Upload
lamkhanh
View
216
Download
1
Embed Size (px)
Citation preview
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.1© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security Analytics in Big Data
Alexandre F Moraes, CISSP
Solutions Architect Manager Latin America
HP Enterprise Security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
- Vulnerability Awareness- Vulnerability Scanning
- Source Code Analysis
- Software Security Assurance
Hybrid CloudPaaS
SaaS
APP
IaaS
Division A
Finance
Division BDivision A
Private
CloudPublic
Cloud
- Proactive Defense- Flexible Security-Zone Segmentation
- Well-Known- and
Zero-Day-Exploit Protection
- Adaptive Network Defense
- Visibility- Security-Information and Event
Management System
- Event Correlation
- Context-Visibility
Collect
Consolidate
Correlate
HP Enterprise Security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
New ! NGFW
S1050F – 500Mbps / 250Mbps (FW+AppID /
FW+IPS)
S8005F – 5Gbps / 2.5Gbps (FW+AppID / FW+IPS)
S3010F – 1Gbps / 500Mbps (FW+AppID / FW+IPS) S8010F – 10Gbps / 5Gbps (FW+AppID / FW+IPS)
S3020F – 2Gbps / 1Gbps (FW+AppID / FW+IPS) S8020F – 20Gbps / 10 Gbps (FW+AppID /
FW+IPS)
1
2
3
4
5
6
7
8 RESET POWER
STATUS
ALERT
CONSOLE
115200 N, 8, 1
MGMTHA
12
CFast Card
10#0F
12
CONSOLE
115200 N, 8, 1
MGMT
STATUS
ALERT
CFast CardHA 2
13
14
15
16
17
18
19
206
5
8
7
10
9
12
11
2
1
4
3
HA 1
80##F
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
Accelerating innovation & time to value
695,000 status updates
98,000+ tweets
698,445 Google searches
1,820TB of data created
11million instant messages
168 million+ emails sent
YouTube
Viber
Qzone
Amazon Web Services
GoGrid
Rackspace
LimeLight
Jive Software
salesforce.com
Xactly
Paint.NET
Business
Education
Entertainment
Games
Lifestyle
Music
Navigation
News
Photo & Video
Productivity
Reference
Social Networking
Sport
Travel
Utilities
Workbrain
SuccessFactors
Taleo
Workday
Finance
box.net
TripIt
Zynga
Zynga
Baidu
Yammer
Atlassian
Atlassian
MobilieIronSmugMug
SmugMug
Atlassian
Amazon
AmazoniHandy
PingMe
PingMe
Associatedcontent
Flickr
Snapfish
Answers.com
Tumblr.
Urban
Scribd.Pandora
MobileFrame.com
Mixi
CYworld
Renren
Yandex
Yandex
Heroku
RightScale
New Relic
AppFog
Bromium
Splunk
CloudSigma
cloudability
kaggle
nebula
Parse
ScaleXtreme
SolidFire
Zillabyte
dotCloud
BeyondCore
Mozy
FringToggl
MailChimp
Hootsuite
Foursquare
buzzd
Dragon Diction
SuperCam
UPS Mobile
Fed Ex Mobile
Scanner Pro
DocuSign
HP ePrint
iSchedule
Khan Academy
BrainPOP
myHomework
Cookie Doodle
Ah! Fasion Girl
PaperHost
SLI Systems
NetSuite
OpSource
Joyent
Hosting.com
Tata Communications
Datapipe
PPM
Alterian
Hyland
NetDocuments
NetReach
OpenText
Xerox
Microsoft
IntraLinks
Qvidian
Sage
SugarCRM
Volusion
Zoho
Adobe
Avid
Corel
Microsoft
Serif
Yahoo
CyberShift
Saba
Softscape
Sonar6
Ariba
Yahoo!
