BigData and (in)security Considerations
Technology Trends Reshaping Business Cloud Computing Amazing Applications That Change Our World Fast, Widespread Wireless/Wireline IP Networks Powerful Mobile Computing Devices Most Organizations are reengineering the way they do business. 2
Government/Education Interactions Finance Communities Compliance Communities Demand Communities Compliance Payment & Settlement Fulfillment Revenue Logistics Service Providers Brokers Carriers Suppliers/ Distributors Banks & Credit Escrow/ Endowments Agents Student Finance Regulatory Authorities Government Authorities Industry Standards Organizations Retailers Consumers Parents/ Students Constituents Education Distributors, Vendors Partners IT/Software IT Standards Community Financial Investment Management Industry/Education/ Government Organizations Your Organization Marketing Legal Security Logistics & Facilities Communities
Technology Diversity Security Managed Hosting Utility Computing Replication & Storage Computing Power On Demand Application Platform On Demand Global Geographic Diversity Smartphone & Laptop Back up Domestic Geographic Diversity Virtual Cloud Private Cloud Collocation 4 Cloud & Hosting Services
Security Security Vendor and Partner Choices Application Hosting & Pro Services Application Hosting & Pro Services Application Hosting & Pro Services Application Hosting & Pro Services Business Application Mobilization Middleware Software as a Service Enablement Application Management Video Management ecommerce Application Hosting & Pro Services WebSphere Hosting & Services Application Management Content Delivery Network Digital Signage Content Acceleration Application Services 5
Access and Communications Choices Security Remote Access Domestic MPLS Global MPLS Web & Audio Conferencing Unified Communications Wireless WAN Telepresence Legacy Data Networking Web & Email Security Integrated Voice & Data Internet Access Local & Long Distance Network Sourcing Firewall, Bandwidth, & Mobile Security as a Service 6 Network Services
Mobility Explosion Security Mobile Device Management Mobile Messaging Global Mobile Compatibility Simultaneous Voice & Data Business Applications Mobile Commerce Mobile Resource Management $ Mobile Productivity Solutions Tablets Machine to Machine Laptops & Netbooks SmartPhones Legacy Cell Phones Global Wi Fi Access Fixed Mobile Convergence 7 Mobility Services
Mandates and More Security Custom Application Development Software Implementation, Enhancements & Upgrades ecommerce Strategy SAS 70 / SSAE 16 / ISAE 3402 PCI Regulatory Compliance GLB Sarbanes-Oxley ISO 27001/2 RFID Supply Chain Logistics WWWAN Architecture Assistance Assess Security Risk Of Evolving Application-based Mobile Technologies Systems Integration Data Warehouse Application Consulting Disaster Recovery Strategy Cloud & Hosting Consulting Unlock Your Applications Rise Above the Cloud Protecting Interests Your GovEd Organization Putting all of the Pieces Together Mobilize Everything Connect To Your World Mobility Consulting Telemetry Solution Development Network Consulting Network Architecture Assistance Firewall Assessments Customer Data Protection Cloud Strategy Application Acceleration Network Integration Custom Hardware Solutions 3 rd Party Mobile Apps Equipment Staging, Cabling, and Wiring Incident Response & Forensics Security Event Management
$ecurity BigData and (in)security Considerations BigData
The threat Landscape is changing
Concerns are real not FUD Alaska Department of Health and Social Services the state Medicaid agency, has agreed to pay the U.S. Department of Health and Human Services (HHS) $1,700,000 to settle possible HIPAA violations. Alaska DHSS has also agreed to take corrective action to properly safeguard the electronic protected health information (ephi) of their Medicaid beneficiaries Utah Department of Health March 30, approximately 780,000 Medicaid patients & recipients of the Children's Health Insurance Plan had personal information stolen after a hacker from Eastern Europe accessed the Utah Department of Technology Service's server. South Carolina Department of Revenue Breach $25m and climbing. Employee opened a phishing email on a personal machine infected a thumb drive inserted thumb drive in DOR PC low and slow extraction of data from DOR data base SC DOR no longer allows employees to use state machines for personal use.. Can not access during lunch or after work.
Concerns are seen early by BigData BigData Advisory Cisco Security Advisory Cisco ASA5500 Series Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device. Protect Alert Increased scan sources on port 135/tcp Increase scanning on port 135/TCP. Port 135/TCP is commonly associated with epmap to manage services like Exchange, AD, DHCP, DNS and WINS. The current scanning activity appears to be an attempt to identify open DCE/RPC Locator Services to target vulnerable systems for malicious purposes. Several malware (Randex, Spybot, Sdbot and Ircbot) are know to use 135/tcp. 12
With BigData BigData Resources that benefit Gov/Ed Organizations: Extremely (elastic) Large Network Resources: Teams and Organizations with Expertise Full-time/part-time security professionals with training and credentials Benefit from real-time knowledge-base and tools Page 13
What BigData Sees/Monitors 33 petabytes of data traffic per day on average (peta = 1 million gigbytes) Wireless subscribers >150M not simply cell phones Hand-held computers BigData has large Wi-Fi network view with hundreds of thousands of WiFi hotspots around world. BD has more than one billion devices connected to its network at any given time Billions of IP flows go through a BigData analysis DB per hour on average. 14
With BigData behind you: Correlation of your events with a large threat intelligence databases in the world Proactive signatures Custom tools for early detection Resources for mitigation BigData offers a unique global view of traffic & threats that can not be replicated. 15
Viewing Internet Activity Through a BigData Portal. Using BigData Engines (Monitoring, Correlating, Trafficking, etc.) to support mitigation and prevention of penetrations.
