How Using Big Data in Security Helps (and Hurts) Us



Similar documents
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

Best Practices For Department Server and Enterprise System Checklist

Internet Security Priorities. Benenson Strategy Group and American Viewpoint December 20, 2013

INCIDENT RESPONSE CHECKLIST

Privacy Policy Last Updated September 10, 2015

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

Students KS2-3 Acceptable Use Policy

Omniglobe Solutions. Presents Omni-COLLABORATE

Washington State s Use of the IBM Data Governance Unified Process Best Practices

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Privacy Policy. This privacy policy describes how RiskJockey will use the information collected when you visit the RiskJockey website.

PRIVACY POLICY. I. Introduction. II. Information We Collect

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Defining, building, and making use cases work

1. Understanding Big Data

Bridging the gap between COTS tool alerting and raw data analysis

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

The Need for Intelligent Network Security: Adapting IPS for today s Threats

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

From Rivals to BFF: WAF & VA Unite OWASP The OWASP Foundation

Your Privacy Center. Online Privacy Statement. About the Information We Collect

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Intelligence Driven Security

Security Information Management (SIM)

Sample Employee Network and Internet Usage and Monitoring Policy

ThreatMetrix Persona DB Technical Brief

How To Protect Your Computer From Attack

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Norton Mobile Privacy Notice

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

Caldwell Community College and Technical Institute

DESTINATION MELBOURNE PRIVACY POLICY

Big Data and Security: At the Edge of Prediction

Software that provides secure access to technology, everywhere.

Strengthen security with intelligent identity and access management

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Introducing IBM s Advanced Threat Protection Platform

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Apache Hadoop Patterns of Use

Privacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction

Big Data. What is Big Data? Over the past years. Big Data. Big Data: Introduction and Applications

How To Use Big Data Effectively

CSIRT Introduction to Security Incident Handling

Big Data a threat or a chance?

Hosted Testing and Grading

TrustDefender Mobile Technical Brief

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Supplier Security Assessment Questionnaire

Table of Contents. Page 2/13

Matt Erickson Economist American Farm Bureau Federation March 5, 2014

Central Agency for Information Technology

Using Dynamic DNS for CamTron s Video Server and IP Camera

This procedure is associated with BCIT policy 6700, Freedom of Information and Protection of Privacy.

ACI Response to FFIEC Guidance

See Criminal Internet Communication as it Happens.

JHSPH Acceptable Use Policy

Advanced Diagnostics Limited ( We ) are committed to protecting and respecting your privacy.

Compliance Guide: PCI DSS

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Big Data in Telecom value chain. Presented by: Gurjot S Sandhu Director Sales Xalted Information Systems Pvt. Ltd.

plantemoran.com What School Personnel Administrators Need to know

Office 365 Adoption & Risk Report

Information Collected. Type of Information Collected. We may collect two general types of information when you use the Site:

Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats?

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

ZOOMIN.TV PRIVACY POLICY Last updated: 5 August 2014

Security Business Intelligence Big Data for Faster Detection/Response

We may collect the following types of information during your visit on our Site:

RSA Security Analytics

Understanding and Managing PCI DSS

Enabling Security Operations with RSA envision. August, 2009

IBM Software Top tips for securing big data environments

McAfee Network Security Platform

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

CSC590: Selected Topics BIG DATA & DATA MINING. Lecture 2 Feb 12, 2014 Dr. Esam A. Alwagait

Beyond Watson: The Business Implications of Big Data

Statistical Challenges with Big Data in Management Science

The SMB Cyber Security Survival Guide

Application Defined E2E Security for Network Slices. Linda Dunbar Diego Lopez

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Transcription:

How Using Big Data in Security Helps (and Hurts) Us Kerry Matre, CIPP/US

What is your role? 2

$300 Billion 3

What do insiders look like? 4

Basic insider threat monitoring Block IPs Signature based monitors Malicious packets User privileges Bad guys know these types of controls and can get around them 5

What else can we do? Employ big data 6

Big data and data enhanced security Volume Large amounts of data Velocity Need to be analyzed quickly Variety Different types of structured and unstructured data UNSTRUCTURED DATA Emails and files Social media and chat sessions Websites and audio or video STRUCTURED DATA FW, IDS/IPS, and others Identity and access management Applications 7

Behavioral analytics ID creation After hours access High volume Failed logins Email monitoring to/from Attachments Social media sentiment 8

Edward Snowden - NSA High-risk user Contractor, new employee Excessive access Negative sentiment Downloading sensitive documents 9

Data Fusion The more perspectives of an object creates a moretrue view of the object 10

Identity profiling Email address Email address Cell Phone IP address Cell Phone IP address Me(2) Address Cell Phone Business Phone Me(3) Children Facebook ID Children Facebook ID Mac Address Database login Me Email address Mac Address EMR login IP address Mac Address LinkedIn ID Badge 11

Amazon does it, so why can t we? Profiling You might also like Predictive shipping Work habits Health habits Fraud habits 12

Who gets to decide? 13

Just because you can, doesn t mean you should

Just because you can, doesn t mean you should Focus on the reasons for employing big data / data enhanced security Risk reduction Cost reduction breach identification and notification But remember to investigate the privacy impact Employees Customers Business 15

Big data strategy checklist Business People Process Technology Mission General General General Accountability Sponsorship Relationship Deliverables Vendor engagement Facilities Training Certifications Experience Skill assessments Career path Leadership Operational processes Analytical processes Business processes Technology processes Architecture Data collection Monitoring Correlation 16

Answer the Why? The How? and the Then What? People Process Technology Organizational structure best practices and training Limit data access Monitor those who monitor the data Decide corporate identity, get executive sponsorship Policy creation and enforcement Organizational metrics for accountability Determine collection sources and confirm the usage is consistent Understand vendor relationships and their rights to the data A > B > C 17

Have a Big Data strategy! 18

Thank you kerry.matre@hp.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information