SlideShare uma empresa Scribd logo

Why Cybersecurity Needs Big Data

Transferir como PPTX, PDF
Hortonworks
Hortonworks

The connected world creates a rate and volume of streaming cybersecurity data that is unprecedented, and attacks are increasingly sophisticated and multifaceted. Yet it is unreasonably time-consuming for security personnel to piece together data from multiple systems to assess the true nature of a single threat across an enterprise. Learn how big data and data science teams can help information security teams improve threat detection with machine learning and real-time streaming analytics. You will hear from, Michael Schiebel, cybersecurity strategist and James Sirota, Apache Metron committer and Director of Security Solutions at Hortonworks on how to apply big data technology to prevent cybercrime. Leveraging big data and machine learning, Apache Metron can help detect phishing attacks such as the Yahoo security breach by Russian spies. See how Apache Metron accelerates the process of investigating a phishing attack – slides 16-19. You can also learn more about Apache Metron here: https://hortonworks.com/apache/metron/ and join the community at user-subscribe@metron.incubator.apache.org or dev-subscribe@metron.incubator.apache.org View the on-demand webinar: https://hortonworks.com/webinar/why-cybersecurity-needs-big-data/

Tecnologia
1 de 21
Why Cybersecurity Needs Big Data & Intro to Apache Metron James Sirota, Director Security Solutions March 2017 Michael Schiebel, Cybersecurity Strategy
2 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Michael Schiebel, Cybersecurity Strategy www.linkedin.com/in/michaelschiebel/ James Sirota Director Security Solutions www.linkedin.com/in/jsirota/ Anna Yong Cybersecurity Product Marketing www.linkedin.com/in/4everfusion/
3 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Agenda  Why Cybersecurity Needs Big Data  Intro to Apache Metron  How big data experts can help IT security teams  Case Study: Accelerating Investigation of a Phishing Attack
4 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Why Cybersecurity Needs Big Data
5 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Digital World Generates Big Data That Security Teams Need to Process
6 © Hortonworks Inc. 2011 – 2016. All Rights Reserved6 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Existing Cyber Security Solutions Don’t Scale to the Challenge 82% of breaches happened in minutes 8 months: Average time an advanced security breach goes unnoticed 70%-80% of breaches are first detected by a 3rd party. 2016 Verizon Data Breach Investigations Report Current security tools installed in the data center can’t handle volume of data & threats from everywhere
7 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Cybersecurity Journey Single View into Security Risk Free data from security tools Correlate and discover threats Operational efficiency and governance Predictive insights using machine learning Single unified view of enterprise risk & security posture. Innovate Renovate Single Holistic View Historical Records OPEX Reduction Security Tool Ingest Digital Protection Fraud Prevention Public Data Capture ACTIVE ARCHIVE DATA DISCOVERY PREDICTIVE ANALYTICS Cyber Security Machine Data Risk Modeling
8 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Apache Metron at Capital One CapOne uses HDF to ingest log data into their cyber security data lake and uses Apache Metron to detect threats that cannot be detected by traditional cyber security tools https://youtu.be/Nffx8SKn7l4?t=1h37m50s
9 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Introduction to Apache Metron
10 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Metron Journey Jan 2016 OpenSOC renamed Metron Dec 2016 Accepted into Apache Incubation Oct. 2015 Hortonworks, Mantech, B23 press release Sept 2014 First release of OpenSOC Beta by Cisco April 2014 OpenSOC in production June 2014 OpenSOC Community Edition July 2015 Cisco stops supporting OpenSOC March 2016 First Apache Release
