin.com/in/kaiwaehner
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Modern Warfare Information technology and real-time information as game changer for defence 4
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Cybersecurity Protection of computer systems and networks from information disclosure and theft Web Scraping, hackers, criminals, terrorists, state-sponsored and state-initiated actors 5
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka The need for secure and scalable defence Defence requires real-time information everywhere! Challenges Stealing IP DDoS Ransomware / wiperware WannaCry, NotPetya, SolarWinds … Damage: Billions of dollars ”Supply chain attack” Digital Transformation Networking Communication Connectivity Open standards ”Always-on” Billions of devices
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Supply Chain Attack Targeting less-secure elements in the supply chain 7 https://www.nortonrosefulbright.com/en/knowledge/publications/dfa3603c/six-degrees-of-separation-cyber-risk-across-global-supply-chains https://www.reuters.com/article/us-tmobile-dataprotection-idUSKCN0RV5PL20151002
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka SECURITY Security SIEM Encryption OT Security Hardware- based Security Cybersecurity How would you have a holistic view and understanding of all the events and potential abuses that are taking place within your organization? Collect and correlate the different activities happening on critical networks CYBERSECURITY is a key piece of the security strategy SIEM and SOAR a (key) piece of the cybersecurity strategy Sometimes not needed (in DMZ / air gapped env) Complex and error prone No help against insiders Continuous real-time data correlation required SOAR Avoid risk (change operations) + Transfer some risk (buy insurance) Real-time Monitoring (Logging, SiteOps, …) Access Control (RBAC, Audit Logs, …)
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Key Challenge: Find the Needle(s) in the Haystack Detect true positives in real-time • Threat detection • Intrusion prevention • Anomaly detection • Compliance auditing • Proactive response Reduce false positives • Automation • Process big volumes of data in real-time • Integration of all sources • No ‘ignore’ on certain events • Creation of filters and correlated event rules • Improve signal-to-noise ratio (SNR) • Correlate “collection of needles” in “signature needle”
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka This is a fundamental paradigm shift... 20 Infrastructure as code Data in motion as continuous streams of events Future of the datacenter Future of data Cloud Event Streaming
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Real-time Data beats Slow Data. Cybersecurity Risk classification Threat detection Intrusion detection Incident response Command Post Intelligent Navigation Vehicle Inspection Location-based Services Logistics Supply Chain Inventory management Fleet Management Military Security monitoring Surveillance Command and Control Military Intelligence
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Apache Kafka is the Platform for Data in Motion MES ERP Sensors Mobile Customer 360 Real-time Alerting System Data warehouse Producers Consumers Streams and storage of real time events Stream processing apps Connectors Connectors Stream processing apps Supplier Alert Forecast Inventory Customer Order 22
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Data in Motion The Backbone for Defence Command Post Enterprise IT Strategic Planning Logs Personal Sensors Security Streams of real time events 23 Connected Vehicles Cyber Security Continuous Data Correlation Monitoring Alerting Proactive Actions
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka End-to-End Cyber Defence with the Kafka Ecosystem Personel Crew, Cargo Vessel Fuel Consumption, Speed, Planned Maintenance Tracking Position, Course, Weather, Draft Drone or Satellite Relay COMMs Resilient Kafka Edge Analytics Bidirectional Ship Edge to Cloud, Shore Edge to Cloud Relay Ingestion Data Integration Streaming Analytics Machine Doing On-Prem Systems Bi-Directional Hybrid Cloud Replication ON SHORE ON PREM Staging, Filtering Shore Edge Analytics
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Integrate with all legacy and modern interfaces Record, filter, curate a broad set of traffic streams Let analytic sinks consume just the right amount of data Drastically reduce the complexity of the enterprise architectures Drastically reduce the cost of SIEM / SOAR deployments Add new analytics engines Add stream-speed detection and response at scale in real-time Add mission-critical (non-) security-related applications … is the backbone for data streams in defence!
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Every enterprise is different… Flexibility is key for your cybersecurity initiative! Confluent is an independent foundation. 30
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Kafka Connect Confluent Various Data Producers Flexible Scalable Real-Time Backplane for the Defence Platform Splunk TensorFlow Kafka Forwarder TensorFlow + Kafka plugin Event Streaming Platform OT Domain SIEM Domain Analytics Domain 31 Huge volumes of real-time data from various Kafka topics Backpressure handling and a low velocity Kafka topic High velocity, raw Kafka topic for forensics and ML
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Cyber Situational Awareness is the subset of all situation awareness necessary to support taking actions in cyber 36 Endsley, M. R. Toward a Theory of Situation Awareness in Dynamic Systems. Human Factors, 1995, 37(1), 32-64
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Human – Computer Interface for Decision Making 38 https://www.youtube.com/watch?v=mPJdzzm67sg
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Human – Computer Interface for Decision Making 39 https://www.youtube.com/watch?v=mPJdzzm67sg
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Firewalls & Network Devices Antivirus Access Logs Intrusion Detection Audit Logs Text Files Binary Files Databases APIs Network Flows Syslog The Data
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Transactions Low Velocity, Low Volume Netflow / PCAP High Velocity, High / Ridiculous Volume Ingested via Network Analyzer Gateway Logs Low Velocity, Moderate Volume Store PCAP headers in Tiered Storage or 3rd Party like Corelight as intermediary Data Producers
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Streams Streams Streams Streams Event type-specific parsing and normalization logs-conn-shared logs-resolve-names logs-geoip-asn-iprep Streams Streams logs-index Established connection and client/server detection DNS name resolution GeoIP, IP Reputation and Autonomous System lookup Data Normalization and Enrichment à Improve the signal + filter to lower the noise
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka SIEM Forwarder Threat Detection Near real-time Data Consumers No constraints on integration flows Data curation on the fly Flexible choice of (multiple) consumers Sink to Data Lake Analytical Workloads Batch Native Kafka App Transactional Workloads Real-time
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Sigma 44 • Open-source framework • Domain specific language (DSL) • Specify patterns in cyber data https://github.com/SigmaHQ/sigma
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Sigma Rule Detections • List of detections for each condition • Single or list of values • Individual values or regex • Detection names can also include operators (ex. name|endswith, name|contains, name|greater_than) • Aggregations and windowing Conditions • Nested conditions based on defined detections Detection Names • Generic Sigma names defined • Translated during parsing to meet end SIEM tool using field mapping file
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Confluent Sigma Sigma Stream Processors Zeek Data and Detections Viewer Sigma Rule Editor sigma rules topic DNS dns detections topic dns topic rule parsing, filtering, aggregation, windowing sigma rules cache CONN DHCP HTTP SSL x509 Zeek Data https://github.com/confluentinc/cyber/tree/master/confluent-sigma
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Threat Intelligence 54 Mitigate harmful events in cyberspace Proactive cybersecurity posture that is predictive, not just reactive Bolster overall risk management policies Improved detection of threats Better decision-making during and following the detection of a cyber intrusion See the whole board, more quickly. See around corners. See the enemy before they see you.
