BigData and (in)security Considerations

Similar documents
BigData and (in)security Considerations

The Power of the Platform

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Innovations in Network Security

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Injazat s Managed Services Portfolio

How To Protect Your Data From Being Hacked

Advantages of Managed Security Services

Unified Threat Management, Managed Security, and the Cloud Services Model

Networking for Caribbean Development

Deploying Firewalls Throughout Your Organization

Managed Security Services for Data

Tenzing Security Services and Best Practices

Securing the Small Business Network. Keeping up with the changing threat landscape

Firewall and UTM Solutions Guide

Payment Card Industry Data Security Standard

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

PART D NETWORK SERVICES

DDoS Overview and Incident Response Guide. July 2014

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Solution Brief. Secure and Assured Networking for Financial Services

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Protect Your Enterprise With the Leader in Secure Boundary Services

Internet Content Provider Safeguards Customer Networks and Services

Readiness Assessments: Vital to Secure Mobility

Unified Security, ATP and more

Zscaler Internet Security Frequently Asked Questions

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

The Cisco ASA 5500 as a Superior Firewall Solution

IBM Global Technology Services Preemptive security products and services

Putting Web Threat Protection and Content Filtering in the Cloud

Secure networks are crucial for IT systems and their

IBM Internet Security Systems products and services

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

V1.4. Spambrella Continuity SaaS. August 2

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

At dincloud, Cloud Security is Job #1

Cisco Security Optimization Service

State of Texas. TEX-AN Next Generation. NNI Plan

AT&T Real-Time Network Security Overview

Clean VPN Approach to Secure Remote Access for the SMB

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

Cisco Security Intelligence Operations

F5 and Oracle Database Solution Guide. Solutions to optimize the network for database operations, replication, scalability, and security

Advantages of Managed Security Services

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

Securing the Mobile Enterprise with Network-Based Security and Cloud Computing

Chapter 9 Firewalls and Intrusion Prevention Systems

BlackRidge Technology Transport Access Control: Overview

Enterprise Buyer Guide

StratusLIVE for Fundraisers Cloud Operations

Firewall Testing Methodology W H I T E P A P E R

:: Protecting your infrastructure ::

Recommended IP Telephony Architecture

How To Protect Your Network From Attack From A Network Security Threat

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Cisco Small Business ISA500 Series Integrated Security Appliances

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

ZSCALER SECURITY CLOUD FOR LARGE AND MEDIUM ENTERPRISE

74% 96 Action Items. Compliance

CLOUD GUARD UNIFIED ENTERPRISE

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

e2e Secure Cloud Connect Service - Service Definition Document

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

anomaly, thus reported to our central servers.

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Clean VPN Approach to Secure Remote Access

Cisco IOS Advanced Firewall

Cisco ASA 5500 Series IPS Solution

Threat-Centric Security for Service Providers

Achieving PCI-Compliance through Cyberoam

How To Understand Your Potential Customer Opportunity Profile (Cop) From A Profit Share To A Profit Profit (For A Profit)

1110 Cool Things Your Firewall Should Do. Extending beyond blocking network threats to protect, manage and control application traffic

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

How To Secure A Remote Worker Network

Internet threats: steps to security for your small business

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Analyzing HTTP/HTTPS Traffic Logs

NASCIO 2015 State IT Recognition Awards

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Klickstart Business Solutions & Services

Top tips for improved network security

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

KeyLock Solutions Security and Privacy Protection Practices

Stop DDoS Attacks in Minutes

CMPT 471 Networking II

Cisco IWAN and Akamai Intelligent Platform : Maximize Your WAN Investment

Secure, Scalable and Reliable Cloud Analytics from FusionOps

10 Smart Ideas for. Keeping Data Safe. From Hackers

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Transcription:

BigData and (in)security Considerations

Technology Trends Reshaping Business Cloud Computing Amazing Applications That Change Our World Fast, Widespread Wireless/Wireline IP Networks Powerful Mobile Computing Devices Most Organizations are reengineering the way they do business. 2

Government/Education Interactions Finance Communities Compliance Communities Demand Communities Compliance Payment & Settlement Fulfillment Revenue Logistics Service Providers Brokers Carriers Suppliers/ Distributors Banks & Credit Escrow/ Endowments Agents Student Finance Regulatory Authorities Government Authorities Industry Standards Organizations Retailers Consumers Parents/ Students Constituents Education Distributors, Vendors Partners IT/Software IT Standards Community Financial Investment Management Industry/Education/ Government Organizations Your Organization Marketing Legal Security Logistics & Facilities Communities

Technology Diversity Security Managed Hosting Utility Computing Replication & Storage Computing Power On Demand Application Platform On Demand Global Geographic Diversity Smartphone & Laptop Back-up Domestic Geographic Diversity Virtual Cloud Private Cloud Collocation 4 Cloud & Hosting Services

