Big Data Trust and Reputation, Privacy Cyber Threat Intelligence

Similar documents
Big Data Security. Kevvie Fowler. kpmg.ca

Open Software and Trust Better Than Free? April 28, 2015 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time

Mobile App Security: Who Else is on Your Device? August 27, 2013

Dorian Grey & The Net: Social Media Monitoring. November 18, 2014 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time

Network Security Testing

GRC/Cyber Insurance. February 18, Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London. Join the conversation: #ISSAWebConf

BYOD to the Cloud May 28, 2013

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

A Study on Security and Privacy in Big Data Processing

Cyber Analysis Tools:

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Data safety at UXprobe. White Paper Copyright 2015 UXprobe bvba

Cloud Data Security. Sol Cates

Asset Management In A Consumerized World

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Securing the Database Stack

White Paper. Intelligence Driven. Security Monitoring. v nexusguard.com

Organizational Impact of Big Data on Privacy & Security

Social Media Get Beyond the Hype and Find Out the True Business Value

Vyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?

NIST Big Data Public Working Group

Agenda 4/21/ Big Data Level Set 2. Who are we? 3. What do we do? 4. What have we done so far? 5. What are we working on? 6.

Are You Ready for Big Data?

Introduction to Cyber Security / Information Security

Big Data: Controlling the Perfect Storm September 24, 2013

REVOLUTIONIZING ADVANCED THREAT PROTECTION

HTTPS Inspection with Cisco CWS

Data Refinery with Big Data Aspects

Moderator: Panelists: Panel #2 Big Data: Application Security and Privacy. Keith Swenson, VP of Research and Development, Fujitsu America, Inc.

How to Dominate Your Local Market Online Now

1. Understanding Big Data

On the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma CpE /24/2016

Are You Ready for Big Data?

Business Case for Voltage Secur Mobile Edition

INTRODUCTION TO APACHE HADOOP MATTHIAS BRÄGER CERN GS-ASE

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Vess A2000 Series HA Surveillance with Milestone XProtect VMS Version 1.0

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Campaign Goals, Objectives and Timeline SEO & Pay Per Click Process SEO Case Studies SEO & PPC Strategy On Page SEO Off Page SEO Pricing Plans Why Us

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

Tableau Online Security in the Cloud

Security Controls for the Autodesk 360 Managed Services

Global ediscovery Client Data Security. Managed technology for the global legal profession

THEODORA TITONIS VERACODE Vice President Mobile

Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience

Troux Hosting Options

Talen Energy Corporation Website Privacy Notice

Cloud Computing. What s the Big Deal? Michael J. Carey Information Systems Group CS Department UC Irvine

Protecting Your Network Against Risky SSL Traffic ABSTRACT

Redefining SIEM to Real Time Security Intelligence

Getting Started Guide

How Using Big Data in Security Helps (and Hurts) Us

Enterprise Security Solutions

Ready Set Grow. From Push to Pull: Creating Demand for your Offering. Season Three Webinar Two. Session Summary. May 11, 2010.

#ITtrends #ITTRENDS SYMANTEC VISION

Protect Your Online Footprint. HINTS & TIPS provided by MWR InfoSecurity and the Data Baby project

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

The Internet of Things (IoT) Opportunities and Risks

Cybersecurity: Navigating a Changing Landscape

Increase insight. Reduce risk. Feel confident.

The Future of Data Management

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

How To Manage Security On A Networked Computer System

Key Security Questions to Ask a Financial Data Aggregation Provider Is the data aggregation partner you re considering following the best practices

BeyondInsight Version 5.6 New and Updated Features

Ahead of the threat with Security Intelligence

MANAGED MICROSOFT AZURE SERVICES

Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?

ON24 Platform 10 Webcasting Industry Standard for Demand Generation and Customer Engagement

Westcon Presentation on Security Innovation, Opportunity, and Compromise

Secure any data, anywhere. The Vera security architecture

What are cloud services?

Public Cloud Security: Surviving in a Hostile Multitenant Environment

Assessing Risks in the Cloud

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Advanced Diagnostics Limited ( We ) are committed to protecting and respecting your privacy.

