Data Loss Prevention with Platfora Big Data Analytics



Similar documents
IBM SECURITY QRADAR INCIDENT FORENSICS

Advanced Threat Protection with Dell SecureWorks Security Services

Covert Operations: Kill Chain Actions using Security Analytics

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

A New Perspective on Protecting Critical Networks from Attack:

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

I D C A N A L Y S T C O N N E C T I O N

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

RSA Security Anatomy of an Attack Lessons learned

ENABLING FAST RESPONSES THREAT MONITORING

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

IBM Security Services Cyber Security Intelligence Index

Cisco Cyber Threat Defense - Visibility and Network Prevention

Advanced Persistent Threats

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Teradata and Protegrity High-Value Protection for High-Value Data

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

How to Choose the Right Security Information and Event Management (SIEM) Solution

Getting real about cyber threats: where are you headed?

IBM Security QRadar Vulnerability Manager

Extending security intelligence with big data solutions

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Breach Found. Did It Hurt?

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

Stay ahead of insiderthreats with predictive,intelligent security

How To Manage Security On A Networked Computer System

Stop advanced targeted attacks, identify high risk users and control Insider Threats

RETHINKING CYBER SECURITY

Unified Security, ATP and more

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Reinventing Network Security Vectra s cyber-security thinking machine delivers a new experience in network security

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Hunting for the Undefined Threat: Advanced Analytics & Visualization

Gaining the upper hand in today s cyber security battle

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Content Security: Protect Your Network with Five Must-Haves

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Redefining SIEM to Real Time Security Intelligence

SIEM is only as good as the data it consumes

Network Security Redefined. Vectra s cybersecurity thinking machine detects and anticipates attacks in real time

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Combating a new generation of cybercriminal with in-depth security monitoring

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

WHITE PAPER: THREAT INTELLIGENCE RANKING

Advanced Threats: The New World Order

Comprehensive Advanced Threat Defense

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Into the cybersecurity breach

Oracle Big Data Discovery The Visual Face of Hadoop

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

How To Create An Insight Analysis For Cyber Security

Under the Hood of the IBM Threat Protection System

SANS Top 20 Critical Controls for Effective Cyber Defense

End-user Security Analytics Strengthens Protection with ArcSight

DYNAMIC DNS: DATA EXFILTRATION

RSA Security Analytics

Employing Disinformation Security to Protect Corporate Networks with NetBait. A NetBait Whitepaper June 2003

Protecting against cyber threats and security breaches

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

QRadar SIEM and FireEye MPS Integration

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

24/7 Visibility into Advanced Malware on Networks and Endpoints

The SIEM Evaluator s Guide

Leverage security intelligence for retail organizations

IBM Security Intrusion Prevention Solutions

Extreme Networks Security Analytics G2 Vulnerability Manager

10 Things Every Web Application Firewall Should Provide Share this ebook

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Impact of Data Breaches

Data Center security trends

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Breaking the Cyber Attack Lifecycle

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

Cisco Advanced Malware Protection for Endpoints

Transcription:

WHITE PAPER Data Loss Prevention with Platfora Big Data Analytics 2014 Platfora, Inc. platfora.com

WHITE PAPER Overview Around the world, public and private institutions store massive amounts of data: customer data, internal corporate data, and intellectual property. In today s world, data is the lifeblood of business; it has become a currency in its own right. For businesses, data represents overall positioning and strategy, technological and marketing differentiation, trade secrets, and competitive advantage. As a result, it is seen as a lucrative source of revenue for malicious actors, who break into protected networks and begin exfiltrating (extracting a remote system) that organization s most sensitive information often going undetected for extended periods of time. This risk is compounded by a number of important workplace trends: telecommuting, social engineering, and Bring Your Own Device (BYOD) as well as and growing volumes of sensitive data. CISO s, who are entrusted to protect the systems and data of the institutions for which they work, have their work cut out for them. Consider the Possibilities There is a right time and a wrong time to wonder how hackers, cyber thieves, or other malicious actors could possibly get past your organization s defenses and start helping themselves to your data, or doing other damage to your network or systems. The right time is right now. Today. You want to be aware of this possibility and acting on it before any damage is done. The wrong time is on a Monday morning, before your first cup of coffee, when your entire business is reeling from a breach which has already occurred. Unfortunately, that possibility is all too real; the threat is a growing one. 64,437 SECURITY INCIDENTS reported 5.5 MILLION DOLLARS Average cost of data breach 95 COUNTRIES Victimized 614 DATA BREACHES In 2013, a 30% increase over 2012 (est.) 80 % INCREASE 2013 Internal data theft incidents Figure 1: The threat is real How could such a thing possibly happen to your organization? Let s try answering that question and, more importantly, let s look at some ways that outcome can be prevented. 2014 Platfora, Inc. platfora.com page 1