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Transactions vs. Analytics 55 Threat intelligence = awareness-in-motion The PATTERN is valuable, not the data.
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Streams logs-index Authorized access using RBAC Machine Learning Predictions via UDFs PII Anonymization logs-alerts logs-index-gdpr Analytics and Actionable Insights in Motion Make sense of the signal and the noise of the data Continuous signature processing Prevent, contain, and neutralize threats proactively Access for data science teams
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Cyber Intelligence Platform leveraging Kafka Connect, Kafka Streams, Multi-Region Clusters (MRC), and more… https://www.intel.com/content/www/us/en/it-management/intel-it-best-practices/modern-scalable-cyber-intelligence-platform-kafka.html
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Digital Forensics 61 • Application of science to criminal and civil laws, mainly during criminal investigation • Forensic scientists collect, preserve, and analyze scientific evidence during the course of an investigating digital media in a forensically sound manner • Identify, preserve, recover, analyze and present facts and opinions about the digital information
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Distributed Digital Forensics at Scale with Kafka and Spark 62 • Digital Forensics Compute Cluster (DFORC2) • High Speed Distributed Computing Capability for Digital Forensics • Extended the digital forensics platform Autopsy with Kafka and Spark to add distributed compute power for data processing https://publications.waset.org/10007817/digital-forensics-compute-cluster-a-high-speed-distributed-computing-capability-for-digital-forensics
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Forensics on Historical Events Give me all events from time A to time B Real-time Producer Time • Capture the complete attack vector • Playback of an attack for the training of humans or machines • Create threat surface simulations • Compliance / regulatory processing Real-time Consumer for an automated actuation Consumer of Historical Data
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Confluent Tiered Storage for Kafka for Forensics of Historical Data 65 (Only available in Confluent Platform) Store data forever Hot and cold storage Cheap object store Easy scale up/down No changes in clients
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Direct streaming ingestion for model training with TensorFlow I/O + Kafka Plugin (no additional data storage like S3 or HDFS required!) Time Model B Model A Producer Distributed Commit Log The Role of AI and Machine Learning for Forensics Model Training with Kafka and TensorFlow I/O https://github.com/tensorflow/io 66 Model X (at a later time)
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka “CREATE STREAM AnomalyDetection AS SELECT facility_code, detectAnomaly(syslog_values) WHERE severity_level = ’Warning’ FROM syslog_source_topic;“ User Defined Function (UDF) 67 The Role of AI and Machine Learning for Forensics Model Deployment with ksqlDB and TensorFlow
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Zero Trust 70 • EVERYTHING needs protecting, not just firewalls and computing assets • It is not cyber network security, but threat intelligence that includes human intelligence • Safe IT/OT integration at industrial sites • There is no such thing as a “unidirectional firewall” • Hardware and / or software-based • Replica servers instead of direct access • Surveillance for Safety and Theft Protection
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Unidirectional Networks for Air-gapped Environments When a Firewall is NOT Enough! 77 • Secure OT – IT bridge • Hardware based data diode or unidirectional gateway • Real time monitoring of safety-critical networks • Secure cloud connectivity of critical OT networks • Database replication and file transfer • Transferring application and operating system updates • Vendors use different terms: Unidirectional network = Unidirectional Gateway = Data Diode
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Confluent Data Diode https://docs.confluent.io/kafka-connect-data-diode Software-based Unidirectional Gateway for Zero Trust Security Architectures Streaming from Industrial Networks to Enterprise Networks UDP-based Source and Sink Kafka Connectors for High Volume and Open Architecture Run over a one-way/UDF hardware interface (Ethernet cable, OWL Cyber, Waterfall, etc.) Optionally/eventually do filtering, anomaly detection, analytics, receive upstream traffic, etc. Site Site Site Work Center Apache PLC4x Work Center Cloud Streams processing Data Lake Data Diode UDP Sink Data Diode UDP Source Kafka Cluster NUC Pair Kafka Instance
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Real-time Anomaly Detection Machine Learning Real-time Situational Awareness Event Driven Mission Distributed Command and Control Security Operations Adversarial Threats Assets, Weapons, Sensors, etc. Zero Trust Edge Architecture OBSERVE ORIENT DECIDE ACT Collect, analyze, and share data in real-time. Provide a fuller picture of the operating environment.
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka 85 Sensor A Sensor B Sensor X MQTT Confluent Platform (Single Broker) Confluent Platform deployed on a small computer and leveraging Cluster Linking to publish sensor data to Command Post in a DDIL environment. Command Post running Confluent Platform aggregating information from Squires and other sensor data Weather Personnel Logistics Targets Sensor data published to Command Post when connected to network Enhanced Situational Awareness Smart Soldiers at the Edge
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka The Challenge with SIEM / SOAR Platforms Forwarder Network traffic Firewall logs RDBMS Application logs Adaptors Beats Machine Data HTTP proxy logs Splunk ArcSight Elastic Proprietary forwarders can only send data to single tool Data is locked from being shared Difficult to scale with growing data volumes High indexing costs of proprietary tools hinder wide adoption Filtering out noisy data is complex and slows response No one tool can support all security and SIEM requirements
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Forensic Archive AI/ML Build A Real-time SIEM / SOAR Pipeline Filter, transform aggregate APP SIEM Index Search Curated streams HDFS S3 Big Query CDC Syslog Network traffic Firewall logs RDBMS Application logs HTTP proxy logs QRadar Arcsight Splunk Elastic Machine Data spooldir (files), SNMP Traps, Databases, Sftp, MQs
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Old New Scan Scan Scan Each SIEM has its own position (offset) Raw-Big-Data-Topic Small-Data-Topic Preprocess and consolidate
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Confluent + Splunk SIEM Reference Architecture (assuming that Splunk UFs already exist – otherwise integrate directly via Kafka to Splunk) Splunk Universal Forwarders (UFs) Windows Event Logs SNMP Syslog Watchlist Zeek IDS Splunk Heavy Forwarders Machine Learning Splunk S2S Connector Splunk HEC Splunk Indexers Splunk Search Head Real-time stream processing with ksqlDB ... 3rd party apps / ecosystems Moving log data from Splunk UFs to your destination of choice
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Palo Alto Networks SOAR 97 Cortex Data Lake collects, transforms and integrates enterprise’s security data to enable Palo Alto Networks solution Billions of messages pass through the Kafka clusters Multiple Kafka clusters in production, size from 10 to just under a 100 brokers each Leverages various Confluent components Design principles: • Cloud agnostic infrastructure • Massively scalable • Aggressive ETA on integrations • Schema versioning support • Microservices architecture • Operational efficiency https://medium.com/engineering-at-palo-alto-networks
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Why Confluent?
@KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Car Engine Car Self-driving Car Confluent Completes Apache Kafka. Cloud-native. Everywhere.
Kai Waehner Field CTO kai.waehner@confluent.io @KaiWaehner confluent.io kai-waehner.de linkedin.com/in/kaiwaehner Questions? Feedback? Let’s connect!