11 © Hortonworks Inc. 2011 – 2016. All Rights Reserved DataServicesandIntegrationLayer Search and Dashboarding Portal Security Data Vault Community Analytical Models Provisioning, Management and Monitoring ModulesReal-time Processing Cyber Security Engine Telemetry Parsers Enrichment Threat Intel Alert Triage Indexers and Writers Cyber Security Stream Processing Pipeline Apache Metron: Incubating Project TelemetryIngestBuffer Telemetry Data Collectors Real-time Enrich / Threat Intel Streams Performance Network Ingest Probes / OtherMachine Generated Logs (AD, App / Web Server, firewall, VPN, etc.) Security Endpoint Devices (Fireye, Palo Alto, BlueCoat, etc.) Network Data (PCAP, Netflow, Bro, etc.) IDS (Suricata, Snort, etc.) Threat Intelligence Feeds (Soltra, OpenTaxi, third-party feeds) Telemetry Data Sources
12 © Hortonworks Inc. 2011 – 2016. All Rights Reserved How Big Data Experts Can Help Security Teams
13 © Hortonworks Inc. 2011 – 2016. All Rights Reserved A Day in the Life of An Analyst: • Too many disparate tools • Too many alerts to process • Too much noise • How to connect the dots of the relevant data points together?
14 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Problem Posed (For Existing Tools) Security Information Management System (SIEM) • I am prohibitively expensive • I have vendor lock-in • I can’t deal with big data • I am not open • I am not extensible enough Legacy Point Tools • I was built for 1995 • I am super specialized • I don’t scale horizontally • I have a proprietary format • You need a PhD to operate me Behavioral Analytics Tools (UEBA) • I have a limited # of models • I am not trained on YOUR data • I am built by a small startup
15 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Problem Posed (For Bad Guys) Advanced Persistent Threat Script Kiddie • I am very unique in a way I do things • I live on your network for about 300 days • I know what I am after and I look for it, slowly • Your rules will not detect me, I am too smart • I impersonate a legitimate user, but I don’t act like one Apache Metron can take everything that is known about me and check for it in real time Apache Metron can model historical behavior of whoever I am impersonating and flag me as I try to deviate • My techniques are predictable and known • My attack vectors are also known • I fumble around a lot • I set off a large number of alerts • You are not the only person I’ve attacked • I brag about what I did or will do Repeatable Patterns Unique Patterns
16 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Case Study: Accelerate Investigation of a Phishing Attack
17 © Hortonworks Inc. 2011 – 2016. All Rights Reserved The “Threat Story” the Workflow Told….
18 © Hortonworks Inc. 2011 – 2016. All Rights Reserved The Challenges faced by the SOC Analyst to Create this Story… Challenge • The analyst had to jump from the SIEM to more than 7 different tools that took up valuable time. • It took more than 24 hours across 2 SOC shifts to investigate, determine scope, remediate and do further forensics/investigation. • Half of my time was spending getting the context needed for me to create the story • The threat was detected too late. Instead of detecting the incident on 4/9, the threat should have been detected on 3/20 when the attacker spoofed Sonja’s email address Need • Want a Centralized View of my data so I don’t have to jump around and learn other tools Eliminate manual tasks to investigate a case • Need to discover bad stuff quicker • Need the System to create the context for me in real-time • The current static rules in the SIEM didn’t detect the threat. Need smart analytics based on: • User Sonja hasn’t used corp gmail in the last 3 months • User Sonja can’t login from Ireland and Southern Cali at the same time
19 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Old School vs. New School Security Controls Email Security Rules Firewall Rules IDS Rules Sandbox Rules DLP RulesOld School -> (1-1) New School -> (1-*) Email Classifier Alerts Triage Malware Family Classifier Network Behavior Classifier UEBA System
20 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Apache Metron Resources http://hortonworks.com/apache/metron/ https://metron.incubator.apache.org/ https://www.meetup.com/futureofdata- london/events/237165504/
21 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Questions?

