Intelligence-Driven Security

Transcription

1 Intelligence-Driven Security Using Big Data Analytics to Detect the Unknown Adversary Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC 1

2 A Transformation in IT Virtual Data Centers, Cloud Compute and BYOD Traditional Data Center Modern Data Center Dedicated, Vertical Gaps and Stacks Dynamic Pools Of Compute & Storage 2

3 A Transformation in Attackers Unsophisticated Sophisticated Financial Financial Amateur Organized Social Regional Global Fundamental Fundamental Opposed Destabilizing 3

4 A Transformation in Attack Vectors 1 STEALTHY LOW AND SLOW 2 TARGETED SPECIFIC OBJECTIVE 3 INTERACTIVE HUMAN INVOLVEMENT Attack Pivot and Hide Cover Intrusion Dwell Time Response Time Prevention Identification Response A Reduce Dwell B Speed Response 4

5 Can You Respond Fast Enough? 85% 60% breaches take weeks or more to discover risk reduced when breach response under 2 hours Source: Verizon 2012 Data Breach Investigations Report, NYT 5

6 Current Approaches are Insufficient Policy Admin Policy Enforcement Policy Decision Policy Enforcement User Node n Policy Enforcement 6

7 How do you find the Critical Incidents? Proprietary and Confidential To Silver Tail Systems 7

8 Fighting Advanced Threats With Big Data Analysis Visibility Speed Intelligence Find target height (H), width (W), position (P), from level (L), at time (T) with changed P to P, P, P over T1, T2, T3 8

9 Structured + Unstructured Data = Big Telemetry, Location-Based, etc. Structured in Relational Databases Managed, Unmanaged & Unstructured Internet of Things Non-Enterprise 9

10 IN 2000 THE WORLD GENERATED TWO EXABYTES OF NEW INFORMATION EVERY DAY Sources: How Much Information? Peter Lyman and Hal Varian, UC Berkeley, IDC Digital Universe Study. 10

11 FBI THE LEADING EDGE OF BIG DATA: THEN AND NOW 11

12 Wikipedia THE LEADING EDGE OF BIG DATA: THEN AND NOW 12

13 Big Data Analytics: Not a New Idea Used Already in Many Industries Risk Assessment Price Optimization Monte Carlo Regression Product Recommendation Finance Retail Online Casino Travel Insurance 13

14 Global Flight Analysis 60,000 Aircraft Routes Sensors On Each Gas Turbine Engine = 1Tb/day

15 New Wave of Big Data Technologies Hadoop Hive Machine Learning Vertica MapReduce SciPy Mahout Behavior Analysis Business Esper MATLAB Sentiment Analysis kdb Revolution R Predictive Models Greenplum AMPL Network Analysis ETL Netezza SPSS Visualization Objectives ECL Teradata SAS Simulation Data Analytics Insights 15

16 Expanding Use Cases and New Norms 16

17 The Promise of Big Data Analytics Focus Now on People, Data Flow and Transactions Traditional People Data Center Data Flow Transactions Challenges Modern Data Center ID and Authenticity Complex Relationships New and Different Layers Opportunities with Data Velocity Variety Volume Vulnerability Big Big Dedicated, Vertical Gaps and Stacks Dynamic Pools Of Compute & Storage 17

18 VLC DDoS Analysis 30 Gbps 200 Downloads/sec 400 Requests/sec 18

19 Security Product Evolution Response Speed After Near Real Single Well- Defined Events Platform IDS Data Scope Normalize d Raw SIEM Security Analytics Closely Related Events Isolated Events Correlated 19

20 Security Analytics Platform Big Data Analytics Governance Data Alert & Report Compliance Apps Systems Store Investigate & Analyze Visualize Incident Management Network Respond Remediation Public & Private Threat Intelligence 20

21 Applying Security Analytics Focus Now on People, Data Flow and Transactions People Analysis Engine Data Flow Transactions Device Profile Fraud Network User Behavior Profile 21

22 Adaptive & Risk-Based Authentication Step Up Authentication Analysis Engine High Risk Two-Factor Out Of Band User Action Challenge Q s Proceed As Normal Device Profile Fraud Network User Behavior Profile 22

23 23

24 Thank You 24