Big Data security, tools and tips to protect information assets
|
|
- Shonda Mason
- 6 years ago
- Views:
Transcription
1 Big Data security, tools and tips to protect information assets Eddie Garcia Chief Security Architect 1
2 A Big Data Revolution is Happening as We Speak Industrial Revolution Data Revolution 2
3 The Benefits of Apache Hadoop... One place for unlimited data All types More sources Faster, larger ingestion Unified, multi-framework data access More users More tools Faster changes 3
4 Can Create Information Security Challenges Business Manager Run high value workloads in cluster Quickly adopt new innovations Information Security Follow established policies and procedures Maintain compliance IT/Operations Integrate with existing IT investments Minimize end-user support Automate configuration 4
5 Levels of Security Where do you start? 5
6 Comprehensive, Compliance-Ready Security Authentication, Authorization, Audit, and Compliance Perimeter Access Visibility Data Guarding access to the cluster itself Defining what users and applications can do with data Reporting on where data came from and how it s being used Protecting data in the cluster from unauthorized visibility Technical Concepts: Authentication Network isolation Technical Concepts: Permissions Authorization Technical Concepts: Auditing Lineage Technical Concepts: Encryption, Tokenization, Data masking 6
7 Active Directory and Kerberos Active Directory Manages Users, Groups, and Services Provides username / password authentication Group membership determines Service access Kerberos Trusted and standard third-party Authenticated users receive Tickets Tickets gain access to Services User [ssmith] Password[***** ] User authenticates to AD Authenticated user gets Kerberos Ticket Ticket grants access to Services e.g. Impala 7
8 Authentication Kerberos authentication LDAP and SAML authentication for web Uis LDAP authentication for SQL access (Hive and Impala) 8
9 Network Isolation Firewall creates 2 tiers of access: Edge Nodes gateway services only / no HDFS data Most user access The rest of the cluster all other services / HDFS data Only a few admins allowed 9
10 Access Control Background The majority of hadoop users are dealing with structured data Applications that run on Hadoop (Datameer, Platfora, SAS, etc) now use Spark, in addition to Hive, Impala and MR. Customers say they want to... Keep one logical copy of data, to minimize storage and complexity of securing that data Set permissions once and analyze that data with any application or compute framework Apply permissions at the granularity of columns and rows 10
11 Use Cases for Fine-Grained Access Control Across All Hadoop Access Paths Columns: Sensitive column visibility varies by role (Ex. credit card numbers) Entitlement varies by subscription Rows: Different user groups need access to different records European privacy laws Government security clearance Financial information restrictions Subscription entitlement 11
12 Access Control with Storage Permissions Only Early Days of Hadoop APPS PLATFORA DATAMEER TABLEAU SAS ETC... Simple All or Nothing permissions for each file/table COMPUTE HIVE, IMPALA SPARK, MR But... In Big Data, tables often contain tens or hundreds of columns STORAGE Filesystem HDFS Not all users are allowed to see all columns and rows 12
13 Access Control with SQL Auth and Storage Permissions APPS STORAGE COMPUTE PLATFORA DATAMEER TABLEAU SAS ETC... Filesystem HDFS HIVE, IMPALA SQL Auth X SPARK, MR Adds column and row-level permissions But... The hive objects are not accessible outside of Hive and Impala. Many, many applications use MR and Spark So data needs to be extracted from the table and placed in separate files where varying HDFS permissions are applied => Duplicate data, duplicate permissions 13
14 Access Control with Apache Sentry and RecordService APPS COMPUTE PLATFORA DATAMEER TABLEAU SAS ETC... HIVE, IMPALA SPARK, MR Column and Row-level Permissions One copy of data One set of permissions APACHE SENTRY, RECORDSERVICE STORAGE Filesystem HDFS 14
