Security Analytics in Big Data Alexandre F Moraes, CISSP Solutions Architect Manager Latin America HP Enterprise Security afmoraes@hp.com 1 Copyright Copyright 2013 2013 Hewlett-Packard Development Company, Company, L.P. L.P. The information The information contained contained herein herein is subject is subject to change to change without without notice. notice.
HP Enterprise Collect Consolidate Correlate Security SaaS Hybrid Cloud Finance PaaS APP IaaS Public Cloud Division A Division A Private Cloud Division B - Vulnerability Awareness - Vulnerability Scanning - Source Code Analysis - Software Security Assurance - Proactive Defense - Flexible Security-Zone Segmentation - Well-Known- and Zero-Day-Exploit Protection - Adaptive Network Defense - Visibility - Security-Information and Event Management System - Event Correlation - Context-Visibility 2
New! NGFW 1 3 5 7 CONSOLE 115200 N, 8, 1 10#0F STATUS CFast Card 2 4 6 HA 8 MGMT RESET ALERT POWER 12 80##F 1 3 5 7 9 11 13 15 17 19 12 CONSOLE 115200 N, 8, 1 STATUS 2 4 6 8 10 12 14 16 18 20 CFast Card HA 1 HA 2 MGMT ALERT 3 S1050F 500Mbps / 250Mbps (FW+AppID / FW+IPS) S3010F 1Gbps / 500Mbps (FW+AppID / FW+IPS) S8005F 5Gbps / 2.5Gbps (FW+AppID / FW+IPS) S8010F 10Gbps / 5Gbps (FW+AppID / FW+IPS) S3020F 2Gbps / 1Gbps (FW+AppID / FW+IPS) S8020F 20Gbps / 10 Gbps (FW+AppID / FW+IPS)
Accelerating innovation & time to value Burroughs IBM NEC Unisys Hitachi Product Configurator Mainframe Kilobytes Fijitsu Bull Claim Processing Payroll Sales tracking & Marketing Commissions Bills of Material SCM Costing ERP Database Manufacturing Projects CRM Quality Control HCM SAP Engineering HP MRM Inventory EMC Cost Management Cash Management Time and Expense Accounts Receivable Billing Activity Management Training Time & Attendance Data Warehousing Service Order Entry Joyent Client/Server Megabytes Rostering HCM Fixed Assets PLM Intacct DCC Saba CCC IntraLinks Adobe Microsoft Cornerstone ondemand Softscape Plex Systems ebay Quickbooks NetSuite OpSource Hosting.com Tata Communications Datapipe PPM NetDocuments Microsoft Corel Saba Softscape Volusion Google Ariba Alterian ADP VirtualEdge Kenexa OpenText Workscape Yahoo Quadrem Xerox SugarCRM FinancialForce.com Avid NetReach Zoho Serif Yahoo! CyberShift Sage Sonar6 Hyland Music Qvidian kaggle SuperCam SLI Systems Elemica SCM Kinaxis Xactly CyberShift SmugMug ihandy The Internet Gigabytes NetSuite Exact Online PaperHost Sonar6 Facebook Fring Rackspace SolidFire Snapfish GoGrid Atlassian Paint.NET Amazon DocuSign Dragon Diction buzzd Cookie Doodle Ah! Fasion Girl Hootsuite Renren Education Flickr UPS Mobile salesforce.com Bromium Scanner Pro Foursquare nebula Zynga ischedule Pandora Khan Academy BrainPOP MobileFrame.com myhomework Toggl Xing MailChimp Amazon Web Services LimeLight News LinkedIn Workday Navigation SuccessFactors Associatedcontent MobilieIron Twitter AppFog PingMe cloudability CloudSigma HP eprint RightScale Fed Ex Mobile SmugMug YouTube Business Amazon Utilities Scribd. Zillabyte Reference Games Productivity TripIt Twitter Atlassian Baidu Atlassian Tumblr. New Relic Urban Parse Yandex Finance Workbrain Yandex Mozy Zynga Entertainment Jive Software Qzone Travel box.net Mixi Heroku CYworld BeyondCore Taleo Lifestyle Splunk ScaleXtreme Pinterest Sport Mobile, Social, Big Data & The Cloud Zettabytes Photo & Video Yammer Answers.com Viber Social Networking dotcloud PingMe Every 60 seconds 98,000+ tweets 695,000 status updates 11million instant messages 698,445 Google searches 168 million+ emails sent 1,820TB of data created 217 new mobile web users Yottabytes 4
Big Data Walmart : 1 Million of Transactions per Hour: 2.56 Terabytes / day Facebook: 50 Billions of pictures in the database 50 % of the data is non structured: video, images, audio... 5
Big Data landscape Annual Growth ~100% Machine Data 90% of Information Human Information ~10% Business Data 10% of Information
Business challenge Opportunities lost Competitive advantage in the digital universe in 2012 Massive amounts of useful data are getting lost % of data that would be potentially useful IF tagged and analyzed 23% 3% % actually being tagged for Big Data Value (will grow to 33% by 2020) ¹Source: IDC The Digital Universe in 2020, December 2012 0.5% % of the Digital Universe that actually is being tagged and analyzed
Technology challenge Legacy techniques have fallen short. Stale technologies Talent shortage 86% of corporations cannot deliver the right information, at the right time to support enterprise outcomes all of the time³ ³Source: Coleman Parkes Survey Nov 2012 IT frustration Lack of insight
HAVEn the #1 Big Data platform HAVEn Hadoop / HDFS Scale Autonom y IDOL Source Vertic a Speed Enterpris e Security Secure n Apps Powering HP Software + your apps Transactional Social media Video Audio Email Texts Mobile data Documents IT/OT Search engine Images hp.com/haven
Proactive Protection - Security Analytics Turning events & logs into actionable intelligence Powered by HP HAVEn Harness the power of ArcSight SIEM and Vertica Analytics Reduce false positives Minimize impact of security breach Transform security from defense to proactive protection Hadoop Autonomy Vertica Enterprise Security n-apps 10
Business Weather Org structure TX data Threat feeds Security Log s App2 App 3 App1 Vertica ArcSight ESM 11 Intelligence Events + context + analytics
ArcSight Security Alert Spikes in logins: Johnp 12
13
Invoke Vertica with event context Right click Integration command 14
Login by Site 10000 8000 6000 4000 2000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Login by Role 10000 8000 6000 4000 2000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 15
Proactive Protection - Security Analytics Detecting Information Leakage Powered by HP HAVEn Harness the power of ArcSight SIEM and Autonomy IDOL Distill meaning and make decisions based on it, not just match keywords or tags judge events based on their context Hadoop Autonomy Vertica Enterprise Security n-apps 16
Sample Usecase: Detecting Information Leakage 1 3 IDOL ESM 5 2 1. Data access (file, email) 2. Event sent to ESM 3. Query sent to IDOL 4. Context sent to ESM 5. Rules fired 4 17
Sample Usecase: Information at Risk 1 3 IDOL ESM 5 2 1. Attack target 2. Events sent to ESM 3. Query sent to IDOL 4. Context sent to ESM 5. See next slide 4 18
Sample Usecase: Data under Attack (cont ) Information Store Information Store Information @ Risk Patents 19
Sample Usecase: Threat Monitoring through Sentiment Analysis Intelligence has a long history of providing pivotal information to decisionmakers Monitoring the spiraling amount of user generated content on the internet (social media) and analyze it for sentiment 20
Sample Usecase: Threat Monitoring through Sentiment Analysis 21
hp.com/haven Develop Operate Monetize HAVEn Secure Govern 22