Speaker

Enhancing open-source IDS & SIEM solutions into AI-enabled XDR & SOAR Solutions in Cloud Environment

The high cost associated with enterprise Cybersecurity Solutions often mean that small and Medium Organisations are increasingly rely on open-source tools like Snort and Wazuh to detect and manage cyber threats, but these solutions often struggle with high false positives, limited automation, and manual response overhead. This not only is a pain point for the security teams, but also reduce the effectiveness of these solutions compared to the industry leading ones.

As attackers become more sophisticated, security operations must evolve to incorporate AI-driven analytics, real-time anomaly detection, and automated response mechanisms.
In this session, we shall explore practical strategies to extend the capabilities of Snort and Wazuh using AI, machine learning, and SOAR automation. Through real-world examples and performing live demonstrations on how these tools can be transformed into an intelligent, scalable, and cost-effective XDR framework. Key takeaways will include:
* Enhancing Detection with AI – Integrating pre-trained machine learning models to improve Snort’s rule-based detection and reduce false positives. We will discuss leveraging AI for malware classification, behavioural analytics, and zero-day attack detection.
* Optimising Security Operations with Wazuh – Utilising Wazuh’s SIEM capabilities for centralised log analysis, event correlation, and endpoint threat monitoring, while enhancing it with AI-powered anomaly detection.
* Automating Incident Response – Demonstrating how organisations can integrate Snort and Wazuh with SOAR solutions to create automated playbooks for intelligent incident triage, containment, and remediation.
* Leveraging Threat Intelligence – Incorporating threat intelligence feeds (e.g., MITRE ATT&CK, MISP, VirusTotal) to dynamically update security rules and enhance attack attribution.
* Deploying in Cloud and Hybrid Environments – Deploying AI-augmented IDS and SIEM solutions across cloud-native, hybrid, and on-premises infrastructures to improve security visibility and response capabilities.

This session is designed for security professionals, cloud architects, and SOC teams looking to modernise their threat detection and response workflows using open-source security tools and AI-driven enhancements.