TIBCO Cyber Security Platform. Atif Chaughtai



Similar documents
Log Management Solution for IT Big Data

Integration Maturity Model Capability #1: Connectivity How improving integration supplies greater agility, cost savings, and revenue opportunity

whitepaper The Evolutionary Steps to Master Data Management

Predictive Straight- Through Processing

whitepaper Five Principles for Integrating Software as a Service Applications

Integration Maturity Model Capability #5: Infrastructure and Operations

Service-Oriented Integration: Managed File Transfer within an SOA (Service- Oriented Architecture)

SOLUTION BRIEF. How to Centralize Your Logs with Logging as a Service: Solving Logging Challenges in the Face of Big Data

End-to-end Processing with TIBCO Managed File Transfer (MFT) Improving Performance and Security during Internet File Transfer

Predictive Cyber Defense A Strategic Thought Paper

Streaming Analytics and the Internet of Things: Transportation and Logistics

Service Mediation. The Role of an Enterprise Service Bus in an SOA

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

SOLUTION BRIEF. An ArcSight Management Solution

SOLUTION BRIEF. TIBCO LogLogic A Splunk Management Solution

TIBCO Nimbus Cloud Service

Partner Collaboration Blueprint for ICD-10 Transition

TIBCO Managed File Transfer Suite

Extending the Benefits of SOA beyond the Enterprise

Automating the Back Office. How BPM can help improve productivity in the back office

WHITEPAPER. Beyond Infrastructure Virtualization Platform Virtualization, PaaS and DevOps

Predictive Customer Interaction Management

SANS Top 20 Critical Controls for Effective Cyber Defense

TIBCO StreamBase High Availability Deploy Mission-Critical TIBCO StreamBase Applications in a Fault Tolerant Configuration

Implementing TIBCO Nimbus with Microsoft SharePoint

SOLUTION BRIEF. TIBCO StreamBase for Algorithmic Trading

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

TIBCO Foresight Transaction Insight

Predictive Customer Interaction Management for Insurance Companies

Dynamic Claims Processing

TIBCO Live Datamart: Push-Based Real-Time Analytics

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

Resource Sizing: Spotfire for AWS

Introduction to TIBCO MDM

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation

How To Manage Log Management

How To Buy Nitro Security

TIBCO AT-A-GLANCE COMPANY OVERVIEW: CORPORATE EXECUTIVES: CUSTOMERS VERTICALLY DIVERSIFIED: CUSTOMERS GLOBALLY DIVERSIFIED: AREAS OF MARKET FOCUS:

Integration: Why Good Enough Doesn t Cut It 13 ways to mess with success

Empowering the Masses with Analytics

A Technical Review of TIBCO Patterns Search

whitepaper Predictive Analytics with TIBCO Spotfire and TIBCO Enterprise Runtime for R

The Cyber Threat Profiler

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Transaction Modernization Solutions for Healthcare

TIBCO ActiveSpaces Use Cases How in-memory computing supercharges your infrastructure

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Predictive Analytics with TIBCO Spotfire and TIBCO Enterprise Runtime for R

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Combating Fraud, Waste, and Abuse in Healthcare

Teradata and Protegrity High-Value Protection for High-Value Data

Using SIEM for Real- Time Threat Detection

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Changing the Enterprise Security Landscape

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

Network Security Monitoring: Looking Beyond the Network

How To Make Data Streaming A Real Time Intelligence

CyberArk Privileged Threat Analytics. Solution Brief

QRadar SIEM and FireEye MPS Integration

Eight Essential Elements for Effective Threat Intelligence Management May 2015

SOLUTION BRIEF. TIBCO StreamBase for Foreign Exchange

Redefining Incident Response

Whitepaper. Advanced Threat Hunting with Carbon Black

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

A Primer on Cyber Threat Intelligence

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

I. TODAY S UTILITY INFRASTRUCTURE vs. FUTURE USE CASES...1 II. MARKET & PLATFORM REQUIREMENTS...2

The Hillstone and Trend Micro Joint Solution

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Splunk Company Overview

Endpoint Threat Detection without the Pain

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

ForeScout CounterACT Edge

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Virtualization Essentials

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

The Case for Business Process Management

THE EVOLUTION OF SIEM

Operations Management for Virtual and Cloud Infrastructures: A Best Practices Guide