15 Fine-Grained Access Control without Sentry & RecordService Split the original file Use HDFS permissions to limit access Date/time Accnt # SSN Asset Trade Country 09:33: :33: :12: :22: :55: :22: :45: :03: :55: AZP Sell US TBT Buy EU IDI Sell UK ICBD Buy US FWQ Buy US UAD Buy UK NZMA Sell EU TMV Buy US DRW Buy UK Date/time Accnt # SSN Asset Trade Country 09:33: :22: :55: :03: Date/time Accnt # SSN Asset Trade Country 11:33: :45: Date/time Accnt # SSN Asset Trade Country 14:12: :22: :55: AZP Sell US ICBD Buy US FWQ Buy US TMV Buy US TBT Buy EU NZMA Sell EU IDI Sell UK UAD Buy UK DRW Buy UK 15
16 Fine Grained Access Control With Sentry & RecordService Sentry: Define Row, column, and sub-column (masking) permissions Sentry + RecordService: Enforce these across all access paths Single HDFS file: Column-Level Controls Date/time Accnt # SSN Asset Trade Country What U.S. Brokers See Column-Level Controls Date/time Accnt # SSN Asset Trade Country 09:33: AZP Sell US 09:33: XXX-XX AZP Sell US 11:33: :12: :22: :55: :22: TBT Buy EU IDI Sell EU ICBD Buy US FWQ Buy US UAD Buy EU Row-Level Controls Hive, Impala, MR, Spark, Pig 11:33: :12: :22: :55: :22: XXX-XX XXX-XX TBT Buy group2 IBM Sell group3 ICBD Buy US FWQ Buy US UA Buy group3 Row-Level Controls 13:45: NZMA Sell EU 13:45: AMZN Sell group2 16
17 Additional Apache Sentry Features Protection for Hive Metastore Without this, users could modify views to point to unauthorized sensitive data Simple positive permissions Combining positive, negative and exceptions, permissions become very difficult to audit and track in a large environment True Role-Based Access Control RBAC Ties to Enterprise Directory (LDAP or Active Directory) for users and groups Permissions GUI Handles: Hive, Hive Metastore, Impala, Search, Kafka, MR, Spark, Pig 17
18 ABAC*: Enforce Top-level Policies while Delegating Administration Master File (M) Date/time Accnt # SSN Asset Trade Broker 09:33: :33: :12: :22: :55: :22: :45: :03: :55: PI I AAPL Sell group1 TBT Buy group2 HDP Sell group3 INTC Buy group1 F Buy group1 UA Buy group3 AMZN Sell group2 TMV Buy group1 MA Buy group3 Example Permissions based on Tags PI PII tag means: Only members of role A can see this I *Roadmap Item 18
19 Column Tag Follows the Data Master File Date/time Accnt # SSN Asset Trade Broker 09:33: :33: :12: :22: :55: :22: :45: :03: :55: PI I AAPL Sell group1 TBT Buy group2 HDP Sell group3 INTC Buy group1 F Buy group1 UA Buy group3 AMZN Sell group2 TMV Buy group1 MA Buy group3 Date/time Accnt # SSN Asset Trade Broker Date/time Accnt # SSN Asset Trade Broker Date/time Accnt # 09:33: SSN AAPL Asset Sell Trade Broker group1 09:33: AAPL Sell group1 09:33: AAPL Sell group1 09:22: INTC Buy group1 09:22: INTC Buy group1 09:22: INTC Buy group1 11:55: F Buy group1 Date/time Accnt # SSN Asset Trade Broker 11:55: F Buy group1 11:55: F Buy group1 09:03: TMV Buy group1 09:22: INTC Buy 09:03: TMV Buy group1 09:03: TMV Buy group1 group1 09:03: TMV Buy group1 Date/time Accnt # SSN Asset Trade Broker 09:33: PI I Copies, subsets, result-sets PI I AAPL Sell group1 09:22: INTC Buy group1 Date/time Accnt # SSN Asset Trade Broker 11:55: F Buy group1 11:55: F Buy group1 09:03: TMV Buy group1 09:03: TMV Buy 19 group1
20 Role-Based Access Control (RBAC) and Centralized Authorization Manage data access by role, instead of just by users & groups Customer Support Rep has read access to US Customers Broker Analyst has read access to US Transactions Relationships between users and roles are established via groups An RBAC policy is then uniformly enforced for all Hadoop services Provides unified authorization controls As opposed to tools for managing numerous, service specific policies Roles are a requirement of RBAC to administer policies at scale 20
21 Centralized Policy Management with Apache Sentry Sam Smith Group Tier 1 Customer Support Reps Sentry Role Sentry Perm. Read Access to Customers.Cust omerid Where Country = US Cust. ID SSN Phone Country US 09:22: EU US Martha Jones Group Tier 1 Broker Analysts U.S. Customer Transaction Analysis Sentry Perm. Read Access to Transactions.D ate Where Country = US Date/Time Cust. ID Trade Country 11:33: :22: Sell US EU 13:45: Buy US 21
22 Apache Hadoop for Cybersecurity 22
