Security Analytics in Big Data
Alexandre F Moraes, CISSP Solutions Architect Manager Latin America HP Enterprise Security [email protected]
1© Copyright© Copyright 2013 2013Hewlett Hewlett-Packard-Packard Development Development Company, Company, L.P. L.P.The information The information contained contained herein herein is subject is subject to change to change without without notice notice. . Collect HP Enterprise Consolidate Security Correlate
SaaS Hybrid Cloud Finance
PaaS APP Division A Division A Division B IaaS Public Private Cloud Cloud
- Vulnerability Awareness - Proactive Defense - Visibility - Vulnerability Scanning - Flexible Security-Zone Segmentation - Security-Information and Event - Source Code Analysis - Well-Known- and Management System - Software Security Assurance Zero-Day-Exploit Protection - Event Correlation - Adaptive Network Defense - Context-Visibility
2 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. New ! NGFW
1 3 5 7 CONSOLE 115200 N, 8, 1 10#0F
STATUS
CFast Card HA 2 4 6 8 MGMT RESET ALERT POWER
12
80##F
13 15 17 19 CONSOLE 1 3 5 7 9 11 12 115200 N, 8, 1
STATUS
ALERT HA 1 HA 2 2 4 6 8 10 12 14 16 18 20 CFast Card MGMT
S1050F – 500Mbps / 250Mbps (FW+AppID / S8005F – 5Gbps / 2.5Gbps (FW+AppID / FW+IPS) FW+IPS) S3010F – 1Gbps / 500Mbps (FW+AppID / FW+IPS) S8010F – 10Gbps / 5Gbps (FW+AppID / FW+IPS)
3 S3020F© Copyright 2013– Hewlett2Gbps-Packard / Development1Gbps Company,(FW+AppID L.P. The information/ FW+IPS) contained herein is subjectS8020F to change without – notice20Gbps. / 10 Gbps (FW+AppID / FW+IPS) Accelerating innovation & time to value
kaggle SolidFire Pandora Scribd.
Amazon Music iHandy DocuSign SmugMug salesforce.com Every 60 seconds Finance SuperCam Snapfish Urban NetSuite AppFog Travel Xactly Dragon Diction Parse Taleo Joyent Plex Systems LinkedIn UPS Mobile Reference 98,000+ tweets DCC Google Facebook PingMe Lifestyle Atlassian eBay Bromium GoGrid Manufacturing Projects Hosting.com Hyland Splunk CCC Product Configurator SAP HP buzzd Amazon Web Services Tata Communications box.net LimeLight Sport CRM MRM Ariba Scanner Pro Yandex Quickbooks NetReach ScaleXtreme 695,000 status updates Bills of Material Engineering Foursquare cloudability Order Entry NetDocuments Zoho Games SCM Pinterest Hootsuite CloudSigma Inventory Alterian Qvidian Workbrain Quality Control Datapipe Burroughs EMC OpenText CyberShift nebula HP ePrint Twitter HCM Workscape Sage IBM Hitachi Cost Management 11million instant messages Unisys Mobile, Social, Mainframe Client/Server The Internet Kilobytes Megabytes Gigabytes Big Data & The Cloud 698,445 Google searches Zettabytes Cash Management NEC Microsoft Bull ERP Serif HCM Xerox SLI Systems Zynga Time and Expense OpSource Fijitsu Avid Workday Baidu Fixed Assets Elemica iSchedule Costing Navigation Yandex Mixi Accounts Receivable Photo & Video 168 million+ emails sent ADP VirtualEdge Yahoo! SCM Khan Academy Zillabyte Heroku Payroll Billing Yammer Adobe Corel CyberShift PaperHost Renren Activity Management SuccessFactors Entertainment Viber PLM Yahoo Training Kinaxis Education Answers.com Microsoft SugarCRM Atlassian Sales tracking & Marketing Social Networking Rostering Saba BrainPOP RightScale PPM Sonar6 1,820TB of data created Time & Attendance CYworld Quadrem MobileFrame.com YouTube Kenexa Sonar6 Service Business Jive Software Commissions Saba myHomework Database Softscape NetSuite Tumblr. Qzone Claim Processing Intacct Fring Toggl News Exact Online Amazon dotCloud Data Warehousing Cornerstone onDemand Xing Cookie Doodle New Relic Mozy FinancialForce.com 217 new mobile web users Softscape MailChimp PingMe Utilities Zynga Ah! Fasion Girl Volusion IntraLinks Associatedcontent BeyondCore SmugMug MobilieIron Atlassian Productivity Fed Ex Mobile Rackspace Flickr Yottabytes TripIt Twitter Paint.NET
4 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Big Data
• Walmart : 1 Million of Transactions per Hour: 2.56 Terabytes / day
• Facebook: 50 Billions of pictures in the database
• 50 % of the data is non structured: video, images, audio...
