Security Analytics in Big Data HP.pdf · Saba Softscape Sonar6 Ariba Yahoo! Quadrem Elemica Kinaxis CCC DCC SCM ADP VirtualEdge Cornerstone onDemand CyberShift Kenexa Saba Softscape

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.1© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Security Analytics in Big Data

Alexandre F Moraes, CISSP

Solutions Architect Manager Latin America

HP Enterprise Security

[email protected]

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2

- Vulnerability Awareness- Vulnerability Scanning

- Source Code Analysis

- Software Security Assurance

Hybrid CloudPaaS

SaaS

APP

IaaS

Division A

Finance

Division BDivision A

Private

CloudPublic

Cloud

- Proactive Defense- Flexible Security-Zone Segmentation

- Well-Known- and

Zero-Day-Exploit Protection

- Adaptive Network Defense

- Visibility- Security-Information and Event

Management System

- Event Correlation

- Context-Visibility

Collect

Consolidate

Correlate

HP Enterprise Security


New ! NGFW

S1050F – 500Mbps / 250Mbps (FW+AppID /

FW+IPS)

S8005F – 5Gbps / 2.5Gbps (FW+AppID / FW+IPS)

S3010F – 1Gbps / 500Mbps (FW+AppID / FW+IPS) S8010F – 10Gbps / 5Gbps (FW+AppID / FW+IPS)

S3020F – 2Gbps / 1Gbps (FW+AppID / FW+IPS) S8020F – 20Gbps / 10 Gbps (FW+AppID /

FW+IPS)

1

2

3

4

5

6

7

8 RESET POWER

STATUS

ALERT

CONSOLE

115200 N, 8, 1

MGMTHA

12

CFast Card

10#0F

12

CONSOLE

115200 N, 8, 1

MGMT

STATUS

ALERT

CFast CardHA 2

13

14

15

16

17

18

19

206

5

8

7

10

9

12

11

2

1

4

3

HA 1

80##F


Accelerating innovation & time to value

695,000 status updates

98,000+ tweets

698,445 Google searches

1,820TB of data created

11million instant messages

168 million+ emails sent

YouTube

Viber

Qzone

Amazon Web Services

GoGrid

Rackspace

LimeLight

Jive Software

salesforce.com

Xactly

Paint.NET

Business

Education

Entertainment

Games

Lifestyle

Music

Navigation

News

Photo & Video

Productivity

Reference

Social Networking

Sport

Travel

Utilities

Workbrain

SuccessFactors

Taleo

Workday

Finance

box.net

Facebook

LinkedIn

TripIt

Pinterest

Zynga

Zynga

Baidu

Twitter

Twitter

Yammer

Atlassian

Atlassian

MobilieIronSmugMug

SmugMug

Atlassian

Amazon

AmazoniHandy

PingMe

PingMe

Associatedcontent

Flickr

Snapfish

Answers.com

Tumblr.

Urban

Scribd.Pandora

MobileFrame.com

Mixi

CYworld

Renren

Xing

Yandex

Yandex

Heroku

RightScale

New Relic

AppFog

Bromium

Splunk

CloudSigma

cloudability

kaggle

nebula

Parse

ScaleXtreme

SolidFire

Zillabyte

dotCloud

BeyondCore

Mozy

FringToggl

MailChimp

Hootsuite

Foursquare

buzzd

Dragon Diction

SuperCam

UPS Mobile

Fed Ex Mobile

Scanner Pro

DocuSign

HP ePrint

iSchedule

Khan Academy

BrainPOP

myHomework

Cookie Doodle

Ah! Fasion Girl

PaperHost

SLI Systems

NetSuite

OpSource

Joyent

Hosting.com

Tata Communications

Datapipe

PPM

Alterian

Hyland

NetDocuments

NetReach

OpenText

Xerox

Google

Microsoft

IntraLinks

Qvidian

Sage

SugarCRM

Volusion

Zoho

Adobe

Avid

Corel

Microsoft

Serif

Yahoo

CyberShift

Saba

Softscape

Sonar6

Ariba

Yahoo!