Recomendados

Solving Cyber at Scale
Solving Cyber at ScaleSolving Cyber at Scale
Solving Cyber at ScaleDataWorks Summit
 
Big Data in Cyber Security
Big Data in Cyber SecurityBig Data in Cyber Security
Big Data in Cyber SecurityNapier University
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataJames Sirota
 
Hortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next Level
Hortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next LevelHortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next Level
Hortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next LevelHortonworks
 
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT StrategyIoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT StrategyHortonworks
 
Getting the Most Out of Your Data in the Cloud with Cloudbreak
Getting the Most Out of Your Data in the Cloud with CloudbreakGetting the Most Out of Your Data in the Cloud with Cloudbreak
Getting the Most Out of Your Data in the Cloud with CloudbreakHortonworks
 
Johns Hopkins - Using Hadoop to Secure Access Log Events
Johns Hopkins - Using Hadoop to Secure Access Log EventsJohns Hopkins - Using Hadoop to Secure Access Log Events
Johns Hopkins - Using Hadoop to Secure Access Log EventsHortonworks
 
Catch a Hacker in Real-Time: Live Visuals of Bots and Bad Guys
Catch a Hacker in Real-Time: Live Visuals of Bots and Bad GuysCatch a Hacker in Real-Time: Live Visuals of Bots and Bad Guys
Catch a Hacker in Real-Time: Live Visuals of Bots and Bad GuysHortonworks
 

Recomendados

Solving Cyber at Scale
Solving Cyber at ScaleSolving Cyber at Scale
Solving Cyber at ScaleDataWorks Summit
 
Big Data in Cyber Security
Big Data in Cyber SecurityBig Data in Cyber Security
Big Data in Cyber SecurityNapier University
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataJames Sirota
 
Hortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next Level
Hortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next LevelHortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next Level
Hortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next LevelHortonworks
 
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT StrategyIoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT StrategyHortonworks
 
Getting the Most Out of Your Data in the Cloud with Cloudbreak
Getting the Most Out of Your Data in the Cloud with CloudbreakGetting the Most Out of Your Data in the Cloud with Cloudbreak
Getting the Most Out of Your Data in the Cloud with CloudbreakHortonworks
 
Johns Hopkins - Using Hadoop to Secure Access Log Events
Johns Hopkins - Using Hadoop to Secure Access Log EventsJohns Hopkins - Using Hadoop to Secure Access Log Events
Johns Hopkins - Using Hadoop to Secure Access Log EventsHortonworks
 
Catch a Hacker in Real-Time: Live Visuals of Bots and Bad Guys
Catch a Hacker in Real-Time: Live Visuals of Bots and Bad GuysCatch a Hacker in Real-Time: Live Visuals of Bots and Bad Guys
Catch a Hacker in Real-Time: Live Visuals of Bots and Bad GuysHortonworks
 
HDF 3.2 - What's New
HDF 3.2 - What's NewHDF 3.2 - What's New
HDF 3.2 - What's NewHortonworks
 
Curing Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging ManagerCuring Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging ManagerHortonworks
 
Interpretation Tool for Genomic Sequencing Data in Clinical Environments
Interpretation Tool for Genomic Sequencing Data in Clinical EnvironmentsInterpretation Tool for Genomic Sequencing Data in Clinical Environments
Interpretation Tool for Genomic Sequencing Data in Clinical EnvironmentsHortonworks
 
IBM+Hortonworks = Transformation of the Big Data Landscape
IBM+Hortonworks = Transformation of the Big Data LandscapeIBM+Hortonworks = Transformation of the Big Data Landscape
IBM+Hortonworks = Transformation of the Big Data LandscapeHortonworks
 
Premier Inside-Out: Apache Druid
Premier Inside-Out: Apache DruidPremier Inside-Out: Apache Druid
Premier Inside-Out: Apache DruidHortonworks
 
Accelerating Data Science and Real Time Analytics at Scale
Accelerating Data Science and Real Time Analytics at ScaleAccelerating Data Science and Real Time Analytics at Scale
Accelerating Data Science and Real Time Analytics at ScaleHortonworks
 
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATATIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATAHortonworks
 
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...Hortonworks
 
Delivering Real-Time Streaming Data for Healthcare Customers: Clearsense
Delivering Real-Time Streaming Data for Healthcare Customers: ClearsenseDelivering Real-Time Streaming Data for Healthcare Customers: Clearsense
Delivering Real-Time Streaming Data for Healthcare Customers: ClearsenseHortonworks
 