How to Navigate Big Data with Ad Hoc Visual Data Discovery Data technologies are rapidly changing, but principles of 30 years ago still apply today

Concierge SIEM Reporting Overview

Transcription:

TIBCO Cyber Security Platform Atif Chaughtai

2 TABLE OF CONTENTS 1 Introduction/Background... 3 2 Current Challenges... 3 3 Solution...4 4 CONCLUSION...6 5 A Case in Point: The US Intelligence Community...7

3 Introduction/Background A little bit of the right information, just a little bit beforehand- whether it is a couple of seconds, minutes or hours- is more valuable than all the information in the world six months later... - Vivek Ranadive, Founder & CEO A little bit of the right information, just a little bit beforehand whether it is a couple of seconds, minutes or hours is more valuable than all of the information in the world six months later.. That is the 2-second advantage vision as described by our founder and CEO, Vivek Ranadive. One of the areas where it is most applicable is in the arena of Cyber Security. In most large organizations, there is an average of 40-50 security devices such as Firewall, IPS, IDS, etc providing perimeter defense. These devices are very good at what they do but are operating in silos creating disparate security alerts. In the case of a Cyber Threat, it is up to a human to piece together these alerts to identify a true threat. TIBCO applies the concept of the 2-second advantage to this challenge to provide a real-time multi-factor event correlation and prediction platform that is content and context aware. Current Challenges According to Gartner, a medium size organization consists of 750 employees. On average, a medium size organization collectively generates 20,000 security events per second. Over eight hours, this comes out to 576,000,000 events. If we are to take a 300 byte average size for each event, this amounts to 172.8 GB of data over eight hours that needs to be collected, moved and analyzed. This is an alarming fact and the amount of these alerts will only grow as users consume and produce more and more data. This shear amount of data along with the perimeter defense approach of point security devices used to protect the corporate digital assets creates several other challenges: Compliance: Unable to conduct real-time compliance analysis Large Data Volumes: How long does it take you to figure that some sensitive data was stolen or accessed wrongly? Enterprise Security: How do you balance the security concerns with usability concerns of your customers? Identity Fraud: How and when do you know when a trusted user goes rogue? Data Loss: How do you prove to your customers that they can trust you with their sensitive data? Cyber Attacks: How do you implement real time offensive/defensive mechanisms when a cyber attack occurs?

4 One key problem is that the current perimeter defense approach using point solutions offers no central point for Correlation and Analysis! The result is that the information is in disparate point systems. It is typically left up to a human to piece it together (correlate) and determine if it is a threat, determine how to react, and then to actually take the action. This manual task is slow and prone to errors. In some cases, customers have deployed Security Information and Event Management (SIEM) tools to collect these events from log files and use SIEM as the central point for correlation and analysis. However, the challenges with SIEM tools are that: a) The information is too much to process (Big Data) b) these tools create too many security alerts - Human s have to investigate these alerts & determine if it is a true threat. Most often these alerts turn out to be false positives and waste human resources - again slow and error prone. This is especially true when compared to the time frames and automated level of most attacks. The attackers are faster, more nimble, and more automated; they are relying on exploits (computer programs) to identify weaknesses from a rich library of exploits. There is no Hollywood version of an attacker sitting in front of screens typing faster than your security professionals; it is in real time and dynamic. TIBCO provides the same mechanism for fighting back: correlated; real time; dynamic; and capable of dealing with the data volumes of the 21st Century. Solution TIBCO leverages its patented real time integration technology to relevant data sources, such as sensors, applications, LAC s/pac s etc. to feed that information to the TIBCO Cyber Security Platform to provide comprehensive protection. The TIBCO Cyber Security Platform is a multi factor event collection, enrichment and prediction platform that is Content and Context Aware. All of this is done in realtime, in-memory, is automated, and scalable. Using our real-time event enabled adapters to applications, we are able to correlate information across applications and security sensors to provide deeper contextual and content awareness. These adapters are integrated at the API level and are able to pick up state changes at the events level before a transaction is committed. A transaction is typically comprised of several steps (events). All of