Recommended

Kappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology ComparisonKappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology Comparison
Kai Wähner
 
Kafka for Live Commerce to Transform the Retail and Shopping Metaverse
Kafka for Live Commerce to Transform the Retail and Shopping MetaverseKafka for Live Commerce to Transform the Retail and Shopping Metaverse
Kafka for Live Commerce to Transform the Retail and Shopping Metaverse
Kai Wähner
 
Apache Kafka in the Public Sector (Government, National Security, Citizen Ser...
Apache Kafka in the Public Sector (Government, National Security, Citizen Ser...Apache Kafka in the Public Sector (Government, National Security, Citizen Ser...
Apache Kafka in the Public Sector (Government, National Security, Citizen Ser...
Kai Wähner
 
Real-Life Use Cases & Architectures for Event Streaming with Apache Kafka
Real-Life Use Cases & Architectures for Event Streaming with Apache KafkaReal-Life Use Cases & Architectures for Event Streaming with Apache Kafka
Real-Life Use Cases & Architectures for Event Streaming with Apache Kafka
Kai Wähner
 
Apache Flink, AWS Kinesis, Analytics
Apache Flink, AWS Kinesis, Analytics Apache Flink, AWS Kinesis, Analytics
Apache Flink, AWS Kinesis, Analytics
Araf Karsh Hamid
 
Apache Kafka vs. Cloud-native iPaaS Integration Platform Middleware
Apache Kafka vs. Cloud-native iPaaS Integration Platform MiddlewareApache Kafka vs. Cloud-native iPaaS Integration Platform Middleware
Apache Kafka vs. Cloud-native iPaaS Integration Platform Middleware
Kai Wähner
 
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid CloudKafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kai Wähner
 
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and LinkerdService Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Kai Wähner
 

Recommended

Kappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology ComparisonKappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology Comparison
Kai Wähner
 
Kafka for Live Commerce to Transform the Retail and Shopping Metaverse
Kafka for Live Commerce to Transform the Retail and Shopping MetaverseKafka for Live Commerce to Transform the Retail and Shopping Metaverse
Kafka for Live Commerce to Transform the Retail and Shopping Metaverse
Kai Wähner
 
Apache Kafka in the Public Sector (Government, National Security, Citizen Ser...
Apache Kafka in the Public Sector (Government, National Security, Citizen Ser...Apache Kafka in the Public Sector (Government, National Security, Citizen Ser...
Apache Kafka in the Public Sector (Government, National Security, Citizen Ser...
Kai Wähner
 
Real-Life Use Cases & Architectures for Event Streaming with Apache Kafka
Real-Life Use Cases & Architectures for Event Streaming with Apache KafkaReal-Life Use Cases & Architectures for Event Streaming with Apache Kafka
Real-Life Use Cases & Architectures for Event Streaming with Apache Kafka
Kai Wähner
 
Apache Flink, AWS Kinesis, Analytics
Apache Flink, AWS Kinesis, Analytics Apache Flink, AWS Kinesis, Analytics
Apache Flink, AWS Kinesis, Analytics
Araf Karsh Hamid
 
Apache Kafka vs. Cloud-native iPaaS Integration Platform Middleware
Apache Kafka vs. Cloud-native iPaaS Integration Platform MiddlewareApache Kafka vs. Cloud-native iPaaS Integration Platform Middleware
Apache Kafka vs. Cloud-native iPaaS Integration Platform Middleware
Kai Wähner
 
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid CloudKafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kai Wähner
 
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and LinkerdService Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Kai Wähner
 
IoT & Azure (EventHub)
IoT & Azure (EventHub)IoT & Azure (EventHub)
IoT & Azure (EventHub)
Mirco Vanini
 
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Kai Wähner
 
The Top 5 Apache Kafka Use Cases and Architectures in 2022
The Top 5 Apache Kafka Use Cases and Architectures in 2022The Top 5 Apache Kafka Use Cases and Architectures in 2022
The Top 5 Apache Kafka Use Cases and Architectures in 2022
Kai Wähner
 
When NOT to use Apache Kafka?
When NOT to use Apache Kafka?When NOT to use Apache Kafka?
When NOT to use Apache Kafka?
Kai Wähner
 
Streaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache KafkaStreaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache Kafka
confluent
 
Apache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and LogisticsApache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and Logistics
Kai Wähner
 
Can Apache Kafka Replace a Database?
Can Apache Kafka Replace a Database?Can Apache Kafka Replace a Database?
Can Apache Kafka Replace a Database?
Kai Wähner
 
The Heart of the Data Mesh Beats in Real-Time with Apache Kafka
The Heart of the Data Mesh Beats in Real-Time with Apache KafkaThe Heart of the Data Mesh Beats in Real-Time with Apache Kafka
The Heart of the Data Mesh Beats in Real-Time with Apache Kafka
Kai Wähner
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023
confluent
 
Modern Data Flow
Modern Data FlowModern Data Flow
Modern Data Flow
confluent
 
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Kai Wähner
 
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
apidays
 
Mainframe Integration, Offloading and Replacement with Apache Kafka
Mainframe Integration, Offloading and Replacement with Apache KafkaMainframe Integration, Offloading and Replacement with Apache Kafka
Mainframe Integration, Offloading and Replacement with Apache Kafka
Kai Wähner
 
How to govern and secure a Data Mesh?
How to govern and secure a Data Mesh?How to govern and secure a Data Mesh?
How to govern and secure a Data Mesh?
confluent
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
Araf Karsh Hamid
 
Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...
Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...
Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...
HostedbyConfluent
 
Kafka + Uber- The World’s Realtime Transit Infrastructure, Aaron Schildkrout
Kafka + Uber- The World’s Realtime Transit Infrastructure, Aaron SchildkroutKafka + Uber- The World’s Realtime Transit Infrastructure, Aaron Schildkrout
Kafka + Uber- The World’s Realtime Transit Infrastructure, Aaron Schildkrout
confluent
 
Splunk Live - Security Best Practices for AWS
Splunk Live - Security Best Practices for AWSSplunk Live - Security Best Practices for AWS
Splunk Live - Security Best Practices for AWS
Amazon Web Services
 
Apache Kafka in the Airline, Aviation and Travel Industry
Apache Kafka in the Airline, Aviation and Travel IndustryApache Kafka in the Airline, Aviation and Travel Industry
Apache Kafka in the Airline, Aviation and Travel Industry
Kai Wähner
 