Chapter 6. Foundations of Business Intelligence: Databases and Information Management

The Cloud Balancing Act for IT: Between Promise and Peril

Solve Your Top 10 Security Threats with TitanFile

Learning Management Redefined. Acadox Infrastructure & Architecture

ZOOMIN.TV PRIVACY POLICY Last updated: 5 August 2014

Secure Cloud-Ready Data Centers Juniper Networks

Internet Explorer Services - What Makes Them Different?

White Paper How Noah Mobile uses Microsoft Azure Core Services

Innovative Security for an Accelerating World New Approaches for Chief Security Officers

IBM Software Top tips for securing big data environments

A HELPING HAND TO PROTECT YOUR REPUTATION

Cloud security architecture

Executive Suite Series A Prolexic White Paper

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

EXECUTIVE BRIEF PON SPON. The Cloud Application Explosion. Published April An Osterman Research Executive Brief. sponsored by.

Securing NoSQL Clusters

I. System Activities that Impact End User Privacy

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.


IBM Security Strategy

Transcription:

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence October 27, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time #ISSAWebConf

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Welcome Conference Moderator Hari Pendyala ISSA Fellow and Member, Chennai, Asia Pacific Chapter Web Conference Committee To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf 2

Speaker Introduction JC Cannon Founder, Assertive Privacy Jude Patrick Vice President Alliances, Venusgeo Solutions Ian Amit Vice President, ZeroFOX To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf 3

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence JC Cannon Founder, Assertive Privacy To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf 4

Overview Big Data collection is pervasive It can be used to improve society It helps keep us safe It keeps us entertained Big Data collection leads to abuses 5

Online Collection Online Advertising Companies 2013, 2014 revenue $42.8B, $49.5B Cross-device tracking includes interests, location, contacts Profiled based on friends and neighbors AOL, Google, Yahoo let you see interests Siri, Cortana, Google Now Sends your audio to the cloud Shares the audio with third parties Remedies Opt-out of behavioral advertising Use private browsing and a VPN 6

Cloud Storage Still too many unencrypted wireless connections Apple icloud breach Snapchat lets you pay for disappeared snaps Using a cloud service requires a lot of trust Remedies Use a public VPN to ensure an encrypted connection Understand what is going to the cloud and manage it Use Cloud Security Alliance to evaluate services 7

Facial Recognition ChurchIx.com Professor Aquisti of CMU identified students with 35% accuracy Facebook and Google have 90%+ accuracy Government tracking using FR 30 churches tracking attendance using FR Remedies Opt out of the usage of facial recognition Wear a big hat and glasses 8

Body Cameras Drivers shown drunken and vomiting Protestor privacy Police videos withheld and edited No more topless French sunbathers Remedies Create new laws Behave in public 9

Online Reputation Bullying and trolling Revenge porn Online shaming Cecil the Lion costume Dog poo girl Remedies Reread before hitting send Monitor posts about you Have PR manage your brand 10

Government Surveillance OPM data breach scandal Seattle cellphone tracking NSA shared sensitive photos from surveillance CHIP shared sensitive photos from traffic stops EU Safe Harbor has been invalidated Remedies Institute a Consumer Privacy Bill of Rights 11

Conclusion Big Data can do amazing things for society In the wrong hands Big Data can be destructive Monitor your online existence Work to mitigate online risks 12

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Thank you! 13

Question and Answer JC Cannon Founder, Assertive Privacy To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf 14

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Thank you JC Cannon Founder, Assertive Privacy 15

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Jude Patrick Vice President Alliances, Venusgeo Solutions To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf 16

BIGDATA Technology to handle Large complex Datasets Technology to handle Disks Speed and Size 17

BIGDATA Security Challenges 1. MapReduce - Secure computations in distributed programming frameworks 2. NoSQL - Security best practices for non-relational data stores 3. AST - Secure data storage and transactions logs 4. End-point input validation/filtering 5. Real-time security/compliance monitoring 6. Scalable and composable privacy-preserving data mining and analytics 7. ABE - Cryptographically enforced access control and secure communication 8. Granular access control 9. Granular audits 10. Data provenance 18

Security Considerations 1. Identify data and its associated security/privacy requirements Prevent sensitive data when its not required, don t store it 2. Infrastructure configuration management tool is required to manage the clusters Puppet or Chef 3. Nodes and Request validation Authentication Authorization 4. Secure the underlying OS Process Hardening 5. Use of transmission level security SSL / TLS to authenticate and ensure privacy of communications between cluster nodes 19

