G e m i n i E n t e r p r i s e. by Ian Tinney

Transcription

1 G e m i n i E n t e r p r i s e by Ian Tinney

2 Translate Data into Knowledge Using Machine Reasoning Ian Tinney, Director EMEA Services 8 th March, 2018

3 The Problem Data Without Context is Useless Analysis Paralysis Big Data Platforms are Complex

4 Context is everything Context: [n] The parts of something written or spoken that immediately precede and follow a word or passage and clarify its meaning.? [The Organised Mind: Thinking Straight in the Age of Information Overload by Daniel Levitin] Gemini Enterprise: Typical view from Gemini Investigate

5 The Human Brain is Relational Which is easier to work with? Raw data tabular data or relational data?

6 Graphical Representation of Our Story Robert s computer sent an to Alice with an attachment called 2016 Recruitment Plan.html. The attachment contained a malware script that is associated with a particular vulnerability related to a Black Hole Exploit Kit that was blocked by McAfee Endpoint. detected vulnerability/identified in event file/installed by Visualization + Context tells a more powerful story Can be saved for future use has attachment/is attached to sent from/sent recipient of/recipient Easy to communicate with others Story can tell itself

7 The Solution: Continuous Data Analysis Stories and AI provide context Faster investigations and less constrained by analyst availability Simplified management

8 Gemini Enterprise

9 Automate Data Management for Analysis Single click deployment and automated management No Ops data platform management and scaling Unlock the value in your data platforms for faster analysis

10 Accelerated Analysis with AI Automatically reads IT data and suggests next-steps to root cause AI reveals hidden relationships without complex queries No more tedious search and pivot

11 Activate Organizational Awareness with Stories Build Enterprise Knowledge and Awareness Faster Analysis through Collaboration Quickly Understand Impact and Implications

12

13 Single Solution. Multiple Deployment and Support Options. Gemini Cloud Gemini Software Gemini Appliance Gemini Care

14 Operational Risk Security Compliance ITSM

15 Operational Risk home

16 Security home

17 Compliance home

18 ITSM home

19

20 Thank You

21 Global Enterprise Customers This is way faster than previous methods for an incident investigation case. The story combined with the elements and relationships is exactly what I need to investigate an incident quickly and share information with my team. - Analyst, National Center for High Performance Computing

22 Who is Gemini Data? Strategic Alliances

23 Three Event Types -- CIM Logs action dest dest_buit File_hash File_name File_size _subject Orig_dest protocol recipient Vendor sent marketing 0A566B1616C8A FEEF214372B1A 0580C7 received marketing 0A566B1616C8A FEEF214372B1A 0580C7 Malware 2016 Recruitment Plan.html 2016 Recruitment Plan.html 147 KB Hello Their rdobbs SMTP inidata.com 147 KB Hello Their amichaels SMTP eminidata.co m MS Exchange MS Exchange action category date dest File hash File_name sender signature src Vendor Violation Blocked Black hole Exploit 2017_08_08 RDOBBS- PC01 0A566B1616C8A FEEF214372B1A0 580C Recruitment Plan rdobbs@gem inidata.com Backdorr.W3 2/Duqu McAfee Endpoint Security Vulnerability cve cvss dest msft signature Vendor CVE MS win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 CVE null Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier Qualys Qualys

24 Two Event Types non-cim Logs DHCP (not CIM compliant) action date time description IP address hostname MAC Address leased 2017_08_01 14:37 MACBOOKPRO-5D RDOBBS-PC01 78:4f:43:a3:5d:26 leased 2017_08_04 9:09 MACBOOKPRO-9R AMICHAELS-PC01 78:47:43:f6:3e:56 AD (not CIM compliant) DN SAMID CN empid OU OU DC DC Phone Nacho.geminidata Robert Dobbs Nacho.geminidata Alice Michaels DOBBS Robert MICHAEL S Alice rdobbs rdobbs@nacho.geninidata.com MGR MKT Gemini. com amichaels amichaels@nacho.geminidata.com Designer MKT Gemini. com

25 Our Data From Key Value Pair to Triples ELEMENTS RELATIONSHIP ELEMENTS Noun Verb Direct Object Contains subject Hello There Contains attachment 2016 Recruitment Plan 2016 Recruitment Plan Contains File Mal/frame-W script Violation Blocked Detected by McAfee Endpoint Security CVE Can be exploited by Black Hole Exploit Kit Addressed to Alice Michaels Hello there Sent from Belongs to Robert Dobbs

26 Machine Reasoning