Serverless Kafka on AWS as Part of a Cloud-native Data Lake Architecture
Serverless Kafka on AWS as Part of a Cloud-native Data Lake ArchitectureServerless Kafka on AWS as Part of a Cloud-native Data Lake Architecture
Serverless Kafka on AWS as Part of a Cloud-native Data Lake Architecture
Kai Wähner
 
Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
HostedbyConfluent
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Kai Wähner
 

More Related Content

What's hot

IoT & Azure (EventHub)
IoT & Azure (EventHub)IoT & Azure (EventHub)
IoT & Azure (EventHub)
Mirco Vanini
 
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Kai Wähner
 
The Top 5 Apache Kafka Use Cases and Architectures in 2022
The Top 5 Apache Kafka Use Cases and Architectures in 2022The Top 5 Apache Kafka Use Cases and Architectures in 2022
The Top 5 Apache Kafka Use Cases and Architectures in 2022
Kai Wähner
 
When NOT to use Apache Kafka?
When NOT to use Apache Kafka?When NOT to use Apache Kafka?
When NOT to use Apache Kafka?
Kai Wähner
 
Streaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache KafkaStreaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache Kafka
confluent
 
Apache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and LogisticsApache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and Logistics
Kai Wähner
 
Can Apache Kafka Replace a Database?
Can Apache Kafka Replace a Database?Can Apache Kafka Replace a Database?
Can Apache Kafka Replace a Database?
Kai Wähner
 
The Heart of the Data Mesh Beats in Real-Time with Apache Kafka
The Heart of the Data Mesh Beats in Real-Time with Apache KafkaThe Heart of the Data Mesh Beats in Real-Time with Apache Kafka
The Heart of the Data Mesh Beats in Real-Time with Apache Kafka
Kai Wähner
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023
confluent
 
Modern Data Flow
Modern Data FlowModern Data Flow
Modern Data Flow
confluent
 
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Kai Wähner
 
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
apidays
 
Mainframe Integration, Offloading and Replacement with Apache Kafka
Mainframe Integration, Offloading and Replacement with Apache KafkaMainframe Integration, Offloading and Replacement with Apache Kafka
Mainframe Integration, Offloading and Replacement with Apache Kafka
Kai Wähner
 
How to govern and secure a Data Mesh?
How to govern and secure a Data Mesh?How to govern and secure a Data Mesh?
How to govern and secure a Data Mesh?
confluent
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
Araf Karsh Hamid
 
Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...
Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...
Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...
HostedbyConfluent
 
Kafka + Uber- The World’s Realtime Transit Infrastructure, Aaron Schildkrout
Kafka + Uber- The World’s Realtime Transit Infrastructure, Aaron SchildkroutKafka + Uber- The World’s Realtime Transit Infrastructure, Aaron Schildkrout
Kafka + Uber- The World’s Realtime Transit Infrastructure, Aaron Schildkrout
confluent
 
Splunk Live - Security Best Practices for AWS
Splunk Live - Security Best Practices for AWSSplunk Live - Security Best Practices for AWS
Splunk Live - Security Best Practices for AWS
Amazon Web Services
 
Apache Kafka in the Airline, Aviation and Travel Industry
Apache Kafka in the Airline, Aviation and Travel IndustryApache Kafka in the Airline, Aviation and Travel Industry
Apache Kafka in the Airline, Aviation and Travel Industry
Kai Wähner
 
Serverless Kafka on AWS as Part of a Cloud-native Data Lake Architecture
Serverless Kafka on AWS as Part of a Cloud-native Data Lake ArchitectureServerless Kafka on AWS as Part of a Cloud-native Data Lake Architecture
Serverless Kafka on AWS as Part of a Cloud-native Data Lake Architecture
Kai Wähner
 

What's hot (20)

IoT & Azure (EventHub)
IoT & Azure (EventHub)IoT & Azure (EventHub)
IoT & Azure (EventHub)
 
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
 
The Top 5 Apache Kafka Use Cases and Architectures in 2022
The Top 5 Apache Kafka Use Cases and Architectures in 2022The Top 5 Apache Kafka Use Cases and Architectures in 2022
The Top 5 Apache Kafka Use Cases and Architectures in 2022
 
When NOT to use Apache Kafka?
When NOT to use Apache Kafka?When NOT to use Apache Kafka?
When NOT to use Apache Kafka?
 
Streaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache KafkaStreaming Data and Stream Processing with Apache Kafka
Streaming Data and Stream Processing with Apache Kafka
 
Apache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and LogisticsApache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and Logistics
 
Can Apache Kafka Replace a Database?
Can Apache Kafka Replace a Database?Can Apache Kafka Replace a Database?
Can Apache Kafka Replace a Database?
 
The Heart of the Data Mesh Beats in Real-Time with Apache Kafka
The Heart of the Data Mesh Beats in Real-Time with Apache KafkaThe Heart of the Data Mesh Beats in Real-Time with Apache Kafka
The Heart of the Data Mesh Beats in Real-Time with Apache Kafka
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023
 
Modern Data Flow
Modern Data FlowModern Data Flow
Modern Data Flow
 
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
 
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
APidays Paris 2019 - API-First vs Data Driven Architecture by Jerome Louvel, ...
 
Mainframe Integration, Offloading and Replacement with Apache Kafka
Mainframe Integration, Offloading and Replacement with Apache KafkaMainframe Integration, Offloading and Replacement with Apache Kafka
Mainframe Integration, Offloading and Replacement with Apache Kafka
 
How to govern and secure a Data Mesh?
How to govern and secure a Data Mesh?How to govern and secure a Data Mesh?
How to govern and secure a Data Mesh?
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
 
Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...
Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...
Mainframe Integration, Offloading and Replacement with Apache Kafka | Kai Wae...
 
