LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A use case in Finance Sector

Size: px

Start display at page:

Download "LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A use case in Finance Sector"

Louise Owen
10 years ago
Views:

1 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A use case in Finance Sector

2 INITIAL SCENARIO IT Security Incidents Physical Incidents Stolen data/credentials Malware / Phishing Denial of Service APTs Money theft Vandalism Employee harassment Social Incidents E-Money Incidents Reputation damage Discredit campaign Mobilize demonstrations Employee harassment Black market cards Transactions fraud Money laundering

Social Incidents E-Money Incidents Reputation damage Discredit campaign Mobilize

3 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE MAIN PROJECT GOALS Scale beyond the fish tanks Data Lake Mix up the data Correlation Get more out of each byte Machine Learning 3

GOALS Scale beyond the fish tanks Data Lake Mix up

4 ARCHITECTURE DATA REALTIME ANALYSIS CEP CORRELATION ENGINE MESSAGE BUS Alerts Handling EVENTS Reporting DATA DATA EVENTS COLLECTION + NORMALIZATION STORAGE BIG DATA REPOSITORY INTELLIGENCE ENGINE LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE 4

NORMALIZATION STORAGE BIG DATA REPOSITORY INTELLIGENCE ENGINE

5 THE DATA LAKE IT SECURITY PHYSICAL E-MONEY MALWARE SOCIAL INCIDENTS INCIDENTS INCIDENTS FEEDS NETWORKS DATA NORMALIZATION

6 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE SOCIAL NETWORKS e-feeling CONCEPT! Calculate people s feeling about the Organization s brand e-feeling Correlation Engine Intelligence Engine Big Data Repository 6

7 MACHINE LEARNING (ML)

8 ML TECHNIQUES APPLIED FORECASTING To Forecast an event occurrence based on past events Ex: Number of Attacks to Organization s website in the next 5 days CLASSIFICATIONS To Classify a new event based on a previous events classification Ex: Classify a transaction as FRAUD / NO FRAUD ASSOCIATION RULES Mine data to find relations in events occurred in same time interval Ex: Every time a netscan is detected, a SQLi is seen 80% of times LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE 8

transaction as FRAUD / NO FRAUD ASSOCIATION RULES Mine data to find relations in events occurred in same time interval Ex: Every

9 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE MACHINE LEARNING OPERATIONS BIG DATA REPOSITORY Driven by Data Scientists & Validated by Organization 9

10 ML IN ACTION PATTERN DISCOVERY Discover patterns among different areas Example: When e-feeling for 3 days, #CyberAttacks 90% of the times Implement the patterns to prevent incidents IF e-feeling for 2 days THEN alert of potential CyberAttack if tomorrow e-feeling decreases again LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE 10

incidents IF e-feeling for 2 days THEN alert of potential CyberAttack if tomorrow e-feeling

11 ML IN ACTION FORECASTING Forecast occurrence of an event based on modelled past ones Example: Tomorrow s number of attacks to Home banking Implement a rule in the Correlation Engine anticipating the possible incidents IF trend of #HomeBanking attacks in the next days, THEN increase the security threat level LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE 11

anticipating the possible incidents IF trend of #HomeBanking attacks in the next days, THEN

12 ML IN ACTION CLASSIFYING Classify new events based on models created after analyzing previous ones Example: Security Risk Scoring of a Home Banking login Feed the results to other applications to provide them with useful info before taking decisions LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE 12

results to other applications to provide them with useful info before taking

13 ML RESULTS SO FAR The Good Ones Improvement of Cyberattacks readiness Better anticipation on people demonstrations calls Decrease of fraud on ATMs Discover new data relationships between areas The Other Ones Numerically good results don t always mean interesting results for the Organization Sometimes, ML attempts take you to deadends LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE 13

Ones Numerically good results don t always mean interesting results for the Organization Sometimes, ML

14 LESSONS LEARNT

15 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE ML & ADAPTATION vs 15

16 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE ML & KNOWLEDGE 16

17 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE MULTI-AREA ENGAGEMENT 17

18 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE DON T SET TOO HIGH EXPECTATIONS 18

19 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE PATIENCE IS REQUIRED 19

20 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE ML HOUSEKEEPING 20

21 LEVERAGING BIG DATA ANALYTICS TO REDUCE SECURITY INCIDENTS A FINANCE SECTOR USE CASE NEXT STEPS Evaluating new technologies to horizontallyscale in memory the Machine Learning process Keep filling the lake 21

22 Thanks for your time! Let s keep in touch Josep Román Senior Indra [email protected]

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion