O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
1© Cloudera, Inc. All rights reserved.
|
Delivering User Behavior
Analytics at Apache Hadoop Scale
A New Perspective on Cy...
2© Cloudera, Inc. All rights reserved.
|
Agenda
• Introduction
• Industry Overview
• SNYPR: Big data enabled security anal...
3© Cloudera, Inc. All rights reserved.
|
Today’s Speakers
Tanuj Gulati
Co-Founder and
Chief Technology Officer
Rocky DeSte...
4© Cloudera, Inc. All rights reserved.
|
Industry Overview
5© Cloudera, Inc. All rights reserved.
|
Security Operations
Modernized Security
Architecture
Security Analysts
Find Advan...
6© Cloudera, Inc. All rights reserved.
|
Legacy Cyber
Solutions
(TBs)
Aggregated
Events
Raw
System
Logs
Network
Flows/
DNS...
7© Cloudera, Inc. All rights reserved.
|
Find Advanced Threats Faster
Technical Indicators Context
Anomaly Detection Behav...
8© Cloudera, Inc. All rights reserved.
|
Why User Behavior Analytics?
Network FileEndpoint Context ContextUser
Complete En...
9© Cloudera, Inc. All rights reserved.
|
SNYPR: Big Data enabled security
analytics
© 2016 / Confidential
10
The Anatomy of a Basic Cyber Attack
Agenda
Current State of Security Monitoring
Next Generation S...
© 2016 / Confidential
11
The Anatomy of a Basic Cyber Attack
Kill
Chain
Threat Indicators
Composite
Threats
Phishing Malic...
© 2016 / Confidential
12
Current State - Enterprise Security Monitoring
• Proprietary data store(s)
• Information siloes
•...
© 2016 / Confidential
13
Next Generation Security Analytics
 Open Data Model
 Massively Scalable
 Very High Ingestion R...
© 2016 / Confidential
14
Next Generation Security Analytics
LOG
MANAGEMENT
 Collection & Normalization
 Entity Attributi...
© 2016 / Confidential
15
Next Generation Security Analytics
INVESTIGATION &
RESPONSE
 Cross Device Event Correlation
 Be...
© 2016 / Confidential
16
Next Generation Security Analytics
 Investigation Workbench
 Search & Visualization Palette
 D...
© 2016 / Confidential
17
Securonix SNYPR – Next Gen Security Analytics
SECURITY DATA LAKE
DETECTION
 Hunt @ Speed of Thou...
© 2016 / Confidential
18
What is Securonix SNYPR?
• UEBA (User and Entity Behavior Analytics) +
Next Gen Security Event Ma...
© 2016 / Confidential
19
Recent Patents
1. Behavior Anomaly Detection for
Identification of Malicious Activity
2. Anomaly ...
© 2016 / Confidential
20
• Long Term Data Retention
• Text Indexing
• Correlation Rules Engine
• Behavior Anomaly Engine
•...
© 2016 / Confidential
21
Entity Correlation & Enrichment >>
“Context”
Behavior Profiling
Event RarityPeer Group Profiling
...
© 2016 / Confidential
22
•Data Exfiltration
•Privileged Account
Misuse
•Sabotage
•Snooping
•Reconnaissance
•Malicious Traf...
© 2016 / Confidential
23
 Use Case: Endpoint Protection (POS Terminals)
 Data Sources: HRMS Data, POS Events, Netflow
 ...
© 2016 / Confidential
24
Key Takeaways
• Maturity/Market Leadership
• Tried & Tested Technology
• Out of the box ‘Threat M...
© 2016 / Confidential
25
Demonstration - SNYPR
The Big Data Security Analytics Platform
© 2016 / Confidential
26
Welcome to SNYPR
© 2016 / Confidential
27
HIGH-RISK ENTITIES
Dashboard
© 2016 / Confidential
28
INVESTIGATE THREAT
Violations
© 2016 / Confidential
29
INVESTIGATE THREAT
Data Link Analysis
© 2016 / Confidential
30
INVESTIGATE THREAT
Location Analysis
© 2016 / Confidential
31
MANAGE THREAT
Disposition
© 2016 / Confidential
32
SEARCH @ SPEED OF THOUGHT
Hunting for Threats
© 2016 / Confidential
33
SEARCH @ SPEED OF THOUGHT
Super Enriched Search
© 2016 / Confidential
34
SEARCH @ SPEED OF THOUGHT
2D Bar Chart – Drill Down
© 2016 / Confidential
35
SEARCH @ SPEED OF THOUGHT
3D – Stacked Bar Chart
© 2016 / Confidential
36
SEARCH @ SPEED OF THOUGHT
Custom Dashboards and Visualization
37© Cloudera, Inc. All rights reserved.
|
Interested in learning more?
38© Cloudera, Inc. All rights reserved.
|
Contact our experts
Schedule a discovery session with our
experts
Discuss how Se...
Próximos SlideShares
Carregando em…5
×

Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective on cybersecurity with Securonix 


2.450 visualizações

Publicada em

Learn how to:
* Detect threats automatically and accurately

* Reduce threat response times from 7 days to 4 hour

* Ingest and process 100+TB per day for automated machine learning and behavior-based detection


Publicada em: Software
  • Seja o primeiro a comentar

Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective on cybersecurity with Securonix 


  1. 1. 1© Cloudera, Inc. All rights reserved. | Delivering User Behavior Analytics at Apache Hadoop Scale A New Perspective on Cybersecurity with Securonix & Cloudera |
  2. 2. 2© Cloudera, Inc. All rights reserved. | Agenda • Introduction • Industry Overview • SNYPR: Big data enabled security analytics • Q&A
  3. 3. 3© Cloudera, Inc. All rights reserved. | Today’s Speakers Tanuj Gulati Co-Founder and Chief Technology Officer Rocky DeStefano Cybersecurity Subject Matter Expert
  4. 4. 4© Cloudera, Inc. All rights reserved. | Industry Overview
  5. 5. 5© Cloudera, Inc. All rights reserved. | Security Operations Modernized Security Architecture Security Analysts Find Advanced Threats Faster Security Responders Rapid Investigation Over any Timeline Benefits of Apache Hadoop for Cybersecurity
  6. 6. 6© Cloudera, Inc. All rights reserved. | Legacy Cyber Solutions (TBs) Aggregated Events Raw System Logs Network Flows/ DNS Full Packet Capture Video, Text, Images User Data Data Types (MBs>PBs) Search Correlations SQL Machine Learning Advanced Statistics 1 10 20 40 Time (Months) 3 Cloudera’s Hadoop Based Cybersecurity Solutions (PB) • Gartner named Cloudera Non-Security-Specific Analytics Vendors to Watch1 • 60% of UEBA Vendors to Watch use CDH1 • 25% of Network Traffic Analysis Vendors to Watch use CDH1 • 50% of MSSP ‘Leaders’ use CDH2 Modernizing the Cybersecurity Architecture Security Operations 1 Market Trends: User and Entity Behavior Analytics (UEBA) Expand Their Market Reach – Gartner April 2016 2 Magic Quadrant for Managed Security Services, Worldwide – Gartner December 2015
  7. 7. 7© Cloudera, Inc. All rights reserved. | Find Advanced Threats Faster Technical Indicators Context Anomaly Detection Behavior Analytics Sentiment Analysis Operational InsightMachine Learning OPERATIONS Cloudera Manager Cloudera Director DATA MANAGEMENT Cloudera Navigator Encrypt and KeyTrustee Optimizer STRUCTURED Sqoop UNSTRUCTURED Kafka, Flume PROCESS, ANALYZE, SERVE UNIFIED SERVICES RESOURCE MANAGEMENT YARN SECURITY Sentry, RecordService STORE INTEGRATE BATCH Spark, Hive, Pig MapReduce STREAM Spark SQL Impala SEARCH Solr OTHER Kite NoSQL HBase OTHER Object Store FILESYSTEM HDFS RELATIONAL Kudu Security Analysts 623 940 379
  8. 8. 8© Cloudera, Inc. All rights reserved. | Why User Behavior Analytics? Network FileEndpoint Context ContextUser Complete Enterprise Visibility Logs User Behavior Analytics Enables: Incident Detection: •Data Exfiltration •Privileged Account Misuse •Sabotage •Account Takeover •Lateral Movement Operational Insight: •Cleanup Rogue Access Privileges •Access Reviews •Access Certifications Incident Context: • Understand true Source and the User / Entity Impact to the business Endpoint Logs Applications File Context
  9. 9. 9© Cloudera, Inc. All rights reserved. | SNYPR: Big Data enabled security analytics
  10. 10. © 2016 / Confidential 10 The Anatomy of a Basic Cyber Attack Agenda Current State of Security Monitoring Next Generation Security Monitoring SNYPR: Big Data Enabled Security Analytics SNYPR: Success Stories & Demonstration
  11. 11. © 2016 / Confidential 11 The Anatomy of a Basic Cyber Attack Kill Chain Threat Indicators Composite Threats Phishing Malicious content Account Compromise System Compromise Data Consumption Data EgressMalware Infection Data Exfiltration Lateral MovementDrive-by Download Basic APT Spear Phishing 10 M Emails 40 M Website Visits 200 M Processes 400 M Netflow 3 M Data Egresses To detect this basic cyber attack, organizations must analyze … per day: Phishing Attempt Malicious Content Compromised Endpoint Lateral Movement Data Exfiltration