Kafka + Uber- The World’s Realtime Transit Infrastructure, Aaron Schildkrout
Kafka + Uber- The World’s Realtime Transit Infrastructure, Aaron SchildkroutKafka + Uber- The World’s Realtime Transit Infrastructure, Aaron Schildkrout
Kafka + Uber- The World’s Realtime Transit Infrastructure, Aaron Schildkrout
 
Splunk Live - Security Best Practices for AWS
Splunk Live - Security Best Practices for AWSSplunk Live - Security Best Practices for AWS
Splunk Live - Security Best Practices for AWS
 
Apache Kafka in the Airline, Aviation and Travel Industry
Apache Kafka in the Airline, Aviation and Travel IndustryApache Kafka in the Airline, Aviation and Travel Industry
Apache Kafka in the Airline, Aviation and Travel Industry
 
Serverless Kafka on AWS as Part of a Cloud-native Data Lake Architecture
Serverless Kafka on AWS as Part of a Cloud-native Data Lake ArchitectureServerless Kafka on AWS as Part of a Cloud-native Data Lake Architecture
Serverless Kafka on AWS as Part of a Cloud-native Data Lake Architecture
 

Similar to Data Streaming with Apache Kafka in the Defence and Cybersecurity Industry

Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
HostedbyConfluent
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Kai Wähner
 
Resilient Real-time Data Streaming across the Edge and Hybrid Cloud with Apac...
Resilient Real-time Data Streaming across the Edge and Hybrid Cloud with Apac...Resilient Real-time Data Streaming across the Edge and Hybrid Cloud with Apac...
Resilient Real-time Data Streaming across the Edge and Hybrid Cloud with Apac...
Kai Wähner
 
Apache Kafka for Predictive Maintenance in Industrial IoT / Industry 4.0
Apache Kafka for Predictive Maintenance in Industrial IoT / Industry 4.0Apache Kafka for Predictive Maintenance in Industrial IoT / Industry 4.0
Apache Kafka for Predictive Maintenance in Industrial IoT / Industry 4.0
Kai Wähner
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
Amazon Web Services
 
Security Analytics with OpenSearch
Security Analytics with OpenSearchSecurity Analytics with OpenSearch
Security Analytics with OpenSearch
Arnold Van Wijnbergen
 
Keine Angst vorm Dinosaurier: Mainframe-Integration und -Offloading mit Confl...
Keine Angst vorm Dinosaurier: Mainframe-Integration und -Offloading mit Confl...Keine Angst vorm Dinosaurier: Mainframe-Integration und -Offloading mit Confl...
Keine Angst vorm Dinosaurier: Mainframe-Integration und -Offloading mit Confl...
Precisely
 
Apache Kafka® and Analytics in a Connected IoT World
Apache Kafka® and Analytics in a Connected IoT WorldApache Kafka® and Analytics in a Connected IoT World
Apache Kafka® and Analytics in a Connected IoT World
confluent
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
lior mazor
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
Amazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Amazon Web Services
 
Trusted Reliability & Performance with the AppExchange Platform
Trusted Reliability & Performance with the AppExchange PlatformTrusted Reliability & Performance with the AppExchange Platform
Trusted Reliability & Performance with the AppExchange Platformdreamforce2006
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
 
Kafka and Machine Learning in Banking and Insurance Industry
Kafka and Machine Learning in Banking and Insurance IndustryKafka and Machine Learning in Banking and Insurance Industry
Kafka and Machine Learning in Banking and Insurance Industry
Kai Wähner
 
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
Amazon Web Services
 
Supply Chain Optimization with Apache Kafka
Supply Chain Optimization with Apache KafkaSupply Chain Optimization with Apache Kafka
Supply Chain Optimization with Apache Kafka
Kai Wähner
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)
IJNSA Journal
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
Amazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Amazon Web Services
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
Ploynatcha Akkaraputtipat
 

Similar to Data Streaming with Apache Kafka in the Defence and Cybersecurity Industry (20)

Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
 
Resilient Real-time Data Streaming across the Edge and Hybrid Cloud with Apac...
Resilient Real-time Data Streaming across the Edge and Hybrid Cloud with Apac...Resilient Real-time Data Streaming across the Edge and Hybrid Cloud with Apac...
Resilient Real-time Data Streaming across the Edge and Hybrid Cloud with Apac...
 
Apache Kafka for Predictive Maintenance in Industrial IoT / Industry 4.0
Apache Kafka for Predictive Maintenance in Industrial IoT / Industry 4.0Apache Kafka for Predictive Maintenance in Industrial IoT / Industry 4.0
Apache Kafka for Predictive Maintenance in Industrial IoT / Industry 4.0
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
 
Security Analytics with OpenSearch
Security Analytics with OpenSearchSecurity Analytics with OpenSearch
Security Analytics with OpenSearch
 
Keine Angst vorm Dinosaurier: Mainframe-Integration und -Offloading mit Confl...
Keine Angst vorm Dinosaurier: Mainframe-Integration und -Offloading mit Confl...Keine Angst vorm Dinosaurier: Mainframe-Integration und -Offloading mit Confl...
Keine Angst vorm Dinosaurier: Mainframe-Integration und -Offloading mit Confl...
 
Apache Kafka® and Analytics in a Connected IoT World
Apache Kafka® and Analytics in a Connected IoT WorldApache Kafka® and Analytics in a Connected IoT World
Apache Kafka® and Analytics in a Connected IoT World
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Trusted Reliability & Performance with the AppExchange Platform
Trusted Reliability & Performance with the AppExchange PlatformTrusted Reliability & Performance with the AppExchange Platform
Trusted Reliability & Performance with the AppExchange Platform
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Kafka and Machine Learning in Banking and Insurance Industry
Kafka and Machine Learning in Banking and Insurance IndustryKafka and Machine Learning in Banking and Insurance Industry
Kafka and Machine Learning in Banking and Insurance Industry
 
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
 
Supply Chain Optimization with Apache Kafka
Supply Chain Optimization with Apache KafkaSupply Chain Optimization with Apache Kafka
Supply Chain Optimization with Apache Kafka
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 

More from Kai Wähner

Apache Kafka as Data Hub for Crypto, NFT, Metaverse (Beyond the Buzz!)
Apache Kafka as Data Hub for Crypto, NFT, Metaverse (Beyond the Buzz!)Apache Kafka as Data Hub for Crypto, NFT, Metaverse (Beyond the Buzz!)
Apache Kafka as Data Hub for Crypto, NFT, Metaverse (Beyond the Buzz!)
Kai Wähner
 
Serverless Kafka and Spark in a Multi-Cloud Lakehouse Architecture
Serverless Kafka and Spark in a Multi-Cloud Lakehouse ArchitectureServerless Kafka and Spark in a Multi-Cloud Lakehouse Architecture
Serverless Kafka and Spark in a Multi-Cloud Lakehouse Architecture
Kai Wähner
 
Apache Kafka in the Healthcare Industry
Apache Kafka in the Healthcare IndustryApache Kafka in the Healthcare Industry
Apache Kafka in the Healthcare Industry
Kai Wähner
 
Apache Kafka in the Healthcare Industry
Apache Kafka in the Healthcare IndustryApache Kafka in the Healthcare Industry
Apache Kafka in the Healthcare Industry
Kai Wähner
 
Apache Kafka for Real-time Supply Chain in the Food and Retail Industry
Apache Kafka for Real-time Supply Chain in the Food and Retail IndustryApache Kafka for Real-time Supply Chain in the Food and Retail Industry
Apache Kafka for Real-time Supply Chain in the Food and Retail Industry
Kai Wähner
 
