O documento apresenta a empresa TechBiz Forense Digital e sua parceria com a Palantir para fornecer soluções de análise de inteligência e segurança cibernética. A Palantir oferece uma plataforma de análise de dados que permite a integração e colaboração segura entre analistas para resolver problemas complexos envolvendo grandes volumes de dados estruturados e não estruturados.
3. 1995 Fundação da TechBiz Informática 2005 TechBiz Forense Digital é concebida Distribuidora Exclusiva Guidance Software, Intelligent Computer Solutions, MicroSystemation 2006 Início formal das operações, com escritório em Belo Horizonte e São Paulo 2008 Torna-se 1º Guidance Authorized Professional Services Division no mundo Distribuidora exclusiva Digital Intelligence, LTU Technologies, Veresoftware, Wiebetech, Tableau 2007 2009 Distribuidora exclusiva de Access Data, ArcSight, NetWitness 2010 Duplicação do Time Novas Parcerias Palantir, iDefense Executa o maior projeto mundial de Encase Forensics Novos escritórios em Brasília e Rio de Janeiro
4. Nossos Clientes Mercado Financeiro Mercado Telecom Indústria ABIN Exército do Brasil Marinha do Brasil Presidência da República Polícia Federal Petrobrás Ministério da Saúde Ministério da Justiça Superior Tribunal de Justiça Ministério Público – SP Ministério Público – RS Ministério Público – ES DIPOL – SP Secretaria de Fazenda – SP Secretaria de Fazenda – MG Secretaria de Segurança – MT Instituto Geral de Perícia – RS Instituto de Criminalística – MG Instituto de Criminalística – ES Instituto de Criminalística – RJ Instituto de Criminalística – BA Instituto de Criminalística – DF Instituto de Criminalística – PR Instituto de Criminalística – SC Instituto de Criminalística – SP
8. Os Palantír são artefatos mágicos do universo ficcional criado por Tolkien. Originalmente eram sete as pedras videntes de númenor , mas algumas se perderam com o passar dos anos na Terra-média. Tais pedras serviam para se comunicar umas com as outras, mas usuários com grande força de vontade podiam "guiar" a visão da pedra para virtualmente qualquer parte do mundo e talvez até do tempo, permitindo vislumbrar fatos distantes no tempo ou no espaço. (...) a pedra, e conseguiu com sua força de vontade se revelar a Sauron e antecipar o ataque do Inimigo. http://pt.wikipedia.org/wiki/Palantir
14. Busca e Descoberta de Dados Busca em todas as fontes de dados de uma interface única (conceituais, persistentes, geoespaciais) Segurança validada pela norma ICD 501 - Diretiva da Comunidade de Inteligência (EUA): DISCOVERY AND DISSEMINATION OR RETRIEVAL OF INFORMATION WITHIN THE INTELLIGENCE COMMUNITY
15.
16. 01/07/11 Diretiva da Comunidade de Inteligência (EUA): DISCOVERY AND DISSEMINATION OR RETRIEVAL OF INFORMATION WITHIN THE INTELLIGENCE COMMUNITY
30. Suporte a Multiplas Fontes de Dados 01/07/11 Support for Multiple Data Sources Data within the Palantir system is tied to data sources. Analysts can import data in small batches, for example a handful of documents, or in bulk, for example an entire database or file system. Palantir categorizes data as originating from: Structured data sources, such as a database, a .csv file, or any tab delimited or fixed-width file. Semi-structured, such as an email, email server, or forms such as a suspicious activity report (SAR) or currency transaction report (CTR). Unstructured data sources are typically encoded files such as PDF, sound, and image files.
34. 01/07/11 Federated Search Using Raptor Federated search allows your users to search multiple database sources with a single query from a single user interface. Using Palantir’s search functionality you can search the Data Repository or you can search against data external to Palantir. Analysts can perform a single search in the UI and the search runs transparently against all the data sources available to the system. The Raptor Server is the component of Palantir that supports federated searches (searches on external data). Using Raptor, you identify data sources outside of Palantir, such as, an archive of documents. Raptor indexes these archived documents. Analysts use the SearchAround feature to perform federated searches. The same access-control features you use with repository data apply to the data searchable through Raptor. Raptor is an optional feature of Palantir. You need not install it, but most customers do.
35. 01/07/11 Accessible and Extensible Open Platform Palantir is an open platform. It has a rich set of features such as APIs that allow you to customize at a deep level the Palantir’s features and/or to integrate it with other third-party software. The following lists some features that you can work with in this manner: Authentication Palantir works with your existing authentication and authorization sources. For example, you can use your existing LDAP services with Palantir or make use of public key credentials. You can also have multiple authentication sources. Palantir’s authentication web service provides a common interface to these multiple sources. XML Palantir XML (pXML) provides a human-readable, serialized form of the Palantir object model. A special format, DocXML, supports the specialized needs of document formats. Through this XML API you can pull data into Palantir from other sources or translate Palantir objects for use in other parts of your infrastructure. Palantir Ontology APIs Your developers can use Palantir’s ontology APIs to extend the functionality of object properties. These APIs allow you to extract, transform, validate, and load a wide range of data types into your Palantir ontology. Client Connection API Allows developers to write applications using the same API used by the Palantir Workspace. The API provides abstraction for the object model, the Revisioning Database, and the access-control model. Using this simple Java API you could, for example, quickly write a web-based view application for Palantir. This is just an overview. These features are discussed in-depth in the remaining Palantir library.
38. Analytical Stack Open Source Stack Palantir Stack Description Palantir Government System of record, knowledge management, collaboration Object Explorer Let subject matter experts explore Big Data Horizon Programmatically run fast streaming algorithms HBase, HyperTable, Cassandra HBase/Cassandra Run fast structured queries, run longer SQL-style analysis Hadoop Map Reduce, Pig, Hive Hadoop Map Reduce Run programmatic queries in parallel Hadoop HDFS Hadoop HDFS Raw data storage
There have been recent success stories where people attack hard problems from multiple angles: Breaking up Russian Business Network took many people from different groups, datasets of netflow, malware, wire transfers, international corporate structure ?? Found crypto library HB Gary is looking at Aurora attacks, using binary analysis to link genealogy of attacks, linking them to source code found in forums, linking to people University of Toronto found hacks against Dalia Lama, looked at timing and target clusters, discovering motivations of attackers
we said that a petabyte was huge – that’s 10^15. To give you an idea of the scale a person can work with, chess has something called the Shannon number which is number of valid board positions you can have. It’s 10^43. And yet a person can 1) conceptualize what every board position is, and 2) look at any position and tell you who’s winning. Complexity of chess is 10^123.