SlideShare uma empresa Scribd logo

Reveelium Technical Overview - Datasheet EN

ITrust - Cybersecurity as a Service
ITrust - Cybersecurity as a Service

System requirements Backend requirements Minimal hardware requirements Etc.

Software
1 de 4
Baixar para ler offline
Created by: REVEELIUM – TECHNICAL OVERVIEW Hardware dimensioning is driven by various parameters: * Computation performances * event rate * number of data sources * number of entities (IP, users, etc.) * number of use cases etc. * Service and data availability SYSTEM REQUIREMENTS * x86_64 based hardware * Recent Linux distribution (tested on Ubuntu Linux) * Docker and Docker-compose BACKEND REQUIREMENTS * Apache Kafka * Confluent.io Kafka-Rest * KairosDB * HDFS * MongoDB The logs are read, analyzed and eventually stored on a short term basis for analysis purposes. Reveelium makes available all intermediary results issued during its detection process. MINIMAL HARDWARE REQUIREMENTS For smaller, non-critical or test setups, a minimal single server requirement is: * CPU: 8 cores * RAM: 16 Go * DD: 300 Go DATA SOURCES Time series are used for Threat Analysis and the following native logs are used: Netflow, Proxy, DNS… Reveelium may interact with most SIEM (such as Splunk, ArcSight, RSA, Graylog) and applications (such as Active Directory, Apache, etc.). DATA SCIENTIST. NEW USE CASE STUDY. THREAT MODULES. Reveelium's added value goes beyond that of a simple product. We can tailor new use cases according to your needs, we can implement new Threat Modules and finetune the entire process with the help of a Data Scientist. We regurlarly work on new use cases and new Threat Modules by using Reveelium during 30 days inside the information system of the customer. A Data Scientist analyses new datasets and new use cases to apply the best Reveelium algorithm. At the end of the study the use case is integrated in Reveelium as a new Threat Detection Module. According to customer needs, we may propose the following threat modules: APT and malware detection, data extraction detection, user account abuse detection, bank fraud detection, SMTP mail log analysis, telecommunications flow analysis… DETECTION TIME AVERAGE Suspicious domains: immediately Temporal data analysis: 1 day Alert correlation: 1 day Full machine learning stabilization: 1 month DETECTION AND ANALYSIS PROCESS OF SUSPICIOUS BEHAVIORS: 1. Monitoring all available data sources 2a. Correlation between anomalies and contextual data 2b. Anomaly detection with the help of Reveelium 3. Prioritizing response: operator validation INTEGRATION OF REVEELIUM IN THE ABOVE MENTIONED PROCESS:
Created by: HUMAN-MACHINE INTERFACE & REPORTING THREAT OBJECTS From the user's point of view, examining one by one the alerts raised by Reveelium may prove rather demanding, especially when the amount of alerts is large. In order to help the user detect quicker potentially malicious behaviors, Reveelium provides a threat analysis engine too. This attempts to correlate individual alerts to generic scenarios (i.e. specific behavioral patterns of events or sequence of events). Whenever the behavior of an entity matches (even partially) such a scenario, a threat object is created and shown to the user. A threat groups the alerts raised within the last 24 hours that have already (partially) matched the scenario. A threat level is assigned to this set of alerts, which loosely corresponds to the degree a given entity matches the scenario. As mentioned above, threat objects process the alerts raised by Reveelium during the last 24 hours. Therefore, the score of a threat object may evolve in time. If no more alerts will be signaled in the next 24 hours by Reveelium for that entity (i.e. alerts that are relevant to the specific scenario), the threat object will be marked as inactive and removed from the visualization lists. THREAT PROPERTIES Entity: IP of the analyzed machine Scenario: name of the scenario supposedly affecting the entity Last observation: last time when the threat object has been updated Next observation: next time when the update of the threat object is scheduled Score: numeric estimation of the risk level of an entity, between 0 and 100 (can be loosely interpreted as a percentage of the behavior of the entity matching the respective scenario) GUI COMPONENTS The Threats page displays three alternative views, an Entities list view which groups threatening scenarios per entity (i.e. when the entity's behavior matches multiple scenarios), a Threats list view, which lists threats individually, for each available entity and scenario and a Network view, which displays the graph of threats corresponding to a specific topology of the entities (here, the graph of subnetworks). All the three views are synchronized to show the same type of information whenever visualization filters are applied to the current threats set. See in the images below each of the three views of the threat objects. HOME VIEW Displays abnormal behaviour in time, with a priority warning score:
Created by: HUMAN-MACHINE INTERFACE & REPORTING DECISION TREE Enables perfoming an anomaly warning analysis. THREATS LIST Displays the simple list of threats (i.e. not grouped by their entities). ENTITIES LIST Displays the threats grouped per entity (i.e. IP address).
Created by: CONTACT ITrust, 55 avenue de l’Occitane www.itrust.fr/en +33 (0)567 346 780 HUMAN-MACHINE INTERFACE & REPORTING VISUALIZATION TOOLS In addition to the analytic tools described previously, Reveelium provides graphical tools aiming to help the user examine global-scale stats and eventually focus on specific items to further investigate in depth. For example, the screenshot of the Vision page displayed below shows the histogram of the number of alerts per entity (machine) in a specific time interval: Other graphs, also visible from the same menu show, the distribution of types of alerts raised by Reveelium, during a given time interval, or the evolution of the number of alerts per entity during that specific period. NETWORK VIEW Displays the graph of the network entities and their associated threat level. By default, the first and second views show the items sorted by their threat levels. However, the user can opt to sort the entities by IP or by threat score from the top-left option. The third option provides an integrated threat level view over the topology of the entire network. This intuitive tool helps figuring out very quickly which parts of the network may be infected. The user can filter for specific criteria the set of threats displayed by Reveelium, by using the search bar. Clicking on an item from each of the three views enumerated displays the set of alerts having (partially) matched the respective scenario. The details associated with the threat object are displayed on the right panel of the page.