Apache Kafka Landscape for Automotive and Manufacturing
Apache Kafka Landscape for Automotive and ManufacturingApache Kafka Landscape for Automotive and Manufacturing
Apache Kafka Landscape for Automotive and Manufacturing
Kai Wähner
 
Event Streaming CTO Roundtable for Cloud-native Kafka Architectures
Event Streaming CTO Roundtable for Cloud-native Kafka ArchitecturesEvent Streaming CTO Roundtable for Cloud-native Kafka Architectures
Event Streaming CTO Roundtable for Cloud-native Kafka Architectures
Kai Wähner
 
Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...
Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...
Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...
Kai Wähner
 
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Kai Wähner
 
IBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka
IBM Cloud Pak for Integration with Confluent Platform powered by Apache KafkaIBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka
IBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka
Kai Wähner
 
Apache Kafka and API Management / API Gateway – Friends, Enemies or Frenemies?
Apache Kafka and API Management / API Gateway – Friends, Enemies or Frenemies?Apache Kafka and API Management / API Gateway – Friends, Enemies or Frenemies?
Apache Kafka and API Management / API Gateway – Friends, Enemies or Frenemies?
Kai Wähner
 
Apache Kafka in the Insurance Industry
Apache Kafka in the Insurance IndustryApache Kafka in the Insurance Industry
Apache Kafka in the Insurance Industry
Kai Wähner
 
Apache Kafka and MQTT - Overview, Comparison, Use Cases, Architectures
Apache Kafka and MQTT - Overview, Comparison, Use Cases, ArchitecturesApache Kafka and MQTT - Overview, Comparison, Use Cases, Architectures
Apache Kafka and MQTT - Overview, Comparison, Use Cases, Architectures
Kai Wähner
 
Connected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaConnected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache Kafka
Kai Wähner
 

More from Kai Wähner (14)

Apache Kafka as Data Hub for Crypto, NFT, Metaverse (Beyond the Buzz!)
Apache Kafka as Data Hub for Crypto, NFT, Metaverse (Beyond the Buzz!)Apache Kafka as Data Hub for Crypto, NFT, Metaverse (Beyond the Buzz!)
Apache Kafka as Data Hub for Crypto, NFT, Metaverse (Beyond the Buzz!)
 
Serverless Kafka and Spark in a Multi-Cloud Lakehouse Architecture
Serverless Kafka and Spark in a Multi-Cloud Lakehouse ArchitectureServerless Kafka and Spark in a Multi-Cloud Lakehouse Architecture
Serverless Kafka and Spark in a Multi-Cloud Lakehouse Architecture
 
Apache Kafka in the Healthcare Industry
Apache Kafka in the Healthcare IndustryApache Kafka in the Healthcare Industry
Apache Kafka in the Healthcare Industry
 
Apache Kafka in the Healthcare Industry
Apache Kafka in the Healthcare IndustryApache Kafka in the Healthcare Industry
Apache Kafka in the Healthcare Industry
 
Apache Kafka for Real-time Supply Chain in the Food and Retail Industry
Apache Kafka for Real-time Supply Chain in the Food and Retail IndustryApache Kafka for Real-time Supply Chain in the Food and Retail Industry
Apache Kafka for Real-time Supply Chain in the Food and Retail Industry
 
Apache Kafka Landscape for Automotive and Manufacturing
Apache Kafka Landscape for Automotive and ManufacturingApache Kafka Landscape for Automotive and Manufacturing
Apache Kafka Landscape for Automotive and Manufacturing
 
Event Streaming CTO Roundtable for Cloud-native Kafka Architectures
Event Streaming CTO Roundtable for Cloud-native Kafka ArchitecturesEvent Streaming CTO Roundtable for Cloud-native Kafka Architectures
Event Streaming CTO Roundtable for Cloud-native Kafka Architectures
 
Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...
Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...
Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...
 
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
 
IBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka
IBM Cloud Pak for Integration with Confluent Platform powered by Apache KafkaIBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka
IBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka
 
Apache Kafka and API Management / API Gateway – Friends, Enemies or Frenemies?
Apache Kafka and API Management / API Gateway – Friends, Enemies or Frenemies?Apache Kafka and API Management / API Gateway – Friends, Enemies or Frenemies?
Apache Kafka and API Management / API Gateway – Friends, Enemies or Frenemies?
 
Apache Kafka in the Insurance Industry
Apache Kafka in the Insurance IndustryApache Kafka in the Insurance Industry
Apache Kafka in the Insurance Industry
 
Apache Kafka and MQTT - Overview, Comparison, Use Cases, Architectures
Apache Kafka and MQTT - Overview, Comparison, Use Cases, ArchitecturesApache Kafka and MQTT - Overview, Comparison, Use Cases, Architectures
Apache Kafka and MQTT - Overview, Comparison, Use Cases, Architectures
 
Connected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaConnected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache Kafka
 

Recently uploaded

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
XfilesPro
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
NaapbooksPrivateLimi
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
ayushiqss
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
varshanayak241
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Hivelance Technology
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
MayankTawar1
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024
Sharepoint Designs
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 

Recently uploaded (20)