Making Enterprise Big Data Small with Ease
Making Enterprise Big Data Small with EaseMaking Enterprise Big Data Small with Ease
Making Enterprise Big Data Small with EaseHortonworks
 
Webinewbie to Webinerd in 30 Days - Webinar World Presentation
Webinewbie to Webinerd in 30 Days - Webinar World PresentationWebinewbie to Webinerd in 30 Days - Webinar World Presentation
Webinewbie to Webinerd in 30 Days - Webinar World PresentationHortonworks
 
Driving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data ManagementDriving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data ManagementHortonworks
 
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming FeaturesHDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming FeaturesHortonworks
 
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...Hortonworks
 
Unlock Value from Big Data with Apache NiFi and Streaming CDC
Unlock Value from Big Data with Apache NiFi and Streaming CDCUnlock Value from Big Data with Apache NiFi and Streaming CDC
Unlock Value from Big Data with Apache NiFi and Streaming CDCHortonworks
 
4 Essential Steps for Managing Sensitive Data
4 Essential Steps for Managing Sensitive Data4 Essential Steps for Managing Sensitive Data
4 Essential Steps for Managing Sensitive DataHortonworks
 
5 Steps to Create a Company Culture that Embraces the Power of Data
5 Steps to Create a Company Culture that Embraces the Power of Data5 Steps to Create a Company Culture that Embraces the Power of Data
5 Steps to Create a Company Culture that Embraces the Power of DataHortonworks
 
Exploring the Heated-and Completely Unnecessary- Data Lake Debate
Exploring the Heated-and Completely Unnecessary- Data Lake DebateExploring the Heated-and Completely Unnecessary- Data Lake Debate
Exploring the Heated-and Completely Unnecessary- Data Lake DebateHortonworks
 
Sprint's Data Modernization Journey
Sprint's Data Modernization JourneySprint's Data Modernization Journey
Sprint's Data Modernization JourneyHortonworks
 
Modernize Your Existing EDW with IBM Big SQL & Hortonworks Data Platform
Modernize Your Existing EDW with IBM Big SQL & Hortonworks Data PlatformModernize Your Existing EDW with IBM Big SQL & Hortonworks Data Platform
Modernize Your Existing EDW with IBM Big SQL & Hortonworks Data PlatformHortonworks
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Mais conteúdo relacionado

Mais de Hortonworks

HDF 3.2 - What's New
HDF 3.2 - What's NewHDF 3.2 - What's New
HDF 3.2 - What's NewHortonworks
 
Curing Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging ManagerCuring Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging ManagerHortonworks
 
Interpretation Tool for Genomic Sequencing Data in Clinical Environments
Interpretation Tool for Genomic Sequencing Data in Clinical EnvironmentsInterpretation Tool for Genomic Sequencing Data in Clinical Environments
Interpretation Tool for Genomic Sequencing Data in Clinical EnvironmentsHortonworks
 
IBM+Hortonworks = Transformation of the Big Data Landscape
IBM+Hortonworks = Transformation of the Big Data LandscapeIBM+Hortonworks = Transformation of the Big Data Landscape
IBM+Hortonworks = Transformation of the Big Data LandscapeHortonworks
 
Premier Inside-Out: Apache Druid
Premier Inside-Out: Apache DruidPremier Inside-Out: Apache Druid
Premier Inside-Out: Apache DruidHortonworks
 
Accelerating Data Science and Real Time Analytics at Scale
Accelerating Data Science and Real Time Analytics at ScaleAccelerating Data Science and Real Time Analytics at Scale
Accelerating Data Science and Real Time Analytics at ScaleHortonworks
 
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATATIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATAHortonworks
 
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...Hortonworks
 
Delivering Real-Time Streaming Data for Healthcare Customers: Clearsense
Delivering Real-Time Streaming Data for Healthcare Customers: ClearsenseDelivering Real-Time Streaming Data for Healthcare Customers: Clearsense
Delivering Real-Time Streaming Data for Healthcare Customers: ClearsenseHortonworks
 
