Marat Salakhutdinov
Senior Customer Solutions Architect
Kong Inc.
Marat has 20+ years experience in tech. He’s a Principal Solutions Architect helping customers secure cloud-native platforms and apps. Before Sysdig, he consulted on DevOps, delivering Kubernetes and cloud solutions to global companies.
Speaker sessions
AI-augmented incident response: a hands-on CTF with MCP-powered agents
Security teams drown in signals while attacks move across cloud infrastructure. This hands-onArsenal Lab turns that reality into a capture-the-flag challenge on a live AWS environmentrunning Amazon EKS. Participants will use an AI investigation agent - backed by Multiple MCP(Model Context Protocol) tool servers to triage Falco runtime detections, correlate Kubernetesaudit events, map AWS-side activity, and reconstruct the attack path. The CTF simulates arealistic intrusion (Ports scanning -> vulnerability/misconfiguration exploit -> lateral movement ->data exfil), and the agent guides each step by orchestrating queries against the tool stack,explaining reasoning, and generating next-best actions. The top 3 scorers win prizes.
- 16:00
- Tue
- 02 Dec
Stage:
Arsenal Lab
Sessions Type:
Demo
Noizr - universal SOC AI Plugin
Today, security teams are overwhelmed by noisy alerts, false positives, and fragmented event streams often lacking clear, actionable insights. Responding effectively to real threats becomes increasingly complex in such environments.To address these challenges, we present a concept of the Universal SOC AI Plugin that integrates seamlessly with runtime threat detection tools. This solution tackles key pain points by:- Reducing noise and filtering out false positives- Prioritizing threats based on severity and context- Aggregating events to present a unified threat picture- Providing a flexible API interface for tailored integrations- Enabling webhooks for streamlined response via external systemsThis demo will showcase how the plugin enhances situational awareness, simplifies threat triage, and enables faster, more informed response actions across any SOC environment. As a team, we would love to hear your thoughts and feedback and collaborate further.
- 16:20
- Wed
- 03 Dec
Stage:
Arsenal 3
Sessions Type:
Demo
AI-augmented incident response: a hands-on CTF with MCP-powered agents
Security teams drown in signals while attacks move across cloud infrastructure. This hands-onArsenal Lab turns that reality into a capture-the-flag challenge on a live AWS environmentrunning Amazon EKS. Participants will use an AI investigation agent - backed by Multiple MCP(Model Context Protocol) tool servers to triage Falco runtime detections, correlate Kubernetesaudit events, map AWS-side activity, and reconstruct the attack path. The CTF simulates arealistic intrusion (Ports scanning -> vulnerability/misconfiguration exploit -> lateral movement ->data exfil), and the agent guides each step by orchestrating queries against the tool stack,explaining reasoning, and generating next-best actions. The top 3 scorers win prizes.
- 14:00
- Thu
- 04 Dec
Stage:
Arsenal Lab
Sessions Type:
Demo