Security Business Intelligence Big Data for Faster Detection/Response



Similar documents
IBM QRadar Security Intelligence April 2013

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

Can We Become Resilient to Cyber Attacks?

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Strengthen security with intelligent identity and access management

IBM Security IBM Corporation IBM Corporation

Intelligence Driven Security

Advanced Threat Protection with Dell SecureWorks Security Services

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Security Analytics for Smart Grid

How To Buy Nitro Security

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

IBM SECURITY QRADAR INCIDENT FORENSICS

Comprehensive real-time protection against Advanced Threats and data theft

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Security strategies to stay off the Børsen front page

Integrating MSS, SEP and NGFW to catch targeted APTs

How Shared Security Intelligence Can Better Stop Targeted Attacks

McAfee Security Architectures for the Public Sector

IBM Security X-Force Threat Intelligence

Find the needle in the security haystack

IBM Security QRadar SIEM Product Overview

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

The webinar will begin shortly

Unified Security, ATP and more

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Securing OS Legacy Systems Alexander Rau

Symantec Managed Security Services The Power To Protect

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Ecom Infotech. Page 1 of 6

The Role of Security Monitoring & SIEM in Risk Management

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Enabling Security Operations with RSA envision. August, 2009

ORACLE SOCIAL ENGAGEMENT AND MONITORING CLOUD SERVICE

Securing and protecting the organization s most sensitive data

Boosting enterprise security with integrated log management

Comprehensive Advanced Threat Defense

Using SIEM for Real- Time Threat Detection

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Rashmi Knowles Chief Security Architect EMEA

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

All about Threat Central

Preemptive security solutions for healthcare

Best Practices to Improve Breach Readiness

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

WHITE PAPER: THREAT INTELLIGENCE RANKING

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Hunting for the Undefined Threat: Advanced Analytics & Visualization

How To Manage Security On A Networked Computer System

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

What is Security Intelligence?

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Redefining SIEM to Real Time Security Intelligence

How To Create An Insight Analysis For Cyber Security

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

ORGANIZADOR: APOIANTE PRINCIPAL:

Cyber Security Metrics Dashboards & Analytics

Speed Up Incident Response with Actionable Forensic Analytics

Performing Advanced Incident Response Interactive Exercise

IBM Security Intelligence Strategy

Software that provides secure access to technology, everywhere.

McAfee Network Security Platform

Six Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study

SANS Top 20 Critical Controls for Effective Cyber Defense

Extreme Networks Security Analytics G2 Vulnerability Manager

Symantec Cyber Security Services: DeepSight Intelligence

Defending against Cyber Attacks

Caretower s SIEM Managed Security Services

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

The Business Case for Security Information Management

Detect & Investigate Threats. OVERVIEW

SPEAR PHISHING UNDERSTANDING THE THREAT

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

8 Steps to Holistic Database Security

SourceFireNext-Generation IPS

Best Practices for a BYOD World

End-user Security Analytics Strengthens Protection with ArcSight

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Advanced Threats: The New World Order

Q1 Labs Corporate Overview

Endpoint Security for DeltaV Systems

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

ALERT LOGIC FOR HIPAA COMPLIANCE

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

IBM Security QRadar Vulnerability Manager

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

ENABLING FAST RESPONSES THREAT MONITORING

Transcription:

Security Business Intelligence Big Data for Faster Detection/Response SESSION ID: STU-R02B Stacy Purcell Security Architect Intel/IT

Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. * Other names and brands may be claimed as the property of others. Copyright 2013, Intel Corporation. All rights reserved. 2

A taste. 10 min. FIVE HUNDRED IOCs 365 days TWO TRILLION EVENTS TODAY 1 day TWO HUNDRED BILLION EVENTS

Agenda History & Philosophy Architecture Big Data Fast Detection Use Cases Challenges & Next Steps

2001-2002 2008 2009 Nimda & Code Red Pani Incident Perspective Protect to Enable 2010 Operation Aurora 2011 Risk Disclosure 2012 Pani Case Former employee pleads guilty to stealing Intel documents April 9, 2012 Former Intel engineer Biswamohan Pani pleaded guilty Friday in U.S. Federal Court in Massachusetts to stealing Intel chip manufacturing and design documents shortly before he went to work for AMD in 2008.