Recomendados

Backtracking king05
Backtracking king05Backtracking king05
Backtracking king05Dalton Dalton
 
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSA SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSIJNSA Journal
 
Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Mustafa Kuğu
 
Intrusion detection system based on web usage mining
Intrusion detection system based on web usage miningIntrusion detection system based on web usage mining
Intrusion detection system based on web usage miningIJCSEA Journal
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Modeling and Testing Security and Privacy Requirements: A Use Case-Driven App...
Modeling and Testing Security and Privacy Requirements: A Use Case-Driven App...Modeling and Testing Security and Privacy Requirements: A Use Case-Driven App...
Modeling and Testing Security and Privacy Requirements: A Use Case-Driven App...Lionel Briand
 
Antivirus engine
Antivirus engineAntivirus engine
Antivirus enginesoran computer institute
 
F0341026029
F0341026029F0341026029
F0341026029inventionjournals
 

Recomendados

Backtracking king05
Backtracking king05Backtracking king05
Backtracking king05Dalton Dalton
 
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSA SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSIJNSA Journal
 
Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Crypto sim_cryptolog_cryptospot_v3
Crypto sim_cryptolog_cryptospot_v3Mustafa Kuğu
 
Intrusion detection system based on web usage mining
Intrusion detection system based on web usage miningIntrusion detection system based on web usage mining
Intrusion detection system based on web usage miningIJCSEA Journal
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Modeling and Testing Security and Privacy Requirements: A Use Case-Driven App...
Modeling and Testing Security and Privacy Requirements: A Use Case-Driven App...Modeling and Testing Security and Privacy Requirements: A Use Case-Driven App...
Modeling and Testing Security and Privacy Requirements: A Use Case-Driven App...Lionel Briand
 
Antivirus engine
Antivirus engineAntivirus engine
Antivirus enginesoran computer institute
 