Making Enterprise Big Data Small with Ease
Making Enterprise Big Data Small with EaseMaking Enterprise Big Data Small with Ease
Making Enterprise Big Data Small with EaseHortonworks
 
Webinewbie to Webinerd in 30 Days - Webinar World Presentation
Webinewbie to Webinerd in 30 Days - Webinar World PresentationWebinewbie to Webinerd in 30 Days - Webinar World Presentation
Webinewbie to Webinerd in 30 Days - Webinar World PresentationHortonworks
 
Driving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data ManagementDriving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data ManagementHortonworks
 
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming FeaturesHDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming FeaturesHortonworks
 
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...Hortonworks
 
Unlock Value from Big Data with Apache NiFi and Streaming CDC
Unlock Value from Big Data with Apache NiFi and Streaming CDCUnlock Value from Big Data with Apache NiFi and Streaming CDC
Unlock Value from Big Data with Apache NiFi and Streaming CDCHortonworks
 
4 Essential Steps for Managing Sensitive Data
4 Essential Steps for Managing Sensitive Data4 Essential Steps for Managing Sensitive Data
4 Essential Steps for Managing Sensitive DataHortonworks
 
5 Steps to Create a Company Culture that Embraces the Power of Data
5 Steps to Create a Company Culture that Embraces the Power of Data5 Steps to Create a Company Culture that Embraces the Power of Data
5 Steps to Create a Company Culture that Embraces the Power of DataHortonworks
 
Exploring the Heated-and Completely Unnecessary- Data Lake Debate
Exploring the Heated-and Completely Unnecessary- Data Lake DebateExploring the Heated-and Completely Unnecessary- Data Lake Debate
Exploring the Heated-and Completely Unnecessary- Data Lake DebateHortonworks
 
Sprint's Data Modernization Journey
Sprint's Data Modernization JourneySprint's Data Modernization Journey
Sprint's Data Modernization JourneyHortonworks
 
Modernize Your Existing EDW with IBM Big SQL & Hortonworks Data Platform
Modernize Your Existing EDW with IBM Big SQL & Hortonworks Data PlatformModernize Your Existing EDW with IBM Big SQL & Hortonworks Data Platform
Modernize Your Existing EDW with IBM Big SQL & Hortonworks Data PlatformHortonworks
 

Mais de Hortonworks (20)

HDF 3.2 - What's New
HDF 3.2 - What's NewHDF 3.2 - What's New
HDF 3.2 - What's New
 
Curing Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging ManagerCuring Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging Manager
 
Interpretation Tool for Genomic Sequencing Data in Clinical Environments
Interpretation Tool for Genomic Sequencing Data in Clinical EnvironmentsInterpretation Tool for Genomic Sequencing Data in Clinical Environments
Interpretation Tool for Genomic Sequencing Data in Clinical Environments
 
IBM+Hortonworks = Transformation of the Big Data Landscape
IBM+Hortonworks = Transformation of the Big Data LandscapeIBM+Hortonworks = Transformation of the Big Data Landscape
IBM+Hortonworks = Transformation of the Big Data Landscape
 
Premier Inside-Out: Apache Druid
Premier Inside-Out: Apache DruidPremier Inside-Out: Apache Druid
Premier Inside-Out: Apache Druid
 
Accelerating Data Science and Real Time Analytics at Scale
Accelerating Data Science and Real Time Analytics at ScaleAccelerating Data Science and Real Time Analytics at Scale
Accelerating Data Science and Real Time Analytics at Scale
 
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATATIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
 
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
 
Delivering Real-Time Streaming Data for Healthcare Customers: Clearsense
Delivering Real-Time Streaming Data for Healthcare Customers: ClearsenseDelivering Real-Time Streaming Data for Healthcare Customers: Clearsense
Delivering Real-Time Streaming Data for Healthcare Customers: Clearsense
 