Security Considerations(Continued) 6. Have a Check Point Implement a check point at the node level to block access to users/ips as required for client communication directly with the resource managers 7. Secure SQL-Injection HiveQL includes many operators, functions and expressions commonly abused by SQL by injection attacks Count Union Distinct Wait For Sub Queries Expression joined by OR in a WHERE clause Comparisons between two constants Protecting HiveQL Injection Accountability (user developed functions, views, logic) Security reviews of MapReduce/HiveQL applications Revoke access where possible 20

ELK Security Architecture 21

HDFS Security Architecture 22

NoSQL Security Architecture 23

End to End Architecture 24

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Thank you! 25

Question and Answer Jude Partick Vice President Alliances, Venusgeo Solutions To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf 26

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Thank you Jude Patrick Vice President Alliances, Venusgeo Solutions 27

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Ian Amit Vice President, ZeroFOX To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf 28

Threat Intelligence where is my magic button?! They promised us hoverboards, at least deliver on magical threat intelligence! 29

Threat Intelligence where is my magic button?! They promised us hoverboards, at least deliver on magical threat intelligence! Throwing lots of general threat data into big data gets us great general signatures (IOCs). But is that what we asked for need? 30

Threat Intelligence where is my magic button?! They promised us hoverboards, at least deliver on magical threat intelligence! Throwing lots of general threat data into big data gets us great general signatures (IOCs). But is that what we asked for need? Let s talk about what is it we should be looking for as part of Threat Intelligence before buying all the feeds 31

Threat Intelligence? Start with Threat Modeling 32

Threat Intelligence? Start with Threat Modeling Controls Assets Threats 33

Threat Intelligence? Start with Threat Modeling Controls Assets Threats 34

What s in a threat? Actor Community Industry Vertical Geography Culture Organization People (employees, executives) 3 rd parties 35

What s in a threat? Actor Community Industry Vertical Geography Culture Organization People (employees, executives) 3 rd parties 36

What s in a threat? Actor Community Industry Vertical Geography Culture Organization People (employees, executives) 3 rd parties Big Data 37

Turning Data into Intelligence: Context! Big Data Controls Assets Threats 38

Turning Data into Intelligence: Context! Big Data Controls Assets Threats 39

What do I really do with this Threat Intelligence? Update your signatures/blacklists? NO! Adjust your controls based on the threats and their access/affect on your assets Controls Assets Threats 40

And close the loop 41

A note on privacy It doesn t really exist. 42

A note on privacy It doesn t really exist. Not really. Unless 43

A note on privacy It doesn t really exist. Not really. Unless Correlating a lot of small (seemingly irrelevant) pieces of data in context Intelligence 44

A note on privacy It doesn t really exist. Not really. Unless Correlating a lot of small (seemingly irrelevant) pieces of data in context Intelligence Intelligence!= Privacy 45

Trust? Reputation? How do you determine? 46

Trust? Reputation? How do you determine? My online reputation On Facebook On Twitter On LinkedIn Etc 47

Trust? Reputation? How do you determine? My online reputation On Facebook On Twitter On LinkedIn Etc Do you trust me? 48

Privacy, Trust, Reputation Control Controlling what I opt to put out there How is my organization perceived online What s out there that s out of my immediate control? What is the risk of 3 rd party losing my data? (Experian ) 49

Privacy, Trust, Reputation Control Controlling what I opt to put out there How is my organization perceived online What s out there that s out of my immediate control? What is the risk of 3 rd party losing my data? (Experian ) Back to threat modeling ;-) 50

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Thank you 51

Question and Answer Ian Amit Vice President, ZeroFOX @iiamit To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf 52

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Thank you Ian Amit Vice President, ZeroFOX @iiamit 53

Open Panel with Audience Q&A JC Cannon Founder, Assertive Privacy Jude Patrick Vice President Alliences, Venusgeo Solutions Ian Amit Vice President, ZeroFOX #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. 54

Closing Remarks Thank you Citrix for donating the Webcast service 55

CPE Credit Within 24 hours of the conclusion of this webcast, you will receive a link via email to a post Web Conference quiz. After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits. On-Demand Viewers Quiz Link: http://www.surveygizmo.com/s3/2408212/issa-web- Conference-October-27-2015-Big-Data-Trust-and- Reputation-Privacy-Cyber-Threat-Intelligence #ISSAWebConf 56

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information