White Paper 1 Intelligence Driven Security Monitoring v.2.1.1
Overview In today s hypercompetitive business environment, companies have to make swift and decisive decisions. Making the right judgment call depends on having accurate, real-time data that is easily translated into actionable business intelligence. While Big Data can provide tremendous insight, organizations with traditional architectures and software cannot compute terabytes upon terabytes of data. It simply takes too long to get answers. To gain true insight into what s really happening in an environment, organizations need to be able to visualize data in a meaningful representation that can deliver maximum returns. This paper focuses on the application of Big Data and Visual Analytics from a security perspective: How to secure an organization and its customers information within the context of Big Data and how to use proprietary technologies to analyze, and even predict, security incidents. Big data fuels intelligence-driven security Traditional security systems collect data from firewalls, routers, servers, and other infrastructure components and present it in a raw format. It is difficult to extract useful information from unprocessed data, let alone mitigate threats based on it. As attackers get better at circumventing security systems, organizations need to revamp their approach in order to address today s complex security issues. By combining, analyzing, and visualizing data from a whole range of IT systems a security monitoring service can, for example, display a map showing where attacks originate, which websites have been targeted, and the current status of the user experience. Such information enables a better response in the event of a cyber attack. 1
The role of visual analytics: Data visualization is an increasingly important component of not only analytics, but also of security modeling. There are three main challenges to effective data visualization: Understanding data Before visualization can be leveraged for useful and sensible data analysis, special domain expertise is required to organize the data in a suitable context. Understanding where the data comes from, its intended audience, and how that audience will interpret it are all questions that need to be answered when analyzing data. Displaying meaningful results Visually depicting data in a graph for analysis can be meaningful, but becomes difficult when dealing with extremely large or varied data sets. Transforming granular groups of data into a visually meaningful representation first requires effectively clustering and parsing large datasets into higher-level, yet insightful views. Abnormalities Visualizing data in a graphical representation helps identify trends and abnormalities faster than using traditional tables and spreadsheets. In the context of security, abnormalities reveal previously unseen and potentially critical insights. However, when working with massive amounts of data, finding abnormalities is difficult. Solutions that can quickly spot and highlight abnormalities for further analysis are a must-have. Nexusguard Security Monitoring: Our Philosophy Nexusguard maintains a robust cyber-defense infrastructure that secures many of today s leading enterprises from advanced Internet threats. Our holistic, cloud-based security platform harnesses the power of Big Data, visualization, and analytics to deliver meaningful business and security intelligence. Real-time data allows business leaders to make sound decisions with validated, actionable information. 2
Nexusguard Business Pulse Monitoring Conversion rate optimization (CRO) provides significant opportunities for businesses of all sizes, particularly those that generate the lion s share of their revenues through online activities. Optimizing websites to convert more visitors into customers demands a scientific approach. Since the success of CRO is measured in the real world, incorrect or less than optimal business decisions can lead to substantial losses. Business Pulse Monitoring is designed to help organizations enhance their CRO efforts. PAGEVIEWS 20 Live Data IP Address Country City PLT(ms) URL 242.187.5.174 105ms http://blog./are-you-collateral-damage-in-ddos-warfare/ 230.217.178.241 83ms http://blog./are-you-collateral-damage-in-ddos-warfare/ 61.26.166.142 Japan Yokosuka 293ms http://blog./are-you-collateral-damage-in-ddos-warfare/ 223.73.46.215 China 221ms http://blog./are-you-collateral-damage-in-ddos-warfare/ 90.75.27.94 France 57ms http://blog./are-you-collateral-damage-in-ddos-warfare/ Business Pulse is a statistics and analysis module that presents web traffic demographics, business trends, and most importantly, a user-centric view of the web services experience. Using this baseline, Nexusguard correlates information to provide a benchmark comparison of how a company s web traffic is performing under security threats, and enables the formulation of more effective protection policies based on the most up-to-date IP reputation databases. For example: Variation in visitor latency will indicate a change in service performance. The number of page views or even the number of online users may increase dramatically during an application-flooding attack. Through data analyses and visual representations, Nexusguard Business Pulse shows business trends over time and constantly measures a website s status to detect even the slightest fluctuations in its health. Visitors accessing a website from a common region will be rated safer than those coming from a region with which a business rarely interacts. 3
Nexusguard Protection Monitoring The Nexusguard Protection Module provides a real-time visualization of attacks as they originate via a live heat map. At a glance, businesses can see the source of an attack down to the main IP address behind the top threats. Real-time information empowers businesses to make critical decisions to enhance their threat responses and mitigation strategies. Armed with actionable intelligence, managers are enabled to comply immediately with reporting mandates regarding security breaches. THREATS Threats Source IPs IP Address Country Threat 242.187.5.174 230.217.178.241 61.26.166.142 223.73.46.215 90.75.27.94 Japan China France 1,234 5,678 1,234 5,678 1,234 Incorporating data from Business Pulse, an enterprise can identify attack trends to better understand their potential impact, and ultimately devise strategies that lead to quicker response and recovery times. A breakdown of threats is available in the threat analysis view, allowing managers to quickly grasp the number of threats, their type, and even the name of each attack. Such information can be used as forensic evidence to support post-event investigations. PROTECTION TRENDS Total Requests/Threats Bandwidth 12 hours 1 Day 7 Days 30 Days 4
THREATS ANALYTICS DDoS 184,300 Web Application Attacks 2,157 SQL Injection 159 Documnet 214 XXS Script 360 SQL Blend Injection 1,005 Forced Search Engine Request 96 Others 77 Nexusguard Website Performance Monitoring Harnessing distributed content delivery and dynamic caching via a globally distributed network, Nexusguard enhances the performance and scalability of web services many times over. Through Website Performance Monitoring, business can clearly see how their content is distributed globally and the service level of each distribution. The amount of content offloaded to Nexusguard can also be quantified through the monitoring service, which keeps managers informed about user performance and the amount of resources saved by using the Nexusguard network. SCRUBBING CENTERS The five dots at each scrubbing centers corresponds to its status in the past five days. Mouse-over each dot for a more detailed description. 68,291 12,305 8,064 1,821 London Scrubbing Centers Status 8/30 8/31 9/01 9/02 9/03 5,814 754 Online Degradation Maintenance Offline System is operating at peak performance. Performance is slower than normal. While we tune-up, traffic will be re-routed elsewhere. DNS is not resolving, websites are offline. 5
Big Data doesn t have to be a big challenge The era of Big Data is here to stay. But Big Data is useful only if your organization can interpret it in a meaningful way. To do that requires more than just the capability to capture and store information. With its massive log collection and retention capabilities, Nexusguard s cloud-based Intelligence-Driven Security Monitoring service can provide the knowledge you need to make winning business and security decisions and gain a competitive edge. And that can make all the difference you need to succeed in today s hyper-competitive business world. 6
Twitter twitter.com/nexusguard Facebook facebook.com/nxg.pr LinkedIn Page linkedin.com/company/nexusguard contact@ 20150309-EN-US