  12. 12. © 2016 / Confidential 12 Current State - Enterprise Security Monitoring • Proprietary data store(s) • Information siloes • Partial context • Expensive data retention • Signature based threat detection • Too Many Alerts • High number of false positives • Correlation across small time window • Threat centric • Requires multiple systems • Reactive & post-attack • External ticketing system THREATSRESPONSE MONITORING • Limited Entity Context • Weak Visualization • Hours to Search • Days to Investigate DATA REPOSITORY
  13. 13. © 2016 / Confidential 13 Next Generation Security Analytics  Open Data Model  Massively Scalable  Very High Ingestion Rate  Long Term Storage BIG DATA PLATFORM
  14. 14. © 2016 / Confidential 14 Next Generation Security Analytics LOG MANAGEMENT  Collection & Normalization  Entity Attribution  Context Enrichment  Text Indexing  Open Data Model  Massively Scalable  Very High Ingestion Rate  Long Term Storage BIG DATA PLATFORM
  15. 15. © 2016 / Confidential 15 Next Generation Security Analytics INVESTIGATION & RESPONSE  Cross Device Event Correlation  Behavior Based Anomaly Detection  Entity Centric Risk Scoring  Threat Models ADVANCED ANALYTICS LOG MANAGEMENT  Collection & Normalization  Entity Attribution  Context Enrichment  Text Indexing  Open Data Model  Massively Scalable  Very High Ingestion Rate  Long Term Storage BIG DATA PLATFORM
  16. 16. © 2016 / Confidential 16 Next Generation Security Analytics  Investigation Workbench  Search & Visualization Palette  Data Link Analysis  Case Management & Workflows  Privacy Controls INVESTIGATION & RESPONSE  Cross Device Event Correlation  Behavior Based Anomaly Detection  Entity Centric Risk Scoring  Threat Models ADVANCED ANALYTICS LOG MANAGEMENT  Collection & Normalization  Entity Attribution  Context Enrichment  Text Indexing  Open Data Model  Massively Scalable  Very High Ingestion Rate  Long Term Storage BIG DATA PLATFORM
  17. 17. © 2016 / Confidential 17 Securonix SNYPR – Next Gen Security Analytics SECURITY DATA LAKE DETECTION  Hunt @ Speed of Thought  Super-enriched Events  On-Demand Visualization  Scale to Petabytes  Open Data Model  Ingest @ 1,200,000+ EPS  Normalize > Correlate > Store  Real Time and Batched Analytics  Machine Learning  Predictive Analytics  Behavior & Signature Based  Threat Model Based Alerts  Entity Centric  Investigate Data Linkages  Integrated Threat Management
  18. 18. © 2016 / Confidential 18 What is Securonix SNYPR? • UEBA (User and Entity Behavior Analytics) + Next Gen Security Event Management (SIEM) + Fraud Analytics - on one platform • SNYPR is a Big Data based, Machine Learning platform with out of box threat and risk detection models for Insider Threat, Cyber Threat and Fraud • Ingests and analyzes security event logs, network flows and application transactions from hundreds of sources
  19. 19. © 2016 / Confidential 19 Recent Patents 1. Behavior Anomaly Detection for Identification of Malicious Activity 2. Anomaly Detection Using Adaptive Behavioral Profiles 3. Risk Scoring in Behavioral Analysis Award Winning Technology Certified
  20. 20. © 2016 / Confidential 20 • Long Term Data Retention • Text Indexing • Correlation Rules Engine • Behavior Anomaly Engine • Peer Anomaly Engine • Event Rarity Engine • DGA and Beaconing Detection • Threat Models HBASE Super Enrichment K A F K A SPARK STREAMING SERVICES • In-memory normalization, attribution & analytics • Distributed and parallelized processing Prioritized Threats Monitor & Search Investigation & Response RAW HDFS SOLR ENRICHED HOSTS Windows/Unix/Mainframe COMMUNCIATION eMail/Chat/Phone PERIMETER IDS/IDP/Firewall/VPN MALWARE Sandboxing/Antivirus NETWORK Netflow/Pcap/ VLAN ACL CLOUD IAAS. PAAS, SAAS ENTERPRISE APPS SAP / OFS / EPIC / CERNER ANALYTICS SNYPR - How does it work? DATA STORAGE INGESTIONNODE IDENTITY HRMS / IAM THREAT INTEL OPEN / COTS
  21. 21. © 2016 / Confidential 21 Entity Correlation & Enrichment >> “Context” Behavior Profiling Event RarityPeer Group Profiling “Purpose-Built” Analytics Digitally Generated AlgorithmsRobotic Patterns (Beaconing) Repeated machine like pattern Connection attempts to suspiciously formed domains