Making Enterprise Big Data Small with Ease
Making Enterprise Big Data Small with EaseMaking Enterprise Big Data Small with Ease
Making Enterprise Big Data Small with Ease
 
Webinewbie to Webinerd in 30 Days - Webinar World Presentation
Webinewbie to Webinerd in 30 Days - Webinar World PresentationWebinewbie to Webinerd in 30 Days - Webinar World Presentation
Webinewbie to Webinerd in 30 Days - Webinar World Presentation
 
Driving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data ManagementDriving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data Management
 
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming FeaturesHDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
 
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
 
Unlock Value from Big Data with Apache NiFi and Streaming CDC
Unlock Value from Big Data with Apache NiFi and Streaming CDCUnlock Value from Big Data with Apache NiFi and Streaming CDC
Unlock Value from Big Data with Apache NiFi and Streaming CDC
 
4 Essential Steps for Managing Sensitive Data
4 Essential Steps for Managing Sensitive Data4 Essential Steps for Managing Sensitive Data
4 Essential Steps for Managing Sensitive Data
 
5 Steps to Create a Company Culture that Embraces the Power of Data
5 Steps to Create a Company Culture that Embraces the Power of Data5 Steps to Create a Company Culture that Embraces the Power of Data
5 Steps to Create a Company Culture that Embraces the Power of Data
 
Exploring the Heated-and Completely Unnecessary- Data Lake Debate
Exploring the Heated-and Completely Unnecessary- Data Lake DebateExploring the Heated-and Completely Unnecessary- Data Lake Debate
Exploring the Heated-and Completely Unnecessary- Data Lake Debate
 
Sprint's Data Modernization Journey
Sprint's Data Modernization JourneySprint's Data Modernization Journey
Sprint's Data Modernization Journey
 
Modernize Your Existing EDW with IBM Big SQL & Hortonworks Data Platform
Modernize Your Existing EDW with IBM Big SQL & Hortonworks Data PlatformModernize Your Existing EDW with IBM Big SQL & Hortonworks Data Platform
Modernize Your Existing EDW with IBM Big SQL & Hortonworks Data Platform
 

Último

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 

Último (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Why Cybersecurity Needs Big Data