The Usual Suspects While there are a variety of causes of data breaches, some recent studies indicate that the three most common initiators of data breaches are: 1. Well-intentioned victims, who cause the breach with no intention of doing so, usually through careless actions. These are most often security policy violations. 2. External parties, where an adversary finds a weakness in the institution s defenses, exploits that weakness, and steals. 3. Malicious insiders who have the same motivations as any other cyber-thieves, but who have the advantage of working from the inside. This group is the fastest growing segment; the incidents they cause are often some of the costliest data breaches. This mix of potential culprits tells us that any effort to prevent breaches or mitigate their damage must be predicated on a holistic view of your network and the data that supports it. You have to look at what is happening both on the inside and the outside. How Networks Are Compromised A data loss event does not occur in a vacuum; often the preparation and analysis of a target has taken place for a considerable period of time. The hypothetical timeline shown here is loosely derived from some of the highprofile data loss events over the past year: DAY 0 DAY 3-7 DAY 10-14 DAY 16-20 Malicious actors scan for potential access point Access and Install malware on compromised host Update malware for ex-filtration of data Ex-filtration of data from victim network Figure 2: Malicious actors compromise processes During the first stage, a malicious actor will be working to understand the layout of the victim network, looking for potential exploits that can get them in. In the second stage, malicious actors use one of the identified exploits from the first stage to deploy malware to the victim network. In the third stage, they put the software in place required to package and exfiltrate data from the victim network in a discrete manner. In the fourth stage, data is moved from the victim network either in small pieces or in one large push. Requirements of a DLP System Defending against data breach requires a strategy that focuses on identifying the precursors and indications of malicious actors early on. An effective Data Loss Prevention (DLP) strategy consists of five core steps: 2014 Platfora, Inc. platfora.com page 2

1. Collect All Data - Collect data from across the enterprise in order to produce a complete threat picture. Many organizations collect data in a variety of forms and formats at different locations and then never bring it all together. Collection of all relevant data is essential for analysis of known and identification of as-yet unidentified threats. 2. Correlate Understanding activities of advanced threat actors requires correlation of base sets of data such as Netflow with Intrusion Detection System (IDS), contextual, statistical information on past observations, and threat data sources such as known exploits for a given port. Analysis of the major data breaches of 2013 show that data correlation was a major challenge for the victim organizations. 3. Identify Threat Activity Early Develop techniques and analytics for identifying threat actors as early in the Compromise process as possible. In many cases, the scanning and probing will occur over time which requires network defense organizations to work with more data to detect these activities. 4. Watch High Value Target transmission patterns Identify High Value Targets on networks and monitor all interaction patterns with other hosts, with an eye for any change, no matter how subtle. Monitor what malicious actors learn Reconstruction of a network attack requires analysis of what systems malicious actors are interested in and what they have learned about those systems. 5. Monitor what malicious actors learn Reconstruction of a network attack requires analysis of what systems malicious actors are interested in and what they have learned about those systems. Platfora Combats Data Loss Platfora is a Big Data Analytics platform that provides organizations a new weapon in the ongoing struggle against data breaches. The Platfora Network Security Solution delivers rapid, high-powered, self-service security analytics to the hands of network administrators and network security analysts. Working alongside your existing security infrastructure, the solution leverages Platfora Big Data Analytics both to augment your existing systems and to open up whole new levels of security capability not previously available. The solution natively leverages the deep processing, scalability and infinite storage of Hadoop. It includes templates and customized services to address the most critical network security use cases. As we will demonstrate in the following sections, it supports the five steps for effective DLP as outlined above. 1. Platfora Collects All Data Platfora provides a highly scalable secure platform for managing network security data. Not only does Platfora provide a solution for collecting all of the data, it makes the data easy to use and work with. Platfora is powered by Hadoop and supports structured and unstructured data natively out of the box. Figure 3: The Data Catalog provides a simple-to-use interface for interacting with data 2014 Platfora, Inc. platfora.com page 3

