The connected world creates a rate and volume of streaming cybersecurity data that is unprecedented, and attacks are increasingly sophisticated and multifaceted. Yet it is unreasonably time-consuming for security personnel to piece together data from multiple systems to assess the true nature of a single threat across an enterprise.
Learn how big data and data science teams can help information security teams improve threat detection with machine learning and real-time streaming analytics. You will hear from, Michael Schiebel, cybersecurity strategist and James Sirota, Apache Metron committer and Director of Security Solutions at Hortonworks on how to apply big data technology to prevent cybercrime.
Leveraging big data and machine learning, Apache Metron can help detect phishing attacks such as the Yahoo security breach by Russian spies. See how Apache Metron accelerates the process of investigating a phishing attack – slides 16-19. You can also learn more about Apache Metron here: https://hortonworks.com/apache/metron/ and join the community at user-subscribe@metron.incubator.apache.org or dev-subscribe@metron.incubator.apache.org
View the on-demand webinar: https://hortonworks.com/webinar/why-cybersecurity-needs-big-data/
1. Why Cybersecurity Needs Big
Data & Intro to Apache Metron
James Sirota, Director Security Solutions
March 2017
Michael Schiebel, Cybersecurity Strategy
Talk Script:
We all know that data is one of the factors changing the world along with as-a-service ad the primary IT delivery methodology. Data is growing, and is everywhere – yet protections still use the obsolete gate-and-moat security paradigm. We now need security solutions that follow the data and protect it wherever and whenever it resides.
Example: DNC hack. Podesta emails lost to hackers, and the DNC only found out about it when the FBI told them.
Talk Script:
The Cyber Security journey is an iterative one where help our customers identify their current tactical need and show value by:
Freeing data from proprietary point security products (Active Archive)
Build new value by correlating and visualizing to improve business processes.
Enabling the business to leverage predictive analytics to reduce risk and improve efficiency
Enable the business to have a single view of the company’s security posture
8
To understand Apache Metron, we have to first start with the origins of the project which emerged from a Cisco Project called OpenSOC.
Cisco stopped supporting it in July 2015 and their Chief Data Scientist and founding team leader, James Sirota, joined Hortonworks to build Apache Metron, a next generation cybersecurity analytics application built on top of big data technologies (Storm, Spark, Hbase, SOLR, HDFS) and NiFi
TALK TRACK
The project is called Apache Metron. It’s an incubating Apache project and we would love for anyone interested in be more involved with it.
It’s designed to be a comprehensive via of all cybersecurity data, all accessed through a single pane of glass.
The data from multiple sources – security endpoints such as Fireeye, Palo Alto, Bluecoat are part of the picture – these companies are doing amazing well, but from a contextual threat perspective they are part of the story.
There are also machine logs, network data, threat intelligence feeds – all together this is collected and then processed through a real-time cyber security engine.
On the other side – the far right hand size, you see some of the results that enabled by a full contextual view with real-time stream processing – search and dashboarding portal – a single pane of glass as mentioned, shared community analytics models.
This allows everyone, the community as a whole to work together to combat cybersecurity threats that are becoming increasing sophisticated and difficult to counter these days.
These are common tools used by the SOC and what CAP One was investing in before using Apache Metron. There are many challenges associated with each one.
I have included examples of some of the most common security tools in a glossary in the Appendix.
if you do run into any of these technologies an IT environment, please contact the EP Team
This slide describes two types of hackers. Script kiddie attack patterns are repeating and the advanced hacker uses unique patterns to attack you.
The script kiddie wants the power of the hacker without having skills of their own. They are an unsophisticated criminal who cannot create a custom breach and waits for an attack to be weaponized from a known vulnerability. They also create a large amount of noise for security tools.
The advanced hacker has been trained or funded by a state or criminal organization ad this where you want most of your resources dedicated because the sponsored agent is aiming for something very specific and these attacks are frequent and much more difficult to detect as they have no known signatures.
Apache Metron speeds up the detection of APTs.
Find out more here: http://hortonworks.com/apache/metron/
TALK TRACK
If you want to know more, here’s some great resources to check out. Please join the Apache Metron community if you would like to participate.
We will also be hosting meetsup in various cities – if you have a specific interest please let us know!