  • 1. Why Cybersecurity Needs Big Data & Intro to Apache Metron James Sirota, Director Security Solutions March 2017 Michael Schiebel, Cybersecurity Strategy
  • 2. 2 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Michael Schiebel, Cybersecurity Strategy www.linkedin.com/in/michaelschiebel/ James Sirota Director Security Solutions www.linkedin.com/in/jsirota/ Anna Yong Cybersecurity Product Marketing www.linkedin.com/in/4everfusion/
  • 3. 3 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Agenda  Why Cybersecurity Needs Big Data  Intro to Apache Metron  How big data experts can help IT security teams  Case Study: Accelerating Investigation of a Phishing Attack
  • 4. 4 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Why Cybersecurity Needs Big Data
  • 5. 5 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Digital World Generates Big Data That Security Teams Need to Process
  • 6. 6 © Hortonworks Inc. 2011 – 2016. All Rights Reserved6 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Existing Cyber Security Solutions Don’t Scale to the Challenge 82% of breaches happened in minutes 8 months: Average time an advanced security breach goes unnoticed 70%-80% of breaches are first detected by a 3rd party. 2016 Verizon Data Breach Investigations Report Current security tools installed in the data center can’t handle volume of data & threats from everywhere
  • 7. 7 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Cybersecurity Journey Single View into Security Risk Free data from security tools Correlate and discover threats Operational efficiency and governance Predictive insights using machine learning Single unified view of enterprise risk & security posture. Innovate Renovate Single Holistic View Historical Records OPEX Reduction Security Tool Ingest Digital Protection Fraud Prevention Public Data Capture ACTIVE ARCHIVE DATA DISCOVERY PREDICTIVE ANALYTICS Cyber Security Machine Data Risk Modeling
  • 8. 8 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Apache Metron at Capital One CapOne uses HDF to ingest log data into their cyber security data lake and uses Apache Metron to detect threats that cannot be detected by traditional cyber security tools https://youtu.be/Nffx8SKn7l4?t=1h37m50s
  • 9. 9 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Introduction to Apache Metron
  • 10. 10 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Metron Journey Jan 2016 OpenSOC renamed Metron Dec 2016 Accepted into Apache Incubation Oct. 2015 Hortonworks, Mantech, B23 press release Sept 2014 First release of OpenSOC Beta by Cisco April 2014 OpenSOC in production June 2014 OpenSOC Community Edition July 2015 Cisco stops supporting OpenSOC March 2016 First Apache Release
  • 11. 11 © Hortonworks Inc. 2011 – 2016. All Rights Reserved DataServicesandIntegrationLayer Search and Dashboarding Portal Security Data Vault Community Analytical Models Provisioning, Management and Monitoring ModulesReal-time Processing Cyber Security Engine Telemetry Parsers Enrichment Threat Intel Alert Triage Indexers and Writers Cyber Security Stream Processing Pipeline Apache Metron: Incubating Project TelemetryIngestBuffer Telemetry Data Collectors Real-time Enrich / Threat Intel Streams Performance Network Ingest Probes / OtherMachine Generated Logs (AD, App / Web Server, firewall, VPN, etc.) Security Endpoint Devices (Fireye, Palo Alto, BlueCoat, etc.) Network Data (PCAP, Netflow, Bro, etc.) IDS (Suricata, Snort, etc.) Threat Intelligence Feeds (Soltra, OpenTaxi, third-party feeds) Telemetry Data Sources
  • 12. 12 © Hortonworks Inc. 2011 – 2016. All Rights Reserved How Big Data Experts Can Help Security Teams
  • 13. 13 © Hortonworks Inc. 2011 – 2016. All Rights Reserved A Day in the Life of An Analyst: • Too many disparate tools • Too many alerts to process • Too much noise • How to connect the dots of the relevant data points together?
  • 14. 14 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Problem Posed (For Existing Tools) Security Information Management System (SIEM) • I am prohibitively expensive • I have vendor lock-in • I can’t deal with big data • I am not open • I am not extensible enough Legacy Point Tools • I was built for 1995 • I am super specialized • I don’t scale horizontally • I have a proprietary format • You need a PhD to operate me Behavioral Analytics Tools (UEBA) • I have a limited # of models • I am not trained on YOUR data • I am built by a small startup
  • 15. 15 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Problem Posed (For Bad Guys) Advanced Persistent Threat Script Kiddie • I am very unique in a way I do things • I live on your network for about 300 days • I know what I am after and I look for it, slowly • Your rules will not detect me, I am too smart • I impersonate a legitimate user, but I don’t act like one Apache Metron can take everything that is known about me and check for it in real time Apache Metron can model historical behavior of whoever I am impersonating and flag me as I try to deviate • My techniques are predictable and known • My attack vectors are also known • I fumble around a lot • I set off a large number of alerts • You are not the only person I’ve attacked • I brag about what I did or will do Repeatable Patterns Unique Patterns
  • 16. 16 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Case Study: Accelerate Investigation of a Phishing Attack
  • 17. 17 © Hortonworks Inc. 2011 – 2016. All Rights Reserved The “Threat Story” the Workflow Told….
  • 18. 18 © Hortonworks Inc. 2011 – 2016. All Rights Reserved The Challenges faced by the SOC Analyst to Create this Story… Challenge • The analyst had to jump from the SIEM to more than 7 different tools that took up valuable time. • It took more than 24 hours across 2 SOC shifts to investigate, determine scope, remediate and do further forensics/investigation. • Half of my time was spending getting the context needed for me to create the story • The threat was detected too late. Instead of detecting the incident on 4/9, the threat should have been detected on 3/20 when the attacker spoofed Sonja’s email address Need • Want a Centralized View of my data so I don’t have to jump around and learn other tools Eliminate manual tasks to investigate a case • Need to discover bad stuff quicker • Need the System to create the context for me in real-time • The current static rules in the SIEM didn’t detect the threat. Need smart analytics based on: • User Sonja hasn’t used corp gmail in the last 3 months • User Sonja can’t login from Ireland and Southern Cali at the same time
  • 19. 19 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Old School vs. New School Security Controls Email Security Rules Firewall Rules IDS Rules Sandbox Rules DLP RulesOld School -> (1-1) New School -> (1-*) Email Classifier Alerts Triage Malware Family Classifier Network Behavior Classifier UEBA System
  • 20. 20 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Apache Metron Resources http://hortonworks.com/apache/metron/ https://metron.incubator.apache.org/ https://www.meetup.com/futureofdata- london/events/237165504/
  • 21. 21 © Hortonworks Inc. 2011 – 2016. All Rights Reserved Questions?