Quadrem

Elemica

Kinaxis

CCC

DCC

SCMADP VirtualEdge

Cornerstone onDemand

CyberShift

KenexaSaba

Softscape

Sonar6

Workscape

Exact Online

FinancialForce.com

IntacctNetSuite

Plex Systems

Quickbooks

eBay

MRM

Claim Processing

Payroll

Sales tracking & Marketing

Commissions

Database

ERP

CRM

SCM

HCM

HCM

PLM

HP

EMC

Cost Management

Order Entry

Product Configurator

Bills of MaterialEngineering

Inventory

Manufacturing Projects

Quality Control

SAP

Cash Management

Accounts Receivable

Fixed AssetsCosting

Billing

Time and Expense

Activity ManagementTraining

Time & Attendance

Rostering

Service

Data Warehousing

The InternetGigabytes

Client/ServerMegabytes

Every 60 seconds

IBM

Unisys

Burroughs

Hitachi

NECBull

Fijitsu

Mainframe Kilobytes

Mobile, Social, Big Data & The Cloud

Zettabytes

217 new mobile web users

Yottabytes


Big Data

• Walmart : 1 Million of Transactions per Hour: 2.56 Terabytes / day

• Facebook: 50 Billions of pictures in the database

• 50 % of the data is non structured: video, images, audio...

Big Data landscape

Human InformationMachine Data

Business

Data

10% of Information

90% of Information

Annual

Growth

~100%

~10%

Business challenge Opportunities lost

% of the Digital Universe that

actually is being tagged and

analyzed

Competitive advantage in the digital universe in 2012Massive amounts of useful data are getting lost

23% 3%% of data that would

be potentially useful

IF tagged and

analyzed

% actually being

tagged for Big Data

Value (will grow to

33% by 2020)

0.5%

¹Source: IDC The Digital Universe in 2020, December 2012

Technology challenge Legacy techniques have fallen short.

Stale technologies Talent shortage86%

of corporations cannot deliver

the right information, at the

right time to support

enterprise outcomes all of the

time³³Source: Coleman Parkes Survey Nov 2012

IT frustration Lack of insight

HAVEn – the #1 Big Data platform

HAVEn

Social media IT/OT ImagesAudioVideoTransactional

dataMobile Search engineEmail Texts

Scale

Hadoop

/

HDFSSource

Autonom

y

IDOLSpeed

Vertic

a

Secure

Enterpris

e

Security Powering

HP Software

+ your apps

nApps

Documents

hp.com/haven


Turning events & logs into actionable intelligence

• Powered by HP HAVEn

Harness the power of ArcSight SIEM and Vertica Analytics

• Reduce false positives

• Minimize impact of security breach

• Transform security from defense to proactive protection

Proactive Protection - Security Analytics

Autonomy

Vertica

n-Apps

Enterprise Security

Hadoop


ArcSight

ESM

Vertica

Security

App1

App3

App2

Log

sTX data

BusinessWeather

Org structure

Threat feeds

Intelligence

Events + context + analytics


ArcSight Security Alert

Spikes in logins: Johnp



Right click

Integration

command

Invoke Vertica with

event context


0

2000

4000

6000

8000

10000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Login by Site

02000400060008000

10000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Login by Role


Detecting Information Leakage

• Powered by HP HAVEn

Harness the power of ArcSight SIEM and Autonomy IDOL

• Distill meaning and make decisions based on it, not just

match keywords or tags

• “judge” events based on their context

Proactive Protection - Security Analytics

Autonomy

Vertica

n-Apps

Enterprise Security

Hadoop


Sample Usecase: Detecting Information Leakage

ESMIDOL

1

2

3

4

1. Data access (file, email)

2. Event sent to ESM

3. Query sent to IDOL

4. Context sent to ESM

5. Rules fired5


Sample Usecase: Information at Risk

ESMIDOL

1

2

3

4

5

1. Attack target

2. Events sent to ESM

3. Query sent to IDOL

4. Context sent to ESM

5. See next slide


Sample Usecase: Data under Attack (cont’)

Patents

Information @

Risk

Information Store

Information Store


Sample Usecase: Threat Monitoring through

Sentiment Analysis

• Intelligence has a long history of providing pivotal information to decision-

makers

• Monitoring the spiraling amount of user generated content on the internet

(social media) and analyze it for sentiment


Sample Usecase: Threat Monitoring through

Sentiment Analysis


Develop Operate

SecureMonetize

Govern

HAVEn

hp.com/haven