SecurityDataLake LeveragingBigDataPlatformtobuildstrongercyberdefense

RujirapongRitwongCEO,Co-founderSoftnix Technology

YouCan’tProtectWhatYouCan’tSee

ITSecurityneedto

Visibility

(source:www.fbi.gov)

Unauthorizedaccesstodatasystem

Dataleakage/loss

72%

(source:www.fbi.gov)

Waytoincreaseyourvisibility

Definition• SecurityDataLakeisDataLakeappearinginthesecurityfield.

• DataLakeisamethodofstoringdatawithinBigDatasystem

• SecurityDataLakecentrallocationwhereallsecuritydata

• SimilarLogManagement,SIEM

TraditionalSecurityManagement• SIEMaresecuritymonitor,logmanagementactedas

thedatastoreforsecuritydata.• Technologiesused15yearsago.• Relationaldatabasesarenotwellsuitedforlarge

amountsofdata.• ACID- Fastwritesorfastreads,butnotboth• Realtimecorrelation(rules)enginerunonsingle

machine.• Notbuildtoletotherproductsreuse.• Expensiveforexplaining

Howlongdoyoucurrentlystoreeventandlogdata forSIEM

http://go.cyphort.com/rs/181-NTN-682/images/Cyphort-Ponemon-SIEM-Report.pdf

RetentiondataforcomplianceISO27001 ,PCI-DSS,HIPAA,FISMA,Sarbanes-Oxley(SOX)

UnknownEventsDataCredit:Hortonworks

ComparingSecurityDataLaketoSIEMSecurityDataLakeisnotareplaceforSIEMSecurityDataLakeObjective;◦ datastorage◦ dataprocessing◦ PurposefunctionofaSIEMcovers

LimitationofSIEMs

ScalabilityOpenness

BigDataTechnology

AttemptingsolutionstotheTWOmainproblemsofSIEMs

Hadoopbasic

2.25xMorelikelyTodetectthreatsWithinminutes

Timetodetectandidentifyasecurityincident

https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html

Reportuserdemandforcybersecurityanalyticsontherisethepast12months71%

Organizationsneedtoreport

Moreinformation:https://www.ponemon.org/local/upload/file/Big_Data_Analytics_in_Cyber_Defense_V12.pdf

82%BigDataPlatform+SecurityTechnologies=StrongerCyberDefense

It’sstilldifficulttodeployBigDatacybersecurityanalytics.

WhatisstoppingBigDataanalyticsadoption?

https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html

Oforganizationssayit’simpossibletoleverageBigDataanalyticswithtraditionalsystem

72%

https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html

ButSecurityDataLake(Hadoopbased)can.

29 % 72 % 43%

increasedatavolumesmorethan100%

increasedataprocessingmorethan76%

increasedataaccessforanalyticsmorethan100%

https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html

TopUseCase

BIGDATAAnalytics

UseCase

VodafoneUK’snewSIEMsystemreliesonApacheFlumeandApacheKafkatoingestnearly1millioneventspersecond.

OpenSourceBigDataforCybersecurity

http://spot.incubator.apache.org

ApacheSpot

OpenSourceBigDataforCybersecurity

http://metron.apache.org

ApacheMetron

DatafeedforSecurityDataLake

SecurityTechnologiesData NonSecurityData

http://go.cyphort.com/rs/181-NTN-682/images/Cyphort-Ponemon-SIEM-Report.pdf

100%

Allorganizationuse Firewallbypass Can’tmonitor.It’sBigData.

100% 100%

DNStraffic

OptimizeyourSIEM

OptimizeyourSIEM

Splitconnectionsetup

SecurityDatalakehelpoptimizeSIEMCost-EffectivelyIncreaseEnterpriseVisibilityAnalyticsFlexibilitySIEMLock-inDeploymentFlexibility

Ourhistory

Logger LoggerCloudforMSP

DataPlatformAuthenticator

LoggerforAWS

LoggerforAzure

“BigDataPlatformCompany”

Collector

EdgePoint

All-in-one LawCompliance Security&ITServices

MonitoringbyZABBIX

BigDataAnalytics

TechnologyPartner

Softnix DataPlatformBigDataAnalyticPlatform

Any DeviceAnyPlatform

Dashboard&VisualizeIntegrationtoEnterpriseAnalyticSystem

Softnix DataPlatformBigDataAnalyticPlatform

SolutionofSoftnix DataPlatform

ArchitectureSoftnixDataPlatformSoftnixDataPlatformArchitecture

CapabilityüSupportmachinedatawithanytypeüDataextractiontoanalyticformatüSupportdataindexingandaggregationüFull-textsearchorspecificsearch

üVisualizedataforhumanunderstandüSchedulesendreporttoemail

OurProcess

CollectionofData

DataEnrichment

ConvertintoStructured

AnalysisofData

VirtualizationofData

DashboardSystem

Full-TextSearch&Specificsearch

EventDetection

DataExtraction

Visualizedata

SimpleDataVisualization

DataAggregation

UseCase:SecurityDashboard

UseCase:AuthenticationMonitor

UseCase:DNSDashboard

UseCase:CloudFirewallforMSP

Multipledashboardperproject

ContactUs

www.softnix.co.thfacebook.com/softnixtechtwitter.com/softnix

medium.com/@softnix

info@softnix.co.th