O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

A Community Approach to Fighting Cyber Threats

389 visualizações

Publicada em


3 Things to Learn About:

*Infinitely scale data storage, access, and machine learning
*Provide community defined open data models for complete enterprise visibility
*Open up application flexibility while building on a future proofed architecture

Publicada em: Software
  • Seja o primeiro a comentar

A Community Approach to Fighting Cyber Threats

  1. 1. 1© Cloudera, Inc. All rights reserved. A Community Approach to Fighting Cyber Threats The vision for Apache Spot (Incubating)
  2. 2. 2© Cloudera, Inc. All rights reserved. Agenda • Introductions • Apache Spot Overview - Alan Ross • Future Proofing Cybersecurity with Open source – Doug Cutting • Live Q&A
  3. 3. 3© Cloudera, Inc. All rights reserved.
  4. 4. 4© Cloudera, Inc. All rights reserved. Poll Question Number 1 • How much security data do you currently store? • >500TB • 500TB to 999TB • 1PB to 5PB • 5PB+
  5. 5. 5© Cloudera, Inc. All rights reserved. Apache Spot Overview
  6. 6. 6© Cloudera, Inc. All rights reserved. SIEMSIEM Our story at Intel…
  7. 7. 7© Cloudera, Inc. All rights reserved. SIEMSIEM
  8. 8. 8© Cloudera, Inc. All rights reserved. 1,000,000,000,000+ [ events per day ]
  9. 9. 9© Cloudera, Inc. All rights reserved. Stop Independently Solving Universal Challenges Popular cyber platforms can not cost effectively scale to the volume and variety of modern data Only partial view of the enterprise limits analytics and slows investigations Difficult to deploy advanced machine learning detection capabilities Explosion of Data Limited Enterprise Visibility Limited Analytic Processing DataAccess 1%50%100% DataVolume 10PB1PB1TB IF (X) AND (Y) THEN (Z) Time User Network Endpoint Archived Data Emerging Data
  10. 10. 10© Cloudera, Inc. All rights reserved. A community approach to fighting cyber threats.
  11. 11. 11© Cloudera, Inc. All rights reserved. Detect advanced threats faster via machine learning and artificial intelligence Faster time to incident investigation and response with comprehensive enterprise visibility Change the economics of cybersecurity with an open source platform that supports multiple LOB workloads The Value of Apache Spot
  12. 12. 12© Cloudera, Inc. All rights reserved. Integrate Spot with Existing Investments Threat Intelligence Network User Endpoint Data Sources PackagedApplications Analytic Processing (Spark, Impala, Solr) Data and Analytic Management Apache Spot’s Platform SIEM Spot Algorithms Custom Spot Test Data Open Data Models (HDFS, Hbase) Ingestion (Kafka, Streamsets) (On premise or Cloud)
  13. 13. 13© Cloudera, Inc. All rights reserved. Many application on one shared data set and architecture Visualization & machine learning cybersecurity applications can share common data set & infrastructure CustomPackaged Spot community is developing out machine learning (e.g. network threat detection) Open Source Build custom applications & analytics using Spot without having to buy new infrastructure
  14. 14. 14© Cloudera, Inc. All rights reserved. Tier 3 SME & Hunter (Network) Tier 3 SME & Hunter (Users) Tier 3 SME & Hunter (Endpoint) Tier 3 SME & Hunter (Threat Intel) SOC Manager Tier 2 Incident Responder Tier 2 Incident Responder Tier 1 Alert Analyst Tier 1 Alert Analyst Tier 1 Alert Analyst Tier 1 Alert Analyst Empowering the Security Operations Center Tier 1 Alert Analyst Tier 2 Incident Responder Tier 3 SME & Hunter SOC Manager Fewer false positives due to ML based detection Comprehensive contextual data for faster investigation and response Wider and deeper data for large scale advanced analytics Everyone is leveraging same data and architecture at a lower cost
