Security Analytics in Big Data

Alexandre F Moraes, CISSP Solutions Architect Manager Latin America HP Enterprise Security [email protected]

1© Copyright© Copyright 2013 2013Hewlett Hewlett-Packard-Packard Development Development Company, Company, L.P. L.P.The information The information contained contained herein herein is subject is subject to change to change without without notice notice. . Collect HP Enterprise Consolidate Security Correlate

SaaS Hybrid Cloud Finance

PaaS APP Division A Division A Division B IaaS Public Private Cloud Cloud

- Vulnerability Awareness - Proactive Defense - Visibility - Vulnerability Scanning - Flexible Security-Zone Segmentation - Security-Information and Event - Source Code Analysis - Well-Known- and Management System - Software Security Assurance Zero-Day-Exploit Protection - Event Correlation - Adaptive Network Defense - Context-Visibility

1 3 5 7 CONSOLE 115200 N, 8, 1 10#0F

STATUS

CFast Card HA 2 4 6 8 MGMT RESET ALERT POWER

80##F

13 15 17 19 CONSOLE 1 3 5 7 9 11 12 115200 N, 8, 1

STATUS

ALERT HA 1 HA 2 2 4 6 8 10 12 14 16 18 20 CFast Card MGMT

S1050F – 500Mbps / 250Mbps (FW+AppID / S8005F – 5Gbps / 2.5Gbps (FW+AppID / FW+IPS) FW+IPS) S3010F – 1Gbps / 500Mbps (FW+AppID / FW+IPS) S8010F – 10Gbps / 5Gbps (FW+AppID / FW+IPS)

3 S3020F© Copyright 2013– Hewlett2Gbps-Packard / Development1Gbps Company,(FW+AppID L.P. The information/ FW+IPS) contained herein is subjectS8020F to change without – notice20Gbps. / 10 Gbps (FW+AppID / FW+IPS) Accelerating innovation & time to value

kaggle SolidFire Pandora Scribd.

Amazon Music iHandy DocuSign SmugMug salesforce.com Every 60 seconds Finance SuperCam Snapfish Urban NetSuite AppFog Travel Xactly Dragon Diction Parse Taleo Joyent Plex Systems LinkedIn UPS Mobile Reference 98,000+ tweets DCC Google Facebook PingMe Lifestyle Atlassian eBay Bromium GoGrid Manufacturing Projects Hosting.com Hyland Splunk CCC Product Configurator SAP HP buzzd Amazon Web Services Tata Communications box.net LimeLight Sport CRM MRM Ariba Scanner Pro Yandex Quickbooks NetReach ScaleXtreme 695,000 status updates Bills of Material Engineering Foursquare cloudability Order Entry NetDocuments Zoho Games SCM Pinterest Hootsuite CloudSigma Inventory Alterian Qvidian Workbrain Quality Control Datapipe Burroughs EMC OpenText CyberShift nebula HP ePrint Twitter HCM Workscape Sage IBM Hitachi Cost Management 11million instant messages Unisys Mobile, Social, Mainframe Client/Server The Internet Kilobytes Megabytes Gigabytes Big Data & The Cloud 698,445 Google searches Zettabytes Cash Management NEC Microsoft Bull ERP Serif HCM Xerox SLI Systems Zynga Time and Expense OpSource Fijitsu Avid Workday Baidu Fixed Assets Elemica iSchedule Costing Navigation Yandex Mixi Accounts Receivable Photo & Video 168 million+ emails sent ADP VirtualEdge Yahoo! SCM Khan Academy Zillabyte Heroku Payroll Billing Yammer Adobe Corel CyberShift PaperHost Renren Activity Management SuccessFactors Entertainment Viber PLM Yahoo Training Kinaxis Education Answers.com Microsoft SugarCRM Atlassian Sales tracking & Marketing Social Networking Rostering Saba BrainPOP RightScale PPM Sonar6 1,820TB of data created Time & Attendance CYworld Quadrem MobileFrame.com YouTube Kenexa Sonar6 Service Business Jive Software Commissions Saba myHomework Database Softscape NetSuite Tumblr. Qzone Claim Processing Intacct Fring Toggl News Exact Online Amazon dotCloud Data Warehousing Cornerstone onDemand Xing Cookie Doodle New Relic Mozy FinancialForce.com 217 new mobile web users Softscape MailChimp PingMe Utilities Zynga Ah! Fasion Girl Volusion IntraLinks Associatedcontent BeyondCore SmugMug MobilieIron Atlassian Productivity Fed Ex Mobile Rackspace Flickr Yottabytes TripIt Twitter Paint.NET

• Walmart : 1 Million of Transactions per Hour: 2.56 Terabytes / day

• Facebook: 50 Billions of pictures in the database

• 50 % of the data is non structured: video, images, audio...

Annual Machine Data Human Information Growth ~100% 90% of Information

Business Data

~10%

10% of Information Business challenge Opportunities lost

Competitive advantage in the digital universe in 2012 Massive amounts of useful data are getting lost

% of data that would % actually being be potentially useful tagged for Big Data IF tagged and Value (will grow to analyzed 23% 3% 33% by 2020)

0.5% % of the Digital Universe that actually is being tagged and ¹Source: IDC The Digital Universe in 2020, December 2012 analyzed Technology challenge Legacy techniques have fallen short.

Stale technologies Talent shortage 86% of corporations cannot deliver the right information, at the right time to support enterprise outcomes all of the time³ ³Source: Coleman Parkes Survey Nov 2012

IT frustration Lack of insight HAVEn – the #1 Big Data platform

HAVEn

n Hadoop Autonom Vertic Enterpris Apps / y a e HDFS IDOL Security Powering Scale Source Speed Secure HP Software + your apps

Transactional Social media Video Audio Email Texts Mobile data Documents IT/OT Search engine Images hp.com/haven Proactive Protection - Security Analytics

Hadoop Turning events & logs into actionable intelligence Autonomy • Powered by HP HAVEn Harness the power of ArcSight SIEM and Vertica Analytics Vertica

• Reduce false positives Enterprise Security • Minimize impact of security breach n-Apps • Transform security from defense to proactive protection

App2

App 3 App1

Vertica ArcSight ESM

Spikes in logins: Johnp

12 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Invoke Vertica with event context

Right click Integration command

10000 8000 6000 4000 2000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Hadoop Detecting Information Leakage Autonomy • Powered by HP HAVEn Harness the power of ArcSight SIEM and Autonomy IDOL Vertica

• Distill meaning and make decisions based on it, not just Enterprise Security match keywords or tags n-Apps • “judge” events based on their context

2 1. Data access (file, email) 2. Event sent to ESM IDOL ESM 3. Query sent to IDOL 4. Context sent to ESM 5 5. Rules fired

2 1. Attack target 2. Events sent to ESM IDOL ESM 3. Query sent to IDOL 4. Context sent to ESM 5 5. See next slide

Information Store

Information @ Risk Information Store Patents

• Intelligence has a long history of providing pivotal information to decision- makers

• Monitoring the spiraling amount of user generated content on the internet (social media) and analyze it for sentiment

Develop Operate

HAVEn Monetize Secure

Govern