5 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Big Data landscape
Annual Machine Data Human Information Growth ~100% 90% of Information
Business Data
~10%
10% of Information Business challenge Opportunities lost
Competitive advantage in the digital universe in 2012 Massive amounts of useful data are getting lost
% of data that would % actually being be potentially useful tagged for Big Data IF tagged and Value (will grow to analyzed 23% 3% 33% by 2020)
0.5% % of the Digital Universe that actually is being tagged and ¹Source: IDC The Digital Universe in 2020, December 2012 analyzed Technology challenge Legacy techniques have fallen short.
Stale technologies Talent shortage 86% of corporations cannot deliver the right information, at the right time to support enterprise outcomes all of the time³ ³Source: Coleman Parkes Survey Nov 2012
IT frustration Lack of insight HAVEn – the #1 Big Data platform
HAVEn
n Hadoop Autonom Vertic Enterpris Apps / y a e HDFS IDOL Security Powering Scale Source Speed Secure HP Software + your apps
Transactional Social media Video Audio Email Texts Mobile data Documents IT/OT Search engine Images hp.com/haven Proactive Protection - Security Analytics
Hadoop Turning events & logs into actionable intelligence Autonomy • Powered by HP HAVEn Harness the power of ArcSight SIEM and Vertica Analytics Vertica
• Reduce false positives Enterprise Security • Minimize impact of security breach n-Apps • Transform security from defense to proactive protection
10 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Business Security Weather Threat feeds Log Org structure TX data s
App2
App 3 App1
Vertica ArcSight ESM
Intelligence Events + context + analytics 11 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ArcSight Security Alert
Spikes in logins: Johnp
12 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Invoke Vertica with event context
Right click Integration command
14 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Login by Site
10000 8000 6000 4000 2000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Login by Role
10000 8000 6000 4000 2000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
15 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Proactive Protection - Security Analytics
Hadoop Detecting Information Leakage Autonomy • Powered by HP HAVEn Harness the power of ArcSight SIEM and Autonomy IDOL Vertica
• Distill meaning and make decisions based on it, not just Enterprise Security match keywords or tags n-Apps • “judge” events based on their context
16 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Sample Usecase: Detecting Information Leakage 1
3
2 1. Data access (file, email) 2. Event sent to ESM IDOL ESM 3. Query sent to IDOL 4. Context sent to ESM 5 5. Rules fired
4
17 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Sample Usecase: Information at Risk
1
3
2 1. Attack target 2. Events sent to ESM IDOL ESM 3. Query sent to IDOL 4. Context sent to ESM 5 5. See next slide
4
18 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Sample Usecase: Data under Attack (cont’)
Information Store
Information @ Risk Information Store Patents
19 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Sample Usecase: Threat Monitoring through Sentiment Analysis
• Intelligence has a long history of providing pivotal information to decision- makers
• Monitoring the spiraling amount of user generated content on the internet (social media) and analyze it for sentiment
20 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Sample Usecase: Threat Monitoring through Sentiment Analysis
21 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. hp.com/haven
Develop Operate
HAVEn Monetize Secure
Govern
22 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.