  15. 15. 15© Cloudera, Inc. All rights reserved. Poll Question Number 2 • How many cybersecurity applications do you use? • 1 • 2-5 • 6-9 • 10+
  16. 16. 16© Cloudera, Inc. All rights reserved. Future Proofing Cybersecurity With Open Source Faster Innovation Open Data Models Partner Ecosystem Any Data Any Analytics Any Scale
  17. 17. 17© Cloudera, Inc. All rights reserved. SIEM (TBs) Aggregated Events Raw System Logs Network Flows/ DNS Full Packet Capture Video, Text, Images User Data Data Types (MBs>PBs) Native Analytics (Basic > Advanced)Search Correlations SQL Machine Learning Advanced Statistics 1 10 20 40 Time (Months) 3 CDH (PBs) Industry leaders already build on CDH 1 Market Trends: User and Entity Behavior Analytics (UEBA) Expand Their Market Reach – Gartner April 2016 2 Magic Quadrant for Managed Security Services, Worldwide – Gartner December 2015 •60% of UEBA Vendors to Watch use CDH •25% of Network Traffic Analysis Vendors to Watch use CDH •50% of MSSP ‘Leaders’ use CDH •Gartner named Cloudera Non- Security-Specific Analytics Vendors to Watch1
  18. 18. 18© Cloudera, Inc. All rights reserved. CDHTraditional (e.g. RDBMS) DataAccess 1%50%100% DataVolume 10PB1PB1TB Time DataAccess 1%50%100% DataVolume 10PB1PB1TB Time Scaling Data Storage and Access
  19. 19. 19© Cloudera, Inc. All rights reserved. Any Data from Any Source
  20. 20. 20© Cloudera, Inc. All rights reserved. Community Defined Open Data Models (ODM)​ Endpoint User Network DIVERSE DATA SOURCES SINGLE ACCESS CYBERSECURITY ITOPTIM IZATION USEREXPERIENCEFRAUD
  21. 21. 21© Cloudera, Inc. All rights reserved. Large Scale Analytics A Google search experience across all of your cybersecurity data Advanced AnalyticsSearch Large scale visualizations and SQL queries for descriptive and diagnostic analytics Visualizations Execute large scale machine learning queries against PBs worth of data for threat detection
  22. 22. 22© Cloudera, Inc. All rights reserved. NEW PROJECTS EXISTING PROJECTS *CDH SUPPORTED Core Hadoop (HDFS, MapReduce) Solr* Pig* Core Hadoop HBase ZooKeeper Solr Pig Core Hadoop Hive Mahout HBase ZooKeeper Solr Pig Core Hadoop Sqoop Avro Hive Mahout HBase ZooKeeper Solr Pig Core Hadoop Flume Bigtop Oozie HCatalog Hue Sqoop Avro Hive Mahout HBase ZooKeeper Solr Pig YARN Core Hadoop Spark Tez Impala Kafka Drill Flume Bigtop Oozie HCatalog Hue Sqoop Avro Hive Mahout HBase ZooKeeper Solr Pig YARN Core Hadoop Parquet Sentry Spark Tez Impala Kafka Drill Flume Bigtop Oozie HCatalog Hue Sqoop Avro Hive Mahout HBase ZooKeeper Solr Pig YARN Core Hadoop Knox Flink Parquet Sentry Spark Tez Impala Kafka Drill Flume Bigtop Oozie HCatalog Hue Sqoop Avro Hive Mahout HBase ZooKeeper Solr Pig YARN Core Hadoop Kudu RecordService Ibis Falcon Nifi Knox Flink Parquet Sentry Spark Tez Impala Kafka Drill Flume Bigtop Oozie Hcatalog Hue Sqoop Avro Hive Mahout Hbase ZooKeeper Solr Pig YARN Core Hadoop 200 6 2008 2009 2010 2011 2012 20132007 2014 SparklyR Arrow Kudu RecordService Ibis Falcon Nifi Knox Flink Parquet Sentry Spark Tez Impala Kafka Drill Flume Bigtop Oozie Hcatalog Hue Sqoop Avro Hive Mahout Hbase ZooKeeper Solr Pig YARN Core Hadoop Tensorflow Spot Eagle Beam SparklyR Arrow Kudu* RecordService* Ibis* Falcon Nifi Knox Flink Parquet* Sentry* Spark* Tez Impala* Kafka* Drill Flume* Bigtop* Oozie* Hcatalog* Hue* Sqoop* Avro* Hive* Mahout* Hbase* ZooKeeper* Solr* Pig* YARN* Core Hadoop* 2016 Present2015 Innovate Faster than a Single Vendor
  23. 23. 23© Cloudera, Inc. All rights reserved. Partners easily build off of open architecture…
  24. 24. 24© Cloudera, Inc. All rights reserved. Q&A
  25. 25. 25© Cloudera, Inc. All rights reserved. Subscribe on…
  26. 26. 26© Cloudera, Inc. All rights reserved. Thank you

×