Analytics: The Future of Security

Transcription

1 Analytics: The Future of Security Yong Qiao, Vice President of Software Engineering & Chief Security Architect, MicroStrategy

2 Agenda Introduction: Security Analytics Usher Analytics What is Usher Analytics? What can Usher Analytics do today? What data are we collecting? How we process the data Summary What Usher Analytics can do What Usher Analytics brings to an enterprise Questions? 2

3 State of Information Security In a 2014 PwC survey, total number of security incidents reported by 9,700 respondents grew to 42.8M around the world, up 48% from 2013 an average of 117,339 per day. Leading cause of security breaches is user account compromise, especially privileged account compromise, through phishing, spoofing, man-in-the-middle attacks, or other methods. Current solutions fundamentally fail to detect attacks involving compromised credentials. A solution is needed that automatically identifies and quickly prevents threats before organizations are compromised. 3

4 Challenges How to monitor number of login attempts made to an enterprise s on-premise and cloud resources? How to monitor privileged account activities on an enterprise network? How to detect compromised credentials? How to detect suspicious activities and attacks (such as abnormal user behaviors and resource access patterns)? How to detect lateral attacker movement? 4

5 Analytics-Driven Security Detect: Automatically detect compromised credentials, breaches, and lateral movements across an enterprise network, with visibilities into endpoints, mobile devices, and cloud services. Protect: Once a threat is detected, the analytics engine must automatically close the loop with Identity & Access Management system before the threat turns into a breach, making authentication and authorization decisions using risk analytics. Investigate: Provide a full picture of user activities and their interactions with business systems and applications across an enterprise with a rich set of visualization, reporting, and analytics tools. Identify the impact of an incident. Adaptive Intelligent Risk-Based 5

6 What is Usher Analytics? Usher Analytics is the bridge between the award-winning MicroStrategy Analytics platform, and the secure Usher identity platform It draws on both to provide companies with the analytical tools and real-time intelligence to help monitor and protect their networks 6

7 What Can Usher Analytics Do Today? Usher Mobile Network Manager Usher Analytics MD Front-end Usher Vault Back-end Usher DB ETL Usher Analytics DB 7

8 Demo 8

9 What can Usher Analytics do today? Explore your network at the speed of thought 9

10 Demo 10

11 What Data Are We Collecting? Action Type Location User Device Gateway Method of Access Access Status Response Time Time 11

12 This is how we Process the Data Usher Vault Usher DB ETL Usher Analytics DB Grants or denies all transactions These are all logged on the Usher DB Resides in the cloud Contains all the raw data from the Usher vault MySQL Modular and flexible Data refresh up to every 1-3 seconds Written in SQL Data Enrichment using Google API Smooth data Holds the clean data MySQL Resides in the cloud Update info changes 12

13 Summary

14 What Usher Analytics Can Do? Anomaly detection Trend analysis Deltas Ratios Data visualizations Distributions Statistical measurements Transformations Connects to R programming language and therefore can do: Machine learning Network analysis Advanced analytics And more 14

15 What Usher Analytics Brings to an Enterprise This product will impact your whole company. Security Threat detection Facilities and Operations teams will benefit using: Physical and logical gateway management Finance will benefit using: Network adoption HR will benefit using: User engagement Clienteling Mobile Analytics 15

16 Looking Forward Security Analytics It is a journey. 16

17 Questions? Yong Qiao, Vice President of Software Engineering & Chief Security Architect, MicroStrategy