2. Platfora Correlates Platfora provides a platform for high-speed, deep correlation of events. In order to analyze network data, it is essential to be able to correlate different types of data, including Netflow data, IDS, as well as other sources. Moreover, one of the keys to the prevention of data loss is the correlation of disparate events, which is often not possible using legacy technologies. As shown in Figure 4, with Platfora a network security analyst can easily correlate data about who is accessing the network and for what, in this case the top 100 downloaders, with intrusion-detection data, in this instance from the SNORT intrusion detection system. The correlated data is presented in a Vizboard, a Platfora interactive visual environment that provides dynamic contextual information as the analyst explores the data. Figure 4: Platfora correlates Netflow with blacklist, geo-location information, IDS 3. Platfora Identifies Threat Activity Earlier Recent studies show that one of the key elements to thwarting malicious actors is identifying them during the probing and discovery phase of compromise. The Platfora Network Security Solution builds on this lesson learned, identifying scanning and probing activity from day one. Figure 5: First stage port discovery scanning by potentially malicious actors As shown in Figure 5, the Platfora Network Security Solution provides out-of-the-box capability for detecting malicious actor activity earlier in the process than would be available through analysis in a conventional environment. The Y-Axis shows the incoming IP address (SIP), the X-Axis shows the destination ports being visited. The result is a highly intuitive visual user experience that reveals significant details about organized scanning and probing activity by external actors. 2014 Platfora, Inc. platfora.com page 4

4. Platfora Watches High Value Target transmission patterns Another key element to preventing data loss is early detection of network interactions that should not be occurring. The Platfora Network Security Solution provides an out-of-the-box capability for monitoring interactions across the entire network. Figure 6: Potential data theft by malicious actors Figure 6 shows one of the visualizations that is part of the Platfora Network Security Solution. This dashboard enables network analysts, in a single view, to determine destinations for outbound flows from protected networks. In this case, the dashboard highlights data being moved to an address located in Brazil. The Y-Axis shows the amount of data expressed in bytes outbound from the network. The X-Axis shows the distance between the Source IP address and Destination IP address. The visualization combines these two attributes to highlight instances where unusual activity is occurring, in particular substantial movement of data to a destination outside this organization s usual sphere of business interactions. 5. Platfora Monitors what malicious actors learn One of the often overlooked elements of network security is the process of creating a Malicious Actor View. This view is essential, given that it provides a window to what potentially malicious actors know about your network. Figure 7: Malicious actor view of the network This figure shows another dashboard that is included in the Platfora Network Security Solution. On the Y-Axis are the source systems communicating with destination systems (X Axis) resident on the protected network. Context overlays provide over an event provides additional information on the monitored event as you pass your cursor over the visualization elements. Here we see that the malicious actor is 203.251.81.26, which has attempted to gain information on over 38,000 time over known exploitable internal destination ports. This kind of immediate, contextualized information is critical for identifying and mitigating data breaches. The Time Is Now Platfora s Big Data Analytics capability can serve as a major strategic asset for protecting your network from data breach or mitigating the effects of a breach which has already occurred. With Platfora, you can keep your network secure through an enhanced ability to monitor traffic, behavioral, and other data for the tell-tale signs of malicious intent. If the time to consider how a data breach might negatively impact your business is now, then now is also the time to take a closer look at Platfora, and what it can do to protect your organization s network, systems, and data. 2014 Platfora, Inc. platfora.com page 5

About Platfora Platfora is the #1 native Big Data Analytics platform for Hadoop. Platfora puts big data directly into the hands of line-of-business people through self-service analytics that help them uncover new opportunities that were once impossible or impractical across transaction, customer interaction and machine data. An interactive and visual full-stack platform delivered as subscription software in the cloud or on-premises, Platfora Big Data Analytics is creating data-driven competitive advantages in the areas of security, marketing, finance, operations and the Internet of Things. Leading organizations such as Citi, Comcast, DirecTV, Disney, Edmunds.com, Opower, Riot Games, Vivint and The Washington Post use Platfora.www.platfora.com Legal Notice Copyright 2014, Platfora. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. 2014 Platfora, Inc. platfora.com page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information