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 

Data Streaming with Apache Kafka in the Defence and Cybersecurity Industry

  • 1. Data Streaming in the Defence Industry Data in Motion for Situational Awareness, Threat Detection, Forensics, Zero Trust Zones Kai Waehner Field CTO kai.waehner@confluent.io @KaiWaehner confluent.io kai-waehner.de linkedin.com/in/kaiwaehner
  • 2. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
  • 3. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
  • 4. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Modern Warfare Information technology and real-time information as game changer for defence 4
  • 5. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Cybersecurity Protection of computer systems and networks from information disclosure and theft Web Scraping, hackers, criminals, terrorists, state-sponsored and state-initiated actors 5
  • 6. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka The need for secure and scalable defence Defence requires real-time information everywhere! Challenges Stealing IP DDoS Ransomware / wiperware WannaCry, NotPetya, SolarWinds … Damage: Billions of dollars ”Supply chain attack” Digital Transformation Networking Communication Connectivity Open standards ”Always-on” Billions of devices
  • 7. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Supply Chain Attack Targeting less-secure elements in the supply chain 7 https://www.nortonrosefulbright.com/en/knowledge/publications/dfa3603c/six-degrees-of-separation-cyber-risk-across-global-supply-chains https://www.reuters.com/article/us-tmobile-dataprotection-idUSKCN0RV5PL20151002
  • 8. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka SECURITY Security SIEM Encryption OT Security Hardware- based Security Cybersecurity How would you have a holistic view and understanding of all the events and potential abuses that are taking place within your organization? Collect and correlate the different activities happening on critical networks CYBERSECURITY is a key piece of the security strategy SIEM and SOAR a (key) piece of the cybersecurity strategy Sometimes not needed (in DMZ / air gapped env) Complex and error prone No help against insiders Continuous real-time data correlation required SOAR Avoid risk (change operations) + Transfer some risk (buy insurance) Real-time Monitoring (Logging, SiteOps, …) Access Control (RBAC, Audit Logs, …)
  • 9. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Key Challenge: Find the Needle(s) in the Haystack Detect true positives in real-time • Threat detection • Intrusion prevention • Anomaly detection • Compliance auditing • Proactive response Reduce false positives • Automation • Process big volumes of data in real-time • Integration of all sources • No ‘ignore’ on certain events • Creation of filters and correlated event rules • Improve signal-to-noise ratio (SNR) • Correlate “collection of needles” in “signature needle”
  • 10. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
  • 11. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka This is a fundamental paradigm shift... 20 Infrastructure as code Data in motion as continuous streams of events Future of the datacenter Future of data Cloud Event Streaming
  • 12. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Real-time Data beats Slow Data. Cybersecurity Risk classification Threat detection Intrusion detection Incident response Command Post Intelligent Navigation Vehicle Inspection Location-based Services Logistics Supply Chain Inventory management Fleet Management Military Security monitoring Surveillance Command and Control Military Intelligence
  • 13. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Apache Kafka is the Platform for Data in Motion MES ERP Sensors Mobile Customer 360 Real-time Alerting System Data warehouse Producers Consumers Streams and storage of real time events Stream processing apps Connectors Connectors Stream processing apps Supplier Alert Forecast Inventory Customer Order 22
  • 14. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Data in Motion The Backbone for Defence Command Post Enterprise IT Strategic Planning Logs Personal Sensors Security Streams of real time events 23 Connected Vehicles Cyber Security Continuous Data Correlation Monitoring Alerting Proactive Actions
  • 15. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka End-to-End Cyber Defence with the Kafka Ecosystem Personel Crew, Cargo Vessel Fuel Consumption, Speed, Planned Maintenance Tracking Position, Course, Weather, Draft Drone or Satellite Relay COMMs Resilient Kafka Edge Analytics Bidirectional Ship Edge to Cloud, Shore Edge to Cloud Relay Ingestion Data Integration Streaming Analytics Machine Doing On-Prem Systems Bi-Directional Hybrid Cloud Replication ON SHORE ON PREM Staging, Filtering Shore Edge Analytics
  • 16. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Integrate with all legacy and modern interfaces Record, filter, curate a broad set of traffic streams Let analytic sinks consume just the right amount of data Drastically reduce the complexity of the enterprise architectures Drastically reduce the cost of SIEM / SOAR deployments Add new analytics engines Add stream-speed detection and response at scale in real-time Add mission-critical (non-) security-related applications … is the backbone for data streams in defence!
  • 17. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Every enterprise is different… Flexibility is key for your cybersecurity initiative! Confluent is an independent foundation. 30
  • 18. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Kafka Connect Confluent Various Data Producers Flexible Scalable Real-Time Backplane for the Defence Platform Splunk TensorFlow Kafka Forwarder TensorFlow + Kafka plugin Event Streaming Platform OT Domain SIEM Domain Analytics Domain 31 Huge volumes of real-time data from various Kafka topics Backpressure handling and a low velocity Kafka topic High velocity, raw Kafka topic for forensics and ML
  • 19. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
  • 20. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Cyber Situational Awareness is the subset of all situation awareness necessary to support taking actions in cyber 36 Endsley, M. R. Toward a Theory of Situation Awareness in Dynamic Systems. Human Factors, 1995, 37(1), 32-64
  • 21. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Human – Computer Interface for Decision Making 38 https://www.youtube.com/watch?v=mPJdzzm67sg
  • 22. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Human – Computer Interface for Decision Making 39 https://www.youtube.com/watch?v=mPJdzzm67sg
  • 23. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Firewalls & Network Devices Antivirus Access Logs Intrusion Detection Audit Logs Text Files Binary Files Databases APIs Network Flows Syslog The Data
  • 24. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Transactions Low Velocity, Low Volume Netflow / PCAP High Velocity, High / Ridiculous Volume Ingested via Network Analyzer Gateway Logs Low Velocity, Moderate Volume Store PCAP headers in Tiered Storage or 3rd Party like Corelight as intermediary Data Producers
  • 25. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Streams Streams Streams Streams Event type-specific parsing and normalization logs-conn-shared logs-resolve-names logs-geoip-asn-iprep Streams Streams logs-index Established connection and client/server detection DNS name resolution GeoIP, IP Reputation and Autonomous System lookup Data Normalization and Enrichment à Improve the signal + filter to lower the noise
  • 26. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka SIEM Forwarder Threat Detection Near real-time Data Consumers No constraints on integration flows Data curation on the fly Flexible choice of (multiple) consumers Sink to Data Lake Analytical Workloads Batch Native Kafka App Transactional Workloads Real-time
  • 27. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Sigma 44 • Open-source framework • Domain specific language (DSL) • Specify patterns in cyber data https://github.com/SigmaHQ/sigma
  • 28. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Sigma Rule Detections • List of detections for each condition • Single or list of values • Individual values or regex • Detection names can also include operators (ex. name|endswith, name|contains, name|greater_than) • Aggregations and windowing Conditions • Nested conditions based on defined detections Detection Names • Generic Sigma names defined • Translated during parsing to meet end SIEM tool using field mapping file
  • 29. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Confluent Sigma Sigma Stream Processors Zeek Data and Detections Viewer Sigma Rule Editor sigma rules topic DNS dns detections topic dns topic rule parsing, filtering, aggregation, windowing sigma rules cache CONN DHCP HTTP SSL x509 Zeek Data https://github.com/confluentinc/cyber/tree/master/confluent-sigma
  • 30. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