23 Data is constantly under threat Threat surface expanding Attacks are increasing Threats are adaptive 16 billion connected devices generating more data There has been a 250% increase in successful attacks Protection against attacks with known signatures no longer sufficient 23
24 Challenges with traditional threat detection Security Operations Security Analysts Security Responders Data left out of process Expensive to scale systems Proprietary tooling makes difficult to implement new Out of the box analytics Signature based is yesterdays threat Advanced analytics are add-ons Data can take weeks to retrieve Raw and historic data offline Reactive instead of predictive 24
25 Powering the next generation of cybersecurity Time (Months) SIEM (TBs) Machine Learning Advanced Statistics SQL Correlations Search Aggregated Events User Data Raw System Logs Network Flows/ DNS Data Types (MBs>PBs) Full Packet Capture Video, Text, Images 25
26 Powering the next generation of cybersecurity Time (Months) SIEM (TBs) Apache Hadoop Based Applications (PB) Machine Learning Advanced Statistics SQL Correlations Search Aggregated Events User Data Raw System Logs Data Types (MBs>PBs) Network Flows/ DNS Full Packet Capture Video, Text, Images 26
27 Benefits of modern threat detection Security Operations Security Analysts Security Responders Keep data online forever Process larger volumes of diverse data Native SQL, Statistical, Machine Learning capabilities Advanced Persistent Threat detection Make data accessible immediately Provide raw and enriched data access 27
28 Introducing Apache Spot (incubating) Apache Hadoop on Intel platform delivers unrivaled analytic performance and scale Network Endpoint Apache Hadoop Intel Platform User / Identity Apache Spot open data models place customer in control of the data unlocking tremendous value Apache Spot application framework accelerates development and delivery of adjacent use cases built on open data models Robust community 28
29 Apache Spot V1.0 Apache Spot for cybersecurity difference Analyze billions of network events per day leveraging machine learning in order to detect unknown events, insider attacks, and diagnose dark areas Reduce false positive alerts by triangulating the data with context to assure the alerts you receive are legitimate Provide meaningful insights by analyzing the data (e.g., flow, DNS packet) that is already being collected 29
30 Use Case: Hidden Networks and Suspicious Connects How can I find the bad mixed in with all the good? Port 80 HTTP Port 143 IMAP Suspicious! Advanced Analytics Algorithms Deliver suspicious connections in ranked order with multiple data points such as time, traffic flow, and more. Take action Monitor Ignore Human input helps the system evolve. Quickly eliminate false positives from the lineup. Identify the needle in the haystack with patterns that provide insight into potential threats. And make every item on the list worth your time to investigate. 30
31 Path to Enlightenment Apache Spot v 1.0 perimeter flows (Stealthy) Scanning Side-channel data escapes Reflection attacks Unusual data flows Beaconing perimeter flows + DNS DNS tunneling Covert DNS channels Internal DNS recon perimeter flows + DNS + internal flows Lateral movement Complete threat visibility 31
32 From raw packets to the most actionable events Network Flows (nfcapd) Each data source is a pipeline new pipelines can be added by following a short recipe Parallel Ingest Framework Machine Learning Operational Analytics DNS (pcap) Sensors feed ONI Open Source Decoders Creates CSV and Compressed data in HDFS Filters billions to thousands Baseline not required Unsupervised, no rules required Returns small number of credible threats from machine learning Visualization, Noise Filter, Attack Heuristics 32
33 Key Differentiators Open can be used turnkey but owners can build on it to expand capability Scale storage and machine learning go far beyond capabilities of most security products Best of Hadoop and Intel Architecture Spark is combined with software optimized for Intel chips (Math Kernel Libraries, Intel MPI library) Sophisticated machine learning and visualization are back of the book, ready for cloud and on-prem today 33
