BIG DATA CALLS FOR BIG SECURITY!



Similar documents
BIG DATA CALLS FOR BIG SECURITY!

Using Social Engineering Tactics For Big Data Espionage

Evolution Of Cyber Threats & Defense Approaches

The Future of the Advanced SOC

Reducing Cyber Risk in Your Organization

RSA Security Anatomy of an Attack Lessons learned

Security within a development lifecycle. Enhancing product security through development process improvement

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

The STAGEnet Security Model

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Developing a robust cyber security governance framework 16 April 2015

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

Big Data and Security: At the Edge of Prediction

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Product white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Training Employees to Recognise & Avoid Advanced Threats

Teradata and Protegrity High-Value Protection for High-Value Data

How To Understand Data Theory

From Threat Intelligence to Defense Cleverness: A Data Science Approach (#tidatasci)

Big Data Big Security Problems? Ivan Damgård, Aarhus University

Enabling Security Operations with RSA envision. August, 2009

FERPA: Data & Transport Security Best Practices

Big Data, Big Risk, Big Rewards. Hussein Syed

Hunting for the Undefined Threat: Advanced Analytics & Visualization

Practical examples of Big Data, security analytics and visualization

Developing Secure Software in the Age of Advanced Persistent Threats

A Practical Guide to Data Classification

Practical Threat Intelligence. with Bromium LAVA

North Highland Data and Analytics. Data Governance Considerations for Big Data Analytics

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

the challenge our mission our advisors

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Fighting Advanced Threats

BIG DATA WITHIN THE LARGE ENTERPRISE 9/19/2013. Navigating Implementation and Governance

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

IoT Security Concerns and Renesas Synergy Solutions

Solution Briefing. Integrating the LogLogic API with NSN s Remediation & Escalation Mgmt. System

RSA Security Analytics Security Analytics System Overview

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

From Information Management to Information Governance: The New Paradigm

This Symposium brought to you by

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Win the race against time to stay ahead of cybercriminals

Defending Networks with Incomplete Information: A Machine Learning Approach. Alexandre

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

Content Security: Protect Your Network with Five Must-Haves

SHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS

Application Security in the Software Development Lifecycle

Gregg Gerber. Strategic Engagement, Emerging Markets

Cyber Security: What You Need to Know

UIIPA - Security Risk Management. June 2015

Address C-level Cybersecurity issues to enable and secure Digital transformation

Adversary ROI: Why Spend $40B Developing It, When You Can Steal It for $1M?

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)

ETCIC Internships Open to Sophomores:

Secure Because Math: Understanding ML- based Security Products (#SecureBecauseMath)

Aircloak Analytics: Anonymized User Data without Data Loss

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

How To Protect Your Data From Theft

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

After the Attack. The Transformation of EMC Security Operations

Building a Security Operations Center. Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

Network Security & Privacy Landscape

Associate Prof. Dr. Victor Onomza Waziri

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

7 Myths of Healthcare Cloud Security Debunked

Transcription:

BIG DATA CALLS FOR BIG SECURITY! Jason Rader - Chief Security Strategist, RSA Global Services RSA, The Security Division of EMC Session ID: DAS-W02 Session Classification: General Interest

Agenda Why Big Data? Security Concerns With Big Data Securing Big Data Wrap Up

Why Big Data?

Big Data Analytics is the Future! Big Data Not LOTS of data But many disparate sources with mixed structure Industry trends driving Big Data & Analytics Storage is cheap Anywhere computing Hardware capabilities

What Are Predictive Analytics? Deriving value from Big Data! Complexly Organizing the unorganized Data Mining, Modeling, Statistics, Machine Learning The search for leading indicators How do we use it? Business strategy Public safety (CDC,NOAA) Cyber Security To Predict the Future!

Who Uses Predictive Analytics Today? Investors! Massive historical data Lots of math The search for trends Execute trades! The next step? Implications of social media See through the corporate veil Now we can focus on the individual!

Predictive Analytics Now is the Time! Businesses have data coming out of their ears Huge shift from the past Unused data Can we find value? Business leaders must innovate Focus on business model innovation Predictive Analytics can drive this!

Security Concerns with Big Data

Big Data The Ecosystem Data Sources Storage & Rapid Processing Analytics Data Scientists & Analysts Derived Data

Payoff Big Data Can Make You a Target Amount of data

Big Data Can Create a Liability Using Big Data Analytics in Retail Implications: Gathered data is given willingly by users Data is aggregated with other sources Retailers run analytics that manifest trends/predictions Outcomes accurately predict the future Users get better product placement Retailers win loyal customers Not Singular pieces of data! It s the CORRELATION that matters

How The Bad Guys Can Use Big Data Hacking the Coca Cola formula Can you derive the formula? YES YOU CAN! Shipping/Receiving/Production data Think Crypto plaintext attack KFC would be harder, but possible! IP/Strategy Derivation Attackers can figure out your IP by looking at data sets you don t necessarily protect Macro trends repeat themselves over multiple sets of data, can I fill the gaps from missing data sets?

The Security Problem of Derived Data If I derive your PII, must I protect it? The Legal System is WAY behind Compliance might be farther Do I have to protect data from aggregation? EXIF Data Geotags Huge impact to business US = Case Law EU Privacy Updates

Securing Big Data

How to View Data and Analytics Secret Sauce Intellectual Property Software Vuln DB Corp Strategy Crown Jewels Easily Transferrable IP Actionable IP Encryption Keys COMPINT Defense Information Valuable to Competitors or Military Valuable to me Valuable if Lost Customer Analytics IT Configs Biz Processes Derivative Data Analytics for Sale Medical Records CC Data PII/PHI Data Unused Biz Data Disinformation Old Source Code Old IP Old/Retired Encryption Keys

Value The Value of Information Over Time Max Value Area under this curve = money for information owner WIP Time Information eventually becomes a liability

Big Data Securing the Lifecycle Data mapping Where does data live? What is the full lifecycle of data? Raw WIP Data product Disposal How is it used by the business? Common Practices Governance Separation of Duties/RBAC Compartmentalization

Big Data Securing The Ecosystem Data Sources Storage & Rapid Processing Analytics Data Scientists & Analysts Derived Data

Wrap Up

WHAT DID WE LEARN? Know the lifecycle of big data in your org Understand the risks in the ecosystem Understand the business uses and the value of data over time Have a policy on security of derived data Educate new roles in security (data scientists) Classification of data and data sources is key Consistently evaluate changes in operations for security implications

Questions?

THANK YOU! Jason Rader jason.rader@rsa.com @jraderrsa