F0341026029
F0341026029F0341026029
F0341026029inventionjournals
 
Doc2
Doc2Doc2
Doc2jmb072010
 
Moderator
ModeratorModerator
ModeratorSimon Mashiane
 
cv
cvcv
cvskinder Mugwambi
 
Michael-LEED Green Associate
Michael-LEED Green AssociateMichael-LEED Green Associate
Michael-LEED Green AssociateMichael Santulli
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled PresentationMuayyad Karadsheh, MBA
 
GP Surveyors
GP SurveyorsGP Surveyors
GP SurveyorsSamantha Damon
 
tipos de datos
tipos de datostipos de datos
tipos de datosAlditop Alvarado
 
Posten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT TransitionPosten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT TransitionCapgemini
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Darktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdfDarktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdfLeninHernnCortsLlang
 
System Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationSystem Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationCoveros, Inc.
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architectureUltraUploader
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726IJERA Editor
 
NSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMNSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMInternational Journal of Technical Research & Application
 
Quadrant MSSP Doc
Quadrant MSSP DocQuadrant MSSP Doc
Quadrant MSSP DocAmy Lynn Pennington
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINEINTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINEIRJET Journal
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
 
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...IJNSA Journal
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkIJERA Editor
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 

Mais conteúdo relacionado

Destaque

Michael-LEED Green Associate
Michael-LEED Green AssociateMichael-LEED Green Associate
Michael-LEED Green AssociateMichael Santulli
 
Posten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT TransitionPosten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT TransitionCapgemini
 

Destaque (8)

Doc2
Doc2Doc2
Doc2
 
Moderator
ModeratorModerator
Moderator
 
cv
cvcv
cv
 
Michael-LEED Green Associate
Michael-LEED Green AssociateMichael-LEED Green Associate
Michael-LEED Green Associate
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
 
GP Surveyors
GP SurveyorsGP Surveyors
GP Surveyors
 
tipos de datos
tipos de datostipos de datos
tipos de datos
 
Posten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT TransitionPosten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT Transition
 

Semelhante a Reveelium Technical Overview - Datasheet EN

Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Darktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdfDarktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdfLeninHernnCortsLlang
 
System Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationSystem Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationCoveros, Inc.
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architectureUltraUploader
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINEINTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINEIRJET Journal
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
 
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...IJNSA Journal
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkIJERA Editor
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)theijes
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsInformation Technology
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2CFabrizio Farinacci
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through CorrelationAnton Chuvakin
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_SeminarJisoo Park
 
An Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxAn Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxnettletondevon
 

Semelhante a Reveelium Technical Overview - Datasheet EN (20)

Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Darktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdfDarktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdf
 
System Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationSystem Event Monitoring for Active Authentication
System Event Monitoring for Active Authentication
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726
 
NSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMNSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEM
 
Quadrant MSSP Doc
Quadrant MSSP DocQuadrant MSSP Doc
Quadrant MSSP Doc
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
 
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINEINTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
 
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using Splunk
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability Assessments
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2C
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar
 
An Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxAn Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docx
 

Mais de ITrust - Cybersecurity as a Service

L’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécuritéL’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécuritéITrust - Cybersecurity as a Service
 
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécuritéQuand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécuritéITrust - Cybersecurity as a Service
 
Artificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changersArtificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changersITrust - Cybersecurity as a Service
 
Passer de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menacesPasser de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menacesITrust - Cybersecurity as a Service
 
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...ITrust - Cybersecurity as a Service
 

Mais de ITrust - Cybersecurity as a Service (20)

IT security : a five-legged sheep
IT security : a five-legged sheepIT security : a five-legged sheep
IT security : a five-legged sheep
 
Petya, pire que WannaCry ?
Petya, pire que WannaCry ?Petya, pire que WannaCry ?
Petya, pire que WannaCry ?
 