34 Spark and C for ML Use Spark for pre- and post-processing Use C/MPI for Latent Dirichlet Allocation (empirical bayes) Parameter estimation gamma and phi, then alpha E-step parallel, m-step local 3.2 * 10^7 docs, 2*10^5 words Sequential 96 hours, parallel 90 minutes Next step is to capture benchmarks from MKL improvements 34
35 Telemetry streaming ingestion and batch processing NetFlow Parse DNS Syslog Enrich Publish Alert Publisher Alert Monitoring Packet Captures SNMP Server Logs Malware High Throughput Telemetry Ingestion Framework Streaming Parse / Enrich Machine Learning Publish Threat Analysis Search ONI Dashboard Real Time Search Exploits Executables Batch Operational Analytics Visualization 35
36 Real world use cases 36
37 Managed security provider investigates ~1,000 potential security incidents and analyzes ~20,000 pieces of malicious software. 37
38 Consumer credit provider building detection models using a full year of comprehensive log and indicator data 38
39 US Bank leveraging user behavior analytics to detect fraud and inside user threats 39
40 A US national security organization identifies potentially suspicious activity across the worldwide web, and supply threat information to 700 commercial and federal organizations. 40
41 Thank you. 41
Enabling Secure Hadoop Environments
Enabling Secure Hadoop Environments Fred Koopmans Sr. Director of Product Management 1 The future of government is data management What s your strategy? 2 Cloudera s Enterprise Data Hub makes it possible
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationWHITEPAPER. MemSQL Enterprise Feature List
WHITEPAPER MemSQL Enterprise Feature List 2017 MemSQL Enterprise Feature List DEPLOYMENT Provision and deploy MemSQL anywhere according to your desired cluster configuration. On-Premises: Maximize infrastructure
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationDatameer for Data Preparation:
Datameer for Data Preparation: Explore, Profile, Blend, Cleanse, Enrich, Share, Operationalize DATAMEER FOR DATA PREPARATION: EXPLORE, PROFILE, BLEND, CLEANSE, ENRICH, SHARE, OPERATIONALIZE Datameer Datameer
More informationCONSOLIDATING RISK MANAGEMENT AND REGULATORY COMPLIANCE APPLICATIONS USING A UNIFIED DATA PLATFORM
CONSOLIDATING RISK MANAGEMENT AND REGULATORY COMPLIANCE APPLICATIONS USING A UNIFIED PLATFORM Executive Summary Financial institutions have implemented and continue to implement many disparate applications
More informationRSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1
RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationQuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview
Overview Product overview Aruba s User and Entity Behavior Analytics (UEBA) solution, Aruba IntroSpect, detects attacks by spotting small changes in behavior that are often indicative of attacks that have
More informationArbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA
Arbor Networks Spectrum Wim De Niel Consulting Engineer EMEA wdeniel@arbor.net Arbor Spectrum for Advanced Threats Spectrum Finds Advanced Threats with Network Traffic Unlocks Efficiency to Detect, Investigate,
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationTRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald
TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1 What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationΟ ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationTRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany
TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE Ralf Kaltenbach, Regional Director RSA Germany 1 TRUSTED IT Continuous Availability of Applications, Systems and Data Data Protection with Integrated
More informationThe Cognito automated threat detection and response platform
Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationCopyright 2013 EMC Corporation. All rights reserved. BIG DATA AND SECURITY JOINING FORCES
1 BIG DATA AND SECURITY JOINING FORCES 2 Agenda Security for Big Data Big Data for Security Conclusions Structured + Unstructured Data = Big Telemetry, Location-Based, etc. Structured in Relational Databases
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationSecurity. Risk Management. Compliance.
