How Using Big Data in Security Helps (and Hurts) Us

Transcription

1 How Using Big Data in Security Helps (and Hurts) Us Kerry Matre, CIPP/US

2 What is your role? 2

3 $300 Billion 3

4 What do insiders look like? 4

5 Basic insider threat monitoring Block IPs Signature based monitors Malicious packets User privileges Bad guys know these types of controls and can get around them 5

6 What else can we do? Employ big data 6

7 Big data and data enhanced security Volume Large amounts of data Velocity Need to be analyzed quickly Variety Different types of structured and unstructured data UNSTRUCTURED DATA s and files Social media and chat sessions Websites and audio or video STRUCTURED DATA FW, IDS/IPS, and others Identity and access management Applications 7

8 Behavioral analytics ID creation After hours access High volume Failed logins monitoring to/from Attachments Social media sentiment 8

9 Edward Snowden - NSA High-risk user Contractor, new employee Excessive access Negative sentiment Downloading sensitive documents 9

10 Data Fusion The more perspectives of an object creates a moretrue view of the object 10

11 Identity profiling address address Cell Phone IP address Cell Phone IP address Me(2) Address Cell Phone Business Phone Me(3) Children Facebook ID Children Facebook ID Mac Address Database login Me address Mac Address EMR login IP address Mac Address LinkedIn ID Badge 11

12 Amazon does it, so why can t we? Profiling You might also like Predictive shipping Work habits Health habits Fraud habits 12

13 Who gets to decide? 13

14 Just because you can, doesn t mean you should

15 Just because you can, doesn t mean you should Focus on the reasons for employing big data / data enhanced security Risk reduction Cost reduction breach identification and notification But remember to investigate the privacy impact Employees Customers Business 15

16 Big data strategy checklist Business People Process Technology Mission General General General Accountability Sponsorship Relationship Deliverables Vendor engagement Facilities Training Certifications Experience Skill assessments Career path Leadership Operational processes Analytical processes Business processes Technology processes Architecture Data collection Monitoring Correlation 16

17 Answer the Why? The How? and the Then What? People Process Technology Organizational structure best practices and training Limit data access Monitor those who monitor the data Decide corporate identity, get executive sponsorship Policy creation and enforcement Organizational metrics for accountability Determine collection sources and confirm the usage is consistent Understand vendor relationships and their rights to the data A > B > C 17

18 Have a Big Data strategy! 18

19 Thank you