IBM Corp.’s research division today announced the release of SysFlow, an open-source security toolkit for hunting breaches in cloud and container environments. SysFlow is designed to tackle a common problem in network protection. Modern security monitoring tools capture system activity with a high degree of granularity, often down to individual events such file changes.
That’s useful to a point but also creates a large amount of noise that makes spotting threats harder. IBM researchers Frederico Araujo and Teryl Taylor described looking for breaches under such circumstances as “akin to searching for a needle in an extremely large haystack.”