L’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécuritéL’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
 
Manifeste ResistanceCYBER 29.05.17
Manifeste ResistanceCYBER 29.05.17Manifeste ResistanceCYBER 29.05.17
Manifeste ResistanceCYBER 29.05.17
 
Advanced persistent threats, entre mythe et réalité
Advanced persistent threats, entre mythe et réalitéAdvanced persistent threats, entre mythe et réalité
Advanced persistent threats, entre mythe et réalité
 
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécuritéQuand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
 
Artificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changersArtificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changers
 
Manifeste ResistanceCYBER 19.05.17
Manifeste ResistanceCYBER 19.05.17Manifeste ResistanceCYBER 19.05.17
Manifeste ResistanceCYBER 19.05.17
 
Manifeste ResistanceCYBER 18.05.17
Manifeste ResistanceCYBER 18.05.17Manifeste ResistanceCYBER 18.05.17
Manifeste ResistanceCYBER 18.05.17
 
Manifeste ResistanceCYBER 17.05.17
Manifeste ResistanceCYBER 17.05.17Manifeste ResistanceCYBER 17.05.17
Manifeste ResistanceCYBER 17.05.17
 
Manifeste ResistanceCYBER 15.05.17
Manifeste ResistanceCYBER 15.05.17Manifeste ResistanceCYBER 15.05.17
Manifeste ResistanceCYBER 15.05.17
 
Passer de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menacesPasser de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menaces
 
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
 
L’étrange histoire d’un piratage en Angleterre
L’étrange histoire d’un piratage en AngleterreL’étrange histoire d’un piratage en Angleterre
L’étrange histoire d’un piratage en Angleterre
 
Ignorance is bliss, but not for MongoDB
Ignorance is bliss, but not for MongoDBIgnorance is bliss, but not for MongoDB
Ignorance is bliss, but not for MongoDB
 
Cisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicCisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magic
 
ITrust Company Overview FR
ITrust Company Overview FRITrust Company Overview FR
ITrust Company Overview FR
 
ITrust Company Overview EN
ITrust Company Overview ENITrust Company Overview EN
ITrust Company Overview EN
 
SOC OEM - Datasheet FR
SOC OEM - Datasheet FRSOC OEM - Datasheet FR
SOC OEM - Datasheet FR
 
SOC OEM - Datasheet EN
SOC OEM - Datasheet ENSOC OEM - Datasheet EN
SOC OEM - Datasheet EN
 

Último

A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 

Último (20)

Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 

Reveelium Technical Overview - Datasheet EN

  • 1. Created by: REVEELIUM – TECHNICAL OVERVIEW Hardware dimensioning is driven by various parameters: * Computation performances * event rate * number of data sources * number of entities (IP, users, etc.) * number of use cases etc. * Service and data availability SYSTEM REQUIREMENTS * x86_64 based hardware * Recent Linux distribution (tested on Ubuntu Linux) * Docker and Docker-compose BACKEND REQUIREMENTS * Apache Kafka * Confluent.io Kafka-Rest * KairosDB * HDFS * MongoDB The logs are read, analyzed and eventually stored on a short term basis for analysis purposes. Reveelium makes available all intermediary results issued during its detection process. MINIMAL HARDWARE REQUIREMENTS For smaller, non-critical or test setups, a minimal single server requirement is: * CPU: 8 cores * RAM: 16 Go * DD: 300 Go DATA SOURCES Time series are used for Threat Analysis and the following native logs are used: Netflow, Proxy, DNS… Reveelium may interact with most SIEM (such as Splunk, ArcSight, RSA, Graylog) and applications (such as Active Directory, Apache, etc.). DATA SCIENTIST. NEW USE CASE STUDY. THREAT MODULES. Reveelium's added value goes beyond that of a simple product. We can tailor new use cases according to your needs, we can implement new Threat Modules and finetune the entire process with the help of a Data Scientist. We regurlarly work on new use cases and new Threat Modules by using Reveelium during 30 days inside the information system of the customer. A Data Scientist analyses new datasets and new use cases to apply the best Reveelium algorithm. At the end of the study the use case is integrated in Reveelium as a new Threat Detection Module. According to customer needs, we may propose the following threat modules: APT and malware detection, data extraction detection, user account abuse detection, bank fraud detection, SMTP mail log analysis, telecommunications flow analysis… DETECTION TIME AVERAGE Suspicious domains: immediately Temporal data analysis: 1 day Alert correlation: 1 day Full machine learning stabilization: 1 month DETECTION AND ANALYSIS PROCESS OF SUSPICIOUS BEHAVIORS: 1. Monitoring all available data sources 2a. Correlation between anomalies and contextual data 2b. Anomaly detection with the help of Reveelium 3. Prioritizing response: operator validation INTEGRATION OF REVEELIUM IN THE ABOVE MENTIONED PROCESS:
  • 2. Created by: HUMAN-MACHINE INTERFACE & REPORTING THREAT OBJECTS From the user's point of view, examining one by one the alerts raised by Reveelium may prove rather demanding, especially when the amount of alerts is large. In order to help the user detect quicker potentially malicious behaviors, Reveelium provides a threat analysis engine too. This attempts to correlate individual alerts to generic scenarios (i.e. specific behavioral patterns of events or sequence of events). Whenever the behavior of an entity matches (even partially) such a scenario, a threat object is created and shown to the user. A threat groups the alerts raised within the last 24 hours that have already (partially) matched the scenario. A threat level is assigned to this set of alerts, which loosely corresponds to the degree a given entity matches the scenario. As mentioned above, threat objects process the alerts raised by Reveelium during the last 24 hours. Therefore, the score of a threat object may evolve in time. If no more alerts will be signaled in the next 24 hours by Reveelium for that entity (i.e. alerts that are relevant to the specific scenario), the threat object will be marked as inactive and removed from the visualization lists. THREAT PROPERTIES Entity: IP of the analyzed machine Scenario: name of the scenario supposedly affecting the entity Last observation: last time when the threat object has been updated Next observation: next time when the update of the threat object is scheduled Score: numeric estimation of the risk level of an entity, between 0 and 100 (can be loosely interpreted as a percentage of the behavior of the entity matching the respective scenario) GUI COMPONENTS The Threats page displays three alternative views, an Entities list view which groups threatening scenarios per entity (i.e. when the entity's behavior matches multiple scenarios), a Threats list view, which lists threats individually, for each available entity and scenario and a Network view, which displays the graph of threats corresponding to a specific topology of the entities (here, the graph of subnetworks). All the three views are synchronized to show the same type of information whenever visualization filters are applied to the current threats set. See in the images below each of the three views of the threat objects. HOME VIEW Displays abnormal behaviour in time, with a priority warning score:
  • 3. Created by: HUMAN-MACHINE INTERFACE & REPORTING DECISION TREE Enables perfoming an anomaly warning analysis. THREATS LIST Displays the simple list of threats (i.e. not grouped by their entities). ENTITIES LIST Displays the threats grouped per entity (i.e. IP address).
  • 4. Created by: CONTACT ITrust, 55 avenue de l’Occitane www.itrust.fr/en +33 (0)567 346 780 HUMAN-MACHINE INTERFACE & REPORTING VISUALIZATION TOOLS In addition to the analytic tools described previously, Reveelium provides graphical tools aiming to help the user examine global-scale stats and eventually focus on specific items to further investigate in depth. For example, the screenshot of the Vision page displayed below shows the histogram of the number of alerts per entity (machine) in a specific time interval: Other graphs, also visible from the same menu show, the distribution of types of alerts raised by Reveelium, during a given time interval, or the evolution of the number of alerts per entity during that specific period. NETWORK VIEW Displays the graph of the network entities and their associated threat level. By default, the first and second views show the items sorted by their threat levels. However, the user can opt to sort the entities by IP or by threat score from the top-left option. The third option provides an integrated threat level view over the topology of the entire network. This intuitive tool helps figuring out very quickly which parts of the network may be infected. The user can filter for specific criteria the set of threats displayed by Reveelium, by using the search bar. Clicking on an item from each of the three views enumerated displays the set of alerts having (partially) matched the respective scenario. The details associated with the threat object are displayed on the right panel of the page.