Security Security Vendor and Partner Choices Application Hosting & Pro Services Application Hosting & Pro Services Application Hosting & Pro Services Application Hosting & Pro Services Business Application Mobilization Middleware Software as a Service Enablement Application Management Video Management ecommerce Application Hosting & Pro Services WebSphere Hosting & Services Application Management Content Delivery Network Digital Signage Content Acceleration Application Services 5

Access and Communications Choices Security Remote Access Domestic MPLS Global MPLS Web & Audio Conferencing Unified Communications Wireless WAN Telepresence Legacy Data Networking Web & Email Security Integrated Voice & Data Internet Access Local & Long Distance Network Sourcing Firewall, Bandwidth, & Mobile Security as a Service 6 Network Services

Mobility Explosion Security Mobile Device Management Mobile Messaging Global Mobile Compatibility Simultaneous Voice & Data Business Applications Mobile Commerce Mobile Resource Management $ Mobile Productivity Solutions Tablets Machine-to-Machine Laptops & Netbooks SmartPhones Legacy Cell Phones Global Wi-Fi Access Fixed Mobile Convergence 7 Mobility Services

Mandates and More Security Custom Application Development Software Implementation, Enhancements & Upgrades ecommerce Strategy SAS 70 / SSAE 16 / ISAE 3402 PCI Regulatory Compliance GLB Sarbanes-Oxley ISO 27001/2 RFID Supply Chain Logistics WWWAN Architecture Assistance Assess Security Risk Of Evolving Application-based Mobile Technologies Systems Integration Data Warehouse Application Consulting Disaster Recovery Strategy Cloud & Hosting Consulting Unlock Your Applications Rise Above the Cloud Protecting Interests Your GovEd Organization Putting all of the Pieces Together Mobilize Everything Connect To Your World Mobility Consulting Telemetry Solution Development Network Consulting Network Architecture Assistance Firewall Assessments Customer Data Protection Cloud Strategy Application Acceleration Network Integration Custom Hardware Solutions 3 rd Party Mobile Apps Equipment Staging, Cabling, and Wiring Incident Response & Forensics Security Event Management

The threat Landscape is changing

Concerns are real not FUD Alaska Department of Health and Social Services the state Medicaid agency, has agreed to pay the U.S. Department of Health and Human Services (HHS) $1,700,000 to settle possible HIPAA violations. Alaska DHSS has also agreed to take corrective action to properly safeguard the electronic protected health information (ephi) of their Medicaid beneficiaries Utah Department of Health March 30, approximately 780,000 Medicaid patients & recipients of the Children's Health Insurance Plan had personal information stolen after a hacker from Eastern Europe accessed the Utah Department of Technology Service's server. South Carolina Department of Revenue Breach $25m and climbing. Employee opened a phishing email on a personal machine infected a thumb drive inserted thumb drive in DOR PC low and slow extraction of data from DOR data base SC DOR no longer allows employees to use state machines for personal use.. Can not access during lunch or after work.

Concerns are seen early by BigData BigData Advisory Cisco Security Advisory Cisco ASA5500 Series Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device. Protect Alert Increased scan sources on port 135/tcp Increase scanning on port 135/TCP. Port 135/TCP is commonly associated with epmap to manage services like Exchange, AD, DHCP, DNS and WINS. The current scanning activity appears to be an attempt to identify open DCE/RPC Locator Services to target vulnerable systems for malicious purposes. Several malware (Randex, Spybot, Sdbot and Ircbot) are know to use 135/tcp. 11

With BigData BigData Resources that benefit Gov/Ed Organizations: Extremely (elastic) Large Network Resources: Teams and Organizations with Expertise Full-time/part-time security professionals with training and credentials Benefit from real-time knowledge-base and tools Page 12

What BigData Sees/Monitors 46 72 petabytes of data traffic per day on average (peta = 1 million gigbytes) Wireless subscribers >156M not simply cell phones Hand-held computers BigData may have large Wi-Fi network view with hundreds of thousands of WiFi hotspots around world. BD may have more than one billion BILLIONS of devices connected to its network at any given time Billions of IP flows go through a BigData analysis DB per hour on average. 13

With BigData behind you: Correlation of your events with some of the largest threat intelligence databases in the world Proactive signatures Custom tools for early detection Resources for mitigation BigData offers a unique global view of traffic & threats that can not be replicated. 14

SCREEN SHOT - LAST NIGHT Page 15 2010 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.