  • 31. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Threat Intelligence 54 Mitigate harmful events in cyberspace Proactive cybersecurity posture that is predictive, not just reactive Bolster overall risk management policies Improved detection of threats Better decision-making during and following the detection of a cyber intrusion See the whole board, more quickly. See around corners. See the enemy before they see you.
  • 32. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Transactions vs. Analytics 55 Threat intelligence = awareness-in-motion The PATTERN is valuable, not the data.
  • 33. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Streams logs-index Authorized access using RBAC Machine Learning Predictions via UDFs PII Anonymization logs-alerts logs-index-gdpr Analytics and Actionable Insights in Motion Make sense of the signal and the noise of the data Continuous signature processing Prevent, contain, and neutralize threats proactively Access for data science teams
  • 34. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Cyber Intelligence Platform leveraging Kafka Connect, Kafka Streams, Multi-Region Clusters (MRC), and more… https://www.intel.com/content/www/us/en/it-management/intel-it-best-practices/modern-scalable-cyber-intelligence-platform-kafka.html
  • 35. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
  • 36. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Digital Forensics 61 • Application of science to criminal and civil laws, mainly during criminal investigation • Forensic scientists collect, preserve, and analyze scientific evidence during the course of an investigating digital media in a forensically sound manner • Identify, preserve, recover, analyze and present facts and opinions about the digital information
  • 37. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Distributed Digital Forensics at Scale with Kafka and Spark 62 • Digital Forensics Compute Cluster (DFORC2) • High Speed Distributed Computing Capability for Digital Forensics • Extended the digital forensics platform Autopsy with Kafka and Spark to add distributed compute power for data processing https://publications.waset.org/10007817/digital-forensics-compute-cluster-a-high-speed-distributed-computing-capability-for-digital-forensics
  • 38. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Forensics on Historical Events Give me all events from time A to time B Real-time Producer Time • Capture the complete attack vector • Playback of an attack for the training of humans or machines • Create threat surface simulations • Compliance / regulatory processing Real-time Consumer for an automated actuation Consumer of Historical Data
  • 39. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Confluent Tiered Storage for Kafka for Forensics of Historical Data 65 (Only available in Confluent Platform) Store data forever Hot and cold storage Cheap object store Easy scale up/down No changes in clients
  • 40. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Direct streaming ingestion for model training with TensorFlow I/O + Kafka Plugin (no additional data storage like S3 or HDFS required!) Time Model B Model A Producer Distributed Commit Log The Role of AI and Machine Learning for Forensics Model Training with Kafka and TensorFlow I/O https://github.com/tensorflow/io 66 Model X (at a later time)
  • 41. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka “CREATE STREAM AnomalyDetection AS SELECT facility_code, detectAnomaly(syslog_values) WHERE severity_level = ’Warning’ FROM syslog_source_topic;“ User Defined Function (UDF) 67 The Role of AI and Machine Learning for Forensics Model Deployment with ksqlDB and TensorFlow
  • 42. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
  • 43. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Zero Trust 70 • EVERYTHING needs protecting, not just firewalls and computing assets • It is not cyber network security, but threat intelligence that includes human intelligence • Safe IT/OT integration at industrial sites • There is no such thing as a “unidirectional firewall” • Hardware and / or software-based • Replica servers instead of direct access • Surveillance for Safety and Theft Protection
  • 44. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Unidirectional Networks for Air-gapped Environments When a Firewall is NOT Enough! 77 • Secure OT – IT bridge • Hardware based data diode or unidirectional gateway • Real time monitoring of safety-critical networks • Secure cloud connectivity of critical OT networks • Database replication and file transfer • Transferring application and operating system updates • Vendors use different terms: Unidirectional network = Unidirectional Gateway = Data Diode
  • 45. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Confluent Data Diode https://docs.confluent.io/kafka-connect-data-diode Software-based Unidirectional Gateway for Zero Trust Security Architectures Streaming from Industrial Networks to Enterprise Networks UDP-based Source and Sink Kafka Connectors for High Volume and Open Architecture Run over a one-way/UDF hardware interface (Ethernet cable, OWL Cyber, Waterfall, etc.) Optionally/eventually do filtering, anomaly detection, analytics, receive upstream traffic, etc. Site Site Site Work Center Apache PLC4x Work Center Cloud Streams processing Data Lake Data Diode UDP Sink Data Diode UDP Source Kafka Cluster NUC Pair Kafka Instance
  • 46. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Real-time Anomaly Detection Machine Learning Real-time Situational Awareness Event Driven Mission Distributed Command and Control Security Operations Adversarial Threats Assets, Weapons, Sensors, etc. Zero Trust Edge Architecture OBSERVE ORIENT DECIDE ACT Collect, analyze, and share data in real-time. Provide a fuller picture of the operating environment.
  • 47. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka 85 Sensor A Sensor B Sensor X MQTT Confluent Platform (Single Broker) Confluent Platform deployed on a small computer and leveraging Cluster Linking to publish sensor data to Command Post in a DDIL environment. Command Post running Confluent Platform aggregating information from Squires and other sensor data Weather Personnel Logistics Targets Sensor data published to Command Post when connected to network Enhanced Situational Awareness Smart Soldiers at the Edge
  • 48. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Agenda 1) Defence and Cybersecurity in 202X 2) Data in Motion as Defence Backbone 3) Situational Awareness 4) Threat Intelligence 5) Forensics 6) Air-Gapped and Zero Trust Environments 7) SIEM / SOAR Modernization
  • 49. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka The Challenge with SIEM / SOAR Platforms Forwarder Network traffic Firewall logs RDBMS Application logs Adaptors Beats Machine Data HTTP proxy logs Splunk ArcSight Elastic Proprietary forwarders can only send data to single tool Data is locked from being shared Difficult to scale with growing data volumes High indexing costs of proprietary tools hinder wide adoption Filtering out noisy data is complex and slows response No one tool can support all security and SIEM requirements
  • 50. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Forensic Archive AI/ML Build A Real-time SIEM / SOAR Pipeline Filter, transform aggregate APP SIEM Index Search Curated streams HDFS S3 Big Query CDC Syslog Network traffic Firewall logs RDBMS Application logs HTTP proxy logs QRadar Arcsight Splunk Elastic Machine Data spooldir (files), SNMP Traps, Databases, Sftp, MQs
  • 51. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Old New Scan Scan Scan Each SIEM has its own position (offset) Raw-Big-Data-Topic Small-Data-Topic Preprocess and consolidate
  • 52. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Confluent + Splunk SIEM Reference Architecture (assuming that Splunk UFs already exist – otherwise integrate directly via Kafka to Splunk) Splunk Universal Forwarders (UFs) Windows Event Logs SNMP Syslog Watchlist Zeek IDS Splunk Heavy Forwarders Machine Learning Splunk S2S Connector Splunk HEC Splunk Indexers Splunk Search Head Real-time stream processing with ksqlDB ... 3rd party apps / ecosystems Moving log data from Splunk UFs to your destination of choice
  • 53. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Palo Alto Networks SOAR 97 Cortex Data Lake collects, transforms and integrates enterprise’s security data to enable Palo Alto Networks solution Billions of messages pass through the Kafka clusters Multiple Kafka clusters in production, size from 10 to just under a 100 brokers each Leverages various Confluent components Design principles: • Cloud agnostic infrastructure • Massively scalable • Aggressive ETA on integrations • Schema versioning support • Microservices architecture • Operational efficiency https://medium.com/engineering-at-palo-alto-networks
  • 54. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Why Confluent?
  • 55. @KaiWaehner - www.kai-waehner.de – Cybersecurity and SIEM / SOAR Modernization with Apache Kafka Car Engine Car Self-driving Car Confluent Completes Apache Kafka. Cloud-native. Everywhere.