APACHE SPOTNetwork Security Re-imaginedAustin Leahy

@DataMinion

AGENDA

Where is the need The new approach Moving to real investigation Value of anomaly based detection ONI –Demo Open Data Model Q&A

DECREASING BENEFITS AT SCALE

START WITH THE HARDEST PILL TO SWALLOW

Operational Analytics

• Visualization, attack heuristics, noise filter

Machine Learning

• Filter billion of events to a few thousands

• Unsupervised learning

Parallel Ingest Framework

• Open source decoders

• Load data in Hadoop

Telemetry

• Network Flows (nfcapd)

• DNS (PCAP)• Proxy

SIEM(TBs)

Big Data/ML based Applications(PBs)

INVESTIGATION WAS NEVER DETECTION

EVERY LAYER REQUIRESMORE EXPENSIVECOMPUTATION

APACHE SPOT – REIMAGINE SCIRT WORKFLOWS

• Partners Should control their Data

• Application framework is rocket fuel for the build instead of buy decision

• Community engagement means ever increasing value describing the landscape

Network Apache Hadoop*

Spark + ML

Intel Platform

Cybe

rsecu

rity IT Operations

FraudUs

er Ex

perie

nce

OPEN NETWORK INSIGHT OPEN DATA MODEL

Identity

Endpoint

Open Network Insight

http://incubator.apache.org/projects/spot.html

Join the community today and participate:

@DataMinion