Relative rank DDoS Defense Diversion Overview UDP port 2002 relative to other UDP traffic IP Network 1 10 100 1000 10000 2842 17 20 Date 9/10 9/11 9/12 9/13 9/14 9/15 9/16 5 2 2 8 # flows # packets # bytes 1. BigData Partner Detects DDoS attack BGP announcement 1.2.3.4/32 2. Activate Scrubbing Complex Scrubbing Complex 3. Withdraw routes to alternate ISP Targeted servers 1.2.3.4/24 16 Non-targeted servers

Relative rank DDoS Defense Diversion Overview UDP port 2002 relative to other UDP traffic Date IP Network 9/10 9/11 9/12 9/13 9/14 9/15 9/16 1 2 2 5 10 8 17 20 100 1000 2842 10000 # flows # packets # bytes 3. Divert only the Target s traffic to Scrubber 4. Scrubber Identifies and filters the malicious traffic Scrubbing Complex 6. Scrubbed Legitimate Traffic Flows back to targeted devices Targeted servers 1.2.3.4/24 17 Non-targeted servers

BigData BigData BigData

THREAT MANAGERS Service Support Model IDS Alarms Firewall Logs DLP Alarms Netflow Proxy Logs Server Alarms Internet Alarms DDOS Detection VPN Logs Honey Pots Real-Time Alerts & Alarms with Severity & Likely Source Monitoring Engines Correlation Engines Flow Analysis

Service Support Model / Flow IDS Alarms Firewall Logs DLP Alarms Netflow Proxy Logs Server Alarms Internet Alarms DDOS Detection VPN Logs Honey Pots Real-Time Alerts & Alarms with Severity & Likely Source Monitoring Engines Correlation Engines Flow Analysis Security Professionals Security Analysis (Profile/Anomaly Based) Global Network Security

Service Support Model / Flow IDS Alarms Firewall Logs DLP Alarms Netflow Proxy Logs Server Alarms Internet Alarms DDOS Detection VPN Logs Honey Pots Security Information Mitigation Plan Security Support Real-Time Alerts & Alarms with Severity & Likely Source Monitoring Engines Correlation Engines Flow Analysis Security Professionals Security Analysis (Profile/Anomaly Based) BigData Network Security GNOC

Security Event Threat Management System

BigData Security Solutions A Defense-in-Depth Approach: Many types of data share the same cable Application Data Traffic Business Applications FTP - File Transfer Telenet Data connections HTTP / HTTPS Web Browsers and Secure Web Pages SMTP E-Mail VPN Site-to-Site and Users IPSec NAT-T, SSL, etc. Token (hard or soft) Security Protecting different data different ways. E-Mail concerns are different then Denial of Service Concerns Data requirements and exposure can effect all parts of your organization. Protection where needed Defense-in-Depth approach to securely protect your business. Passing packets, or augmenting your team through services is Defense-in-Depth. Protection where you need it - when you need it. 24x7 Always on - always available BigData Network Operating Center and Security Solution teams - There when you need them. 23

Secure E-Mail Gateway (SEG) Protecting Against Inbound Threats, While Delivering Outbound Policy Enforcement, Disaster Recovery, and Archiving Of E-mail Data Put the Moat outside your business - Where it belongs BigData Network-based solution blocking spam, viruses, and other inbound e-mail malware threats with an additional layer of protection against loss of sensitive information and services. DLP Data Loss Protection PII Personal Identifiable Information Disaster Recovery Support for months with mail- bagging in the event of expected or unexpected e-mail downtime. access to these e-mails during outage Multi-layered e-mail filtering protection Encryption features to support your data loss prevention strategies 24

25

BigData Web Security URL Filtering, Company Policy Enforcement and Protection Stop New and Known Malware at the Internet Level Inbound / Outbound Real-Time Scanning across multiple, correlated detection technologies Zero-Day concerns dynamically identified by working with massive amounts of Web Data Processes Outbreak Intelligence using proprietary, proactive, heuristics technology Proactively identify threats, rapidly develop heuristics, and test these against real data. Ensuring accuracy, effectiveness and immediate protection. Anywhere+ - Same protection / enforcement for roaming assets (laptops) when away from office. Page 26

BigData = World Class Security Operations World Class Security NOC Physical Redundancy Documented Operational Security Procedures 24x7 monitoring and management State of the art systems that monitor and manage thousands of devices Systems that collect terabytes of data Correlate thousands of security events Top Notch Security Expertise CCNP, CCIE, GCIA, CISSP, MCSE, and Unix certified professionals Strong Security Skills Incident Handling and Intrusion Detection In depth understanding of TCP/IP Years of experience Lead in Industry Standards of Excellence AT&T Network Security GNOC Industry Thought Leaders 27

BigData offers A Defense-in-Depth: Approach to Security Security Consulting Security Event & Threat Analysis Network-Based Firewall Solutions Intrusion Detection and Intrusion Protection Solutions Email & / or Web Filtering Protection Internet BigView & DDoS Defense SOLUTION: Move the Moat Outside the Castle. Michael Light, Emerging Technologies Consultant Michael.Light@att.com 843.814.7935 2010 AT&T Intellectual Property. All rights reserved. AT&T Proprietary 28 (Internal Use Only) Page 28

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information