Quadrem
Elemica
Kinaxis
CCC
DCC
SCMADP VirtualEdge
Cornerstone onDemand
CyberShift
KenexaSaba
Softscape
Sonar6
Workscape
Exact Online
FinancialForce.com
IntacctNetSuite
Plex Systems
Quickbooks
eBay
MRM
Claim Processing
Payroll
Sales tracking & Marketing
Commissions
Database
ERP
CRM
SCM
HCM
HCM
PLM
HP
EMC
Cost Management
Order Entry
Product Configurator
Bills of MaterialEngineering
Inventory
Manufacturing Projects
Quality Control
SAP
Cash Management
Accounts Receivable
Fixed AssetsCosting
Billing
Time and Expense
Activity ManagementTraining
Time & Attendance
Rostering
Service
Data Warehousing
The InternetGigabytes
Client/ServerMegabytes
Every 60 seconds
IBM
Unisys
Burroughs
Hitachi
NECBull
Fijitsu
Mainframe Kilobytes
Mobile, Social, Big Data & The Cloud
Zettabytes
217 new mobile web users
Yottabytes
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Big Data
• Walmart : 1 Million of Transactions per Hour: 2.56 Terabytes / day
• Facebook: 50 Billions of pictures in the database
• 50 % of the data is non structured: video, images, audio...
Big Data landscape
Human InformationMachine Data
Business
Data
10% of Information
90% of Information
Annual
Growth
~100%
~10%
Business challenge Opportunities lost
% of the Digital Universe that
actually is being tagged and
analyzed
Competitive advantage in the digital universe in 2012Massive amounts of useful data are getting lost
23% 3%% of data that would
be potentially useful
IF tagged and
analyzed
% actually being
tagged for Big Data
Value (will grow to
33% by 2020)
0.5%
¹Source: IDC The Digital Universe in 2020, December 2012
Technology challenge Legacy techniques have fallen short.
Stale technologies Talent shortage86%
of corporations cannot deliver
the right information, at the
right time to support
enterprise outcomes all of the
time³³Source: Coleman Parkes Survey Nov 2012
IT frustration Lack of insight
HAVEn – the #1 Big Data platform
HAVEn
Social media IT/OT ImagesAudioVideoTransactional
dataMobile Search engineEmail Texts
Scale
Hadoop
/
HDFSSource
Autonom
y
IDOLSpeed
Vertic
a
Secure
Enterpris
e
Security Powering
HP Software
+ your apps
nApps
Documents
hp.com/haven
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Turning events & logs into actionable intelligence
• Powered by HP HAVEn
Harness the power of ArcSight SIEM and Vertica Analytics
• Reduce false positives
• Minimize impact of security breach
• Transform security from defense to proactive protection
Proactive Protection - Security Analytics
Autonomy
Vertica
n-Apps
Enterprise Security
Hadoop
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
ArcSight
ESM
Vertica
Security
App1
App3
App2
Log
sTX data
BusinessWeather
Org structure
Threat feeds
Intelligence
Events + context + analytics
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
ArcSight Security Alert
Spikes in logins: Johnp
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
Right click
Integration
command
Invoke Vertica with
event context
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
0
2000
4000
6000
8000
10000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Login by Site
02000400060008000
10000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Login by Role
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
Detecting Information Leakage
• Powered by HP HAVEn
Harness the power of ArcSight SIEM and Autonomy IDOL
• Distill meaning and make decisions based on it, not just
match keywords or tags
• “judge” events based on their context
Proactive Protection - Security Analytics
Autonomy
Vertica
n-Apps
Enterprise Security
Hadoop
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
Sample Usecase: Detecting Information Leakage
ESMIDOL
1
2
3
4
1. Data access (file, email)
2. Event sent to ESM
3. Query sent to IDOL
4. Context sent to ESM
5. Rules fired5
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
Sample Usecase: Information at Risk
ESMIDOL
1
2
3
4
5
1. Attack target
2. Events sent to ESM
3. Query sent to IDOL
4. Context sent to ESM
5. See next slide
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
Sample Usecase: Data under Attack (cont’)
Patents
Information @
Risk
Information Store
Information Store
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20
Sample Usecase: Threat Monitoring through
Sentiment Analysis
• Intelligence has a long history of providing pivotal information to decision-
makers
• Monitoring the spiraling amount of user generated content on the internet
(social media) and analyze it for sentiment
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
Sample Usecase: Threat Monitoring through
Sentiment Analysis
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
Develop Operate
SecureMonetize
Govern
HAVEn
hp.com/haven