Axa Assurance Maroc - Insurer Innovation Award 2024
Cybersecurity with Apache Metron and Apache Solr - Ward Bekker, Hortonworks & Scott Cote, Lucidworks
1. Cybersecurity with Apache
Metron and Apache Solr
Ward Bekker - Solutions Engineer, Hortonworks
Scott Cote - Senior Software Engineer, Lucidworks
1
2. Agenda for today’s talk
• Introduction
• Why Apache Metron?
• What is Apache Metron?
• What does Apache Metron look like?
• Who’s using Apache Metron?
• Apache Metron Ecosystem
• Demo!
2
3. Ward Bekker
• Hortonworks Solutions Engineer NEMEA
• SME Cybersecurity
• Apache Metron Contributor
• Twitter: @wardbekker
Ward Bekker
4. Ward Bekker
•Lucidworks Senior Software Engineer - Fusion Server
•Core Engineering
•Founder of DFW Data Science User Group
•Twitter: @scottccote & @DFWDataScience
Scott Cote
25. Apache SOLR usage in metron
Apache Metron
Stream Processing
pipeline
WARM/COLD INDEX LAYER: Data
Vault, Data Science workbench,
PCAP forensics,...
HOT INDEX LAYER: Real-time
search
Visualisation &
investigation
Apache Metron
Investigator
Apache Zeppelin
26. Built on top on proven open source big data technology
34. Who is using Apache Metron?
34
• Managed security service providers
• Telstra
• QSight/KPN
• Financial institutions
• Capital One
• Telecom providers
• Automotive industry
• Defense ministries
• Country-wide government initiatives
36. Apache Metron Ecosystem
36
• Visualisation and Exploration
• Real-time interactive dashboarding
• Infrastructure
• Pre-built appliances optimized for Metron
• Reporting and Compliance
• NIST and other frameworks
https://hortonworks.com/blog/building-a-cybersecurity-eco-system-on-a-shared-data-platform/
38. Demo Steps
• Uploading blobs to an Fusion Application
• One of those blobs is actually malware
• Fusion logs are ingested in Metron
• Compare the md5 signature of blobs to
know malware
• Metron Investigator UI to triage the scored
events
38