Purpose Provide a set of detective controls and decision support systems to help balance the gaps in our preventative controls and enable new security controls to minimize the increasing risk to the enterprise. Types Of Cyber Events Analyzed Brute Force Login Attempts Identity And Personal Data Theft Denial Of Service Attacks Malicious Proxy Activity Server Anomalies Endpoint Malware Detection

Privacy Evolving from focusing on individual SBI use cases to focusing on entire SBI system, data lifecycle and governance model Established privacy controls framework that defined common requirements for system components and data sources Privacy plans established for specific use cases and SBI data sources Use limited to Cyber Security Threat Management & Incident Response New use cases and access must be approved by CSO/CPO and Chief Privacy & Security Legal Counsel Developing a tiered privacy control framework as SBI evolves

SBI Capability Stack Reporting Workflow Automation Advanced Analytics Real-time Correlation Custom Analytics (XDW) Common Logging Service (CLS)

SBI Suite of Capabilities Extraction & Load Data Warehouses SBI solutions Proxy DNS DHCP AD Mgmt. Platforms Security Sensor CLS XDW RSDW Operational Reports (Example: Malware Metrics) Dashboards Analytical reports Contextual Real-time Correlation Predictive Analytics Platform Advanced BI (Server Anomalies)

SBI 2013 Core Capability by the Numbers Real-Time Correlation Compute and Storage 316 cores ~80TB storage* Events 70M events/day 30 day rolling window 22 event sources * Storage numbers assume compression with 4X typical for CLS and 10X for RTC Reporting Real-time Correlation Workflow Automation Common Logging Service (CLS) Compute and Storage 236 cores ~3.5PB storage* Advanced Analytics Custom Analytics (XDW) Events 7 Billion events/day 2Trillion+ total events 1 year rolling window 23 event sources XDW/ Custom Analytics Compute and Storage 104 cores ~128TB storage* Events ~700M new events/day ~60M events scanned/hour 60-90 day rolling window 4 event sources plus 9 contextual sources

Scaling for Big Data Distilling large volumes of events to focus on the actionable items a b BILLIONS MILLIONS CQ THOUSANDS HUNDREDS TENS DATA SOURCES EVENT PROCESSOR ANALYTICS CORRELATION WORKFLOW

SBI Value Real-Time Correlation New Sources/ New Rules Access Protection/ AV Proxy: Malicious Sources Proxy: Outbound Data/Botnets OSINT Reporting Real-time Correlation Workflow Automation Common Logging Service (CLS) Advanced Analytics Custom Analytics (XDW) XDW/Custom Analytics Malware Metrics DSS reports malware Server Anomalies Regular external communication AAA My Security Alerts Uncovered significant IT Hygiene issues External Presence, Internal Cloud, Authentication, Connectivity, Brute Force Login, Elevated privilege logins, Identity Theft, DoS, Server Anomaly, DNS and DomainFlux connections, Endpoint Malware Detection Response 99% TPT reduction 1 Tool, 1 Process C2 IOC match <5 Minutes Fact Table/Order 1 Search

Security BI Risks & Challenges Privacy more data at risk Potential mining of the data for IP theft or harm Big data requires new big data tools Big data can slow forensics As devices get smaller more data pushed to the cloud

Next Steps My Security Alerts Database Activity Monitor Comprehensive Coverage Rapid Response

Getting Started Start small Start focused Grow value based on design goals Build a team Every organization has a different risk posture, all organizations require customized analysis.

Resources Information Security Protect to Enable Strategy video Learn more about Intel IT s initiatives at: www.intel.com/it

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information