HOW BigData Identifies Vulnerabilities Correlation Across Network, Servers & Applications 17 20 5 2 2 8 Network Security GNOC Security Analysis (Profile/Anomaly Based) 2842 Real-Time Alerts & Alarms with Severity & Likely Source Security Professionals Profiling Engine What You Expect as Normal Monitoring Engine What you Actually See Correlation Engine Normalized Database of Alerts 24 x 7 monitoring Documented process Moving terabytes of data worldwide Protection against many security events Page 17
DDoS Defense Diversion Overview IP Network 2842 17 20 5 2 2 8 1. BigData Partner Detects DDoS attack 2. Activate Scrubbing Complex BGP announcement 1.2.3.4/32 Scrubbing Complex 3. Withdraw routes to alternate ISP Targeted servers 1.2.3.4/24 18 Non-targeted servers
DDoS Defense Diversion Overview 17 20 5 2 2 8 IP Network 2842 3. Divert only the Target s traffic to Scrubber 4. Scrubber Identifies and filters the malicious traffic Scrubbing Complex 6. Scrubbed Legitimate Traffic Flows back to targeted devices Targeted servers 1.2.3.4/24 19 Non-targeted servers
BigData BigData BigData
Service Support Model / Flow IDS Alarms Firewall Logs DLP Alarms Netflow Proxy Logs Server Alarms Internet Alarms DDOS Detection VPN Logs Honey Pots Real-Time Alerts & Alarms with Severity & Likely Source Monitoring Engines Correlation Engines Flow Analysis
Service Support Model / Flow IDS Alarms Firewall Logs DLP Alarms Netflow Proxy Logs Server Alarms Internet Alarms DDOS Detection VPN Logs Honey Pots Real-Time Alerts & Alarms with Severity & Likely Source Monitoring Engines Correlation Engines Flow Analysis Security Professionals Global Network Security Security Analysis (Profile/Anomaly Based)
Service Support Model / Flow IDS Alarms Firewall Logs DLP Alarms Netflow Proxy Logs Server Alarms Internet Alarms DDOS Detection VPN Logs Honey Pots Security Information Mitigation Plan Security Support Real-Time Alerts & Alarms with Severity & Likely Source Monitoring Engines Correlation Engines Flow Analysis Security Professionals BigData Network Security GNOC Security Analysis (Profile/Anomaly Based)
Security Event Threat Management System
Customer Information Flow Data Collection Analysis BigData IP Backbone Feeds Flow data Others Others Others Registry Internet Based Intelligence Customer Notification Alarms IDS Customer Intranet Feeds Others Others Others FW Logs Customer Intranet Data Correlated Alerts Customer Portal 25
Security Event & Threat Analysis Notification of prioritized events based on their risk to the company and the ability to mitigate them. Recommended mitigation plan provided as part of BigData determined critical and actionable alerts Custom Periodic Threat Analysis Report identifying threats that may effect your business Page 26
BigData Security Solutions A Defense-in-Depth Approach: Many types of data share the same cable Application Data Traffic Business Applications FTP - File Transfer Telenet Data connections HTTP / HTTPS Web Browsers and Secure Web Pages SMTP E-Mail VPN Site-to-Site and Users IPSec NAT-T, SSL, etc. Token (hard or soft) Security Protecting different data different ways. E-Mail concerns are different then Denial of Service Concerns Data requirements and exposure can effect all parts of your organization. Protection where needed Defense-in-Depth approach to securely protect your business. Passing packets, or augmenting your team through services is Defense-in-Depth. Protection where you need it - when you need it. 24x7 Always on - always available BigData Network Operating Center and Security Solution teams - There when you need them. 27
Secure E-Mail Gateway (SEG) Protecting Against Inbound Threats, While Delivering Outbound Policy Enforcement, Disaster Recovery, and Archiving Of E-mail Data Put the Moat outside your business - Where it belongs BigData Network-based solution blocking spam, viruses, and other inbound e-mail malware threats with an additional layer of protection against loss of sensitive information and services. DLP Data Loss Protection PII Personal Identifiable Information Disaster Recovery Support for months with mail- bagging in the event of expected or unexpected e-mail downtime. access to these e-mails during outage Multi-layered e-mail filtering protection Encryption features to support your data loss prevention strategies 28
29
BigData Web Security URL Filtering, Company Policy Enforcement and Protection Stop New and Known Malware at the Internet Level Inbound / Outbound Real-Time Scanning across multiple, correlated detection technologies Zero-Day concerns dynamically identified by working with massive amounts of Web Data Processes Outbreak Intelligence using proprietary, proactive, heuristics technology Proactively identify threats, rapidly develop heuristics, and test these against real data. Ensuring accuracy, effectiveness and immediate protection. Anywhere+ - Same protection / enforcement for roaming assets (laptops) when away from office. Page 30
BigData = World Class Security Operations World Class Security NOC Physical Redundancy Documented Operational Security Procedures 24x7 monitoring and management State of the art systems that monitor and manage thousands of devices Systems that collect terabytes of data Correlate thousands of security events Top Notch Security Expertise CCNP, CCIE, GCIA, CISSP, MCSE, and Unix certified professionals Strong Security Skills Incident Handling and Intrusion Detection In depth understanding of TCP/IP Years of experience Lead in Industry Standards of Excellence Global Network Security GNOC Industry Thought Leaders 31
BigData offers A Defense-in-Depth: Approach to Security Security Consulting Security Event & Threat Analysis Network-Based Firewall Solutions Intrusion Detection and Intrusion Protection Solutions Email & / or Web Filtering Protection Internet BigView & DDoS Defense SOLUTION: Move the Moat Outside the Castle. Michael Light, Emerging Technologies Consultant Michael.Light@att.com 843.814.7935 2010 AT&T Intellectual Property. All rights reserved. AT&T Proprietary 32 (Internal Use Only) Page 32