5 these events are transported on our secure, reliable and scalable information bus. This approach has a clear advantage over just reading log files which capture information after the fact. This deeper contextual knowledge allows us to automatically enrich security events and reduce false positives. One of the additional key features of the platform is its in-memory capability. We are able to model and keep knowledge of the asset behavior based life cycle in memory and are able to do complex multi factor event correlation in real time. We call this enrichment of raw events with Content and Context. This event based analysis allows us to deliver the vision of the 2-Second Advantage in Cyber Security. For-example: Typical Event Correlation Rule: An abnormal number of activities are being conducted on a sensitive application by a privileged user. Content Rule: (TIBCO added value) Privileged user is not an Administrator and is updating historical records in the sensitive application. Context Rule: (TIBCO added value) Privileged user has badged out for the day Raise Critical Alert Additionally, our advanced in memory capabilities, in conjunction with our ability to provide continuous queries and firing of rules as new events take place, provides a solution to the increasing amounts of data. This is very different from SQL and log based solutions where query times increase dramatically as the amount of information increases. If there is one thing that is definite, data volumes are going to continue to increase. The TIBCO Cyber Security Platform enables fast response, taking into account changing business conditions and new Cyber threats to provide effective real time cyber security This is known as the TIBCO Two-Second Advantage.

6 Conclusion: Cyber Security is the biggest challenge of our decade and you need a 21st century technology and approach to address this challenge. TIBCO Cyber Security Platform leverages 21st century technology to provide a real time, in-memory, scalable and automated platform. TIBCO knows correlation of log files is just not enough to have confidence in the cyber surveillance. With TIBCO Cyber Security Platform you can now: Get a big picture of the attack in real time: the actors, the asset, time, content & context Sense malicious actors and automatically refine evidence Reject requests that do not fit the profile of good behavior Focus efforts on true threats filter out low priority noise Provide Interoperability - Get a backbone able to move the data quickly & reliably Using these techniques, we help organizations such as yours to: meet the challenge of real time compliance help deal with identity fraud handle large amounts of data for real time analysis provide enterprise security including insider threats automate reaction to cyber attacks in real time.

A Case in Point: The US Intelligence Community Spent 2+ years evaluating solutions before deciding on TIBCO Standardized on TIBCO technology for all internal organizational messaging Standardized on TIBCO messaging technology for Cyber Security - Einstein 3 DHS is tasked with deploying the Einstein 3/TIBCO to protect the.gov domain TIBCO Software Inc. (NASDAQ: TIBX) is a provider of infrastructure software for companies to use on- premise or as part of cloud computing environments. Whether it s optimizing claims, processing trades, cross-selling products based on real-time customer behavior, or averting a crisis before it happens, TIBCO provides companies the two-second advantage TM the ability to capture the right information at the right time and act on it preemptively for a competitive advantage. More than 4,000 customers worldwide rely on TIBCO to manage information, decisions, processes and applications in real time. Learn more at www.tibco.com. Global Headquarters 3307 Hillview Avenue Palo Alto, CA 94304 Tel: +1 650-846-1000 +1 800-420-8450 Fax: +1 650-846-1005 www.tibco.com 2012 TIBCO, TIBCO Software, and The Two-Second Advantage are trademarks or registered trademarks of TIBCO Software Inc. and its subsidiaries in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information