  22. 22. © 2016 / Confidential 22 •Data Exfiltration •Privileged Account Misuse •Sabotage •Snooping •Reconnaissance •Malicious Traffic •Lateral Movement •Account Takeover •Malicious Process •DNS Traffic •Cloud Application Misuse •Infrastructure Sabotage •Retail Fraud •Banking Fraud •ATM Transactions •Trade Surveillance •Manufacturing Fraud INSIDER THREAT CYBER THREAT CLOUD SECURITY FRAUD IDENTITY & ACCESS •Cleanup Rogue Access Privileges •Access Reviews •Access Certifications •Access Requests Our Packaged Applications
  23. 23. © 2016 / Confidential 23  Use Case: Endpoint Protection (POS Terminals)  Data Sources: HRMS Data, POS Events, Netflow  Value Proposition:  Automated correlation of all events to the endpoint  Analyze all endpoint generated data to detect: • Suspicious Process execution • Abnormal Network Flows • Rare File Md5 hashes detected • Suspicious Lateral Movements  Use Case: Insider Threat Protection  Data Sources: HR App, Proxy, Mail Gateway, Hosts, Badging App, Travel App, Network DLP, Confidential Apps  Value Proposition:  Correlate all events to the user identity  Analyze all user generated events to detect: • Unauthorized Data Access: Confidential data / network attempt or accessed than allowed by clearance levels • Data Exfiltration Attempts: Abnormally high volume or frequency of data egressed  Use Case: Patient Health Record Protection  Data Sources: EPIC, Cerner, Medicity and other clinical apps  Value Proposition:  Automated correlation of all PHR access attempts to appropriate staff members  Analyze all PHR Data Access Attempts to detect: • Unauthorized PHR Access: Non Physician staff members accessing PHR records • VIP Snooping: Abnormally high volume of access attempts on a single PHR data • Neighbor snooping: Closely located Employee and Patient • Family Snooping – Co-located Employee and Patient Customer Profile: Large Healthcare Client, TX Customer Profile: Top 3 Financial Institution  Use Case: Privileged Account Protection  Data Sources: Hosts, Databases, VPN, Privileged Identity Mgmt., DLP Events, Web Gateway, Mail Gateway  Value Proposition:  Analyze activities performed by Privileged accounts for misuse • Suspected Malware: Phishing attempt, Visit to malware infected sites, Suspicious process running on host, Infected Files detected on system • Suspected Data Exfiltration: High volume of data transfers • Suspected Sabotage attempt: Suspicious commands run on host Customer Profile: Top 5 Federal Contractor Customer Profile: Top 3 Retailer Customer Success Examples
  24. 24. © 2016 / Confidential 24 Key Takeaways • Maturity/Market Leadership • Tried & Tested Technology • Out of the box ‘Threat Models’ • Privacy Features approved by EMEA workers councils • Scalable & Fault Tolerant • Hadoop Enabled Application • Time to Value/Lower Cost of Ownership • 300+ Connectors • 99.6% True Positive Rate • Threat Exchange • 40+ Contributors • Connectors + Threat Models Solution Maturity Ease of Integration OOB Threat Models Scalable Architecture Securonix Value Proposition
  25. 25. © 2016 / Confidential 25 Demonstration - SNYPR The Big Data Security Analytics Platform
  26. 26. © 2016 / Confidential 26 Welcome to SNYPR
  27. 27. © 2016 / Confidential 27 HIGH-RISK ENTITIES Dashboard
  28. 28. © 2016 / Confidential 28 INVESTIGATE THREAT Violations
  29. 29. © 2016 / Confidential 29 INVESTIGATE THREAT Data Link Analysis
  30. 30. © 2016 / Confidential 30 INVESTIGATE THREAT Location Analysis
  31. 31. © 2016 / Confidential 31 MANAGE THREAT Disposition
  32. 32. © 2016 / Confidential 32 SEARCH @ SPEED OF THOUGHT Hunting for Threats
  33. 33. © 2016 / Confidential 33 SEARCH @ SPEED OF THOUGHT Super Enriched Search
  34. 34. © 2016 / Confidential 34 SEARCH @ SPEED OF THOUGHT 2D Bar Chart – Drill Down
  35. 35. © 2016 / Confidential 35 SEARCH @ SPEED OF THOUGHT 3D – Stacked Bar Chart
  36. 36. © 2016 / Confidential 36 SEARCH @ SPEED OF THOUGHT Custom Dashboards and Visualization
  37. 37. 37© Cloudera, Inc. All rights reserved. | Interested in learning more?
  38. 38. 38© Cloudera, Inc. All rights reserved. | Contact our experts Schedule a discovery session with our experts Discuss how Securonix and Cloudera can work with you Tanuj Gulati tgulati@securonix.com Rocky DeStefano rocky@cloudera.com

×