Notas do Editor

  1. Talk Script: We all know that data is one of the factors changing the world along with as-a-service ad the primary IT delivery methodology. Data is growing, and is everywhere – yet protections still use the obsolete gate-and-moat security paradigm. We now need security solutions that follow the data and protect it wherever and whenever it resides. Example: DNC hack. Podesta emails lost to hackers, and the DNC only found out about it when the FBI told them.
  2. Talk Script: The Cyber Security journey is an iterative one where help our customers identify their current tactical need and show value by: Freeing data from proprietary point security products (Active Archive) Build new value by correlating and visualizing to improve business processes. Enabling the business to leverage predictive analytics to reduce risk and improve efficiency Enable the business to have a single view of the company’s security posture
  3. 8
  4. To understand Apache Metron, we have to first start with the origins of the project which emerged from a Cisco Project called OpenSOC.  Cisco stopped supporting it in July 2015 and their Chief Data Scientist and founding team leader, James Sirota, joined Hortonworks to build Apache Metron, a next generation cybersecurity analytics application built on top of big data technologies (Storm, Spark, Hbase, SOLR, HDFS) and NiFi
  5. TALK TRACK The project is called Apache Metron. It’s an incubating Apache project and we would love for anyone interested in be more involved with it. It’s designed to be a comprehensive via of all cybersecurity data, all accessed through a single pane of glass. The data from multiple sources – security endpoints such as Fireeye, Palo Alto, Bluecoat are part of the picture – these companies are doing amazing well, but from a contextual threat perspective they are part of the story. There are also machine logs, network data, threat intelligence feeds – all together this is collected and then processed through a real-time cyber security engine. On the other side – the far right hand size, you see some of the results that enabled by a full contextual view with real-time stream processing – search and dashboarding portal – a single pane of glass as mentioned, shared community analytics models. This allows everyone, the community as a whole to work together to combat cybersecurity threats that are becoming increasing sophisticated and difficult to counter these days.
  6. These are common tools used by the SOC and what CAP One was investing in before using Apache Metron. There are many challenges associated with each one. I have included examples of some of the most common security tools in a glossary in the Appendix. if you do run into any of these technologies an IT environment, please contact the EP Team
  7. This slide describes two types of hackers. Script kiddie attack patterns are repeating and the advanced hacker uses unique patterns to attack you. The script kiddie wants the power of the hacker without having skills of their own. They are an unsophisticated criminal who cannot create a custom breach and waits for an attack to be weaponized from a known vulnerability. They also create a large amount of noise for security tools. The advanced hacker has been trained or funded by a state or criminal organization ad this where you want most of your resources dedicated because the sponsored agent is aiming for something very specific and these attacks are frequent and much more difficult to detect as they have no known signatures. Apache Metron speeds up the detection of APTs. Find out more here: http://hortonworks.com/apache/metron/
  8. TALK TRACK If you want to know more, here’s some great resources to check out. Please join the Apache Metron community if you would like to participate. We will also be hosting meetsup in various cities – if you have a specific interest please let us know!