Richard Nichols Netwitness Operations Director, RSA Security. Risk Management. Compliance. 1 Old World: Static Security Static Attacks Generic, Code-Based Static Infrastructure Physical, IT Controlled
More informationHDP Security Overview
3 HDP Security Overview Date of Publish: 2018-07-15 http://docs.hortonworks.com Contents HDP Security Overview...3 Understanding Data Lake Security... 3 What's New in This Release: Knox... 5 What's New
More informationHDP Security Overview
3 HDP Security Overview Date of Publish: 2018-07-15 http://docs.hortonworks.com Contents HDP Security Overview...3 Understanding Data Lake Security... 3 What's New in This Release: Knox... 5 What's New
More informationOperationalizing the Three Principles of Advanced Threat Detection
SESSION ID: SDS2-R08 Operationalizing the Three Principles of Advanced Threat Detection ZULFIKAR RAMZAN, PH.D Chief Technology Officer RSA @zulfikar_ramzan Dealing with Traffic Congestion Singapore: Major
More informationCognito Detect is the most powerful way to find and stop cyberattackers in real time
Overview Cognito Detect is the most powerful way to find and stop cyberattackers in real time HIGHLIGHTS Always-learning behavioral models use AI to find hidden and unknown attackers, enable quick, decisive
More informationAgenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options
Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More information10x Increase Your Team s Effectiveness by Automating the Boring Stuff
SESSION ID: TTA-R02 10x Increase Your Team s Effectiveness by Automating the Boring Stuff Jonathan Trull Chief Cybersecurity Advisor Microsoft @jonathantrull Vidhi Agarwal Senior Program Manager Microsoft
More informationIntroducing Apache Kudu and RecordService (incubating)
Introducing Apache Kudu and RecordService (incubating) Guido Oswald Sales Engineer, Switzerland April 2016, Swiss Big Data User Group Meetup 18 @GuidoOswald 1 Current storage landscape in Hadoop HDFS excels
More informationDatameer Big Data Governance. Bringing open-architected and forward-compatible governance controls to Hadoop analytics
Datameer Big Data Governance Bringing open-architected and forward-compatible governance controls to Hadoop analytics As big data moves toward greater mainstream adoption, its compliance with long-standing
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationesendpoint Next-gen endpoint threat detection and response
DATA SHEET esendpoint Next-gen endpoint threat detection and response esendpoint powered by Carbon Black eliminates endpoint blind-spots that traditional technologies miss. Operating on a philosophy that
More informationTop 10 use cases of HP ArcSight Logger
Top 10 use cases of HP ArcSight Logger Sridhar Karnam @Sri747 Karnam@hp.com #HPSecure Big data is driving innovation The Big Data will continue to expand Collect Big Data for analytics Store Big Data for
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationWatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.
WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution. Total Security. A stateful packet firewall, while essential, simply isn t enough anymore. The reality is that
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationVectra Cognito. Brochure HIGHLIGHTS. Security analyst in software
Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors
More informationMcAfee MVISION Cloud. Data Security for the Cloud Era
McAfee MVISION Cloud Data Security for the Cloud Era McAfee MVISION Cloud protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It s cloud-native data
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationData Privacy and Protection GDPR Compliance for Databases
Data Privacy and Protection GDPR Compliance for Databases Walo Weber, Senior Sales Engineer September, 2016 Agenda GDPR: who, what, why, when Requirements for databases Discovery Classification Masking
More informationCIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
More informationData Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview creates a protected endpoint and messaging environment that is secure against today s complex data loss, malware, and spam threats controlling
More informationSentryWire Next generation packet capture and network security.
Next generation packet capture and network security. 1 The data landscape More data, more danger. Data proliferation brings many new opportunities but also many downsides: more data breaches, more sophisticated
More informationSentryWire Next generation packet capture and network security.
Next generation packet capture and network security. 1 The data landscape 5 big cyber security trends for 2018 More data, more danger. Data proliferation brings many new opportunities but also many downsides:
More informationCapture Business Opportunities from Systems of Record and Systems of Innovation
Capture Business Opportunities from Systems of Record and Systems of Innovation Amit Satoor, SAP March Hartz, SAP PUBLIC Big Data transformation powers digital innovation system Relevant nuggets of information
More informationSOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD
RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD THE CLOUD MAKES THREAT HUNTING HARDER The explosion in cloud workloads is driving real, substantial business value.
More informationSolving the Really Big Tech Problems with IoT Data Security and Privacy
Solving the Really Big Tech Problems with IoT Data Security and Privacy HPE Security Data Security March 16, 2017 IoT Everywhere - Promising New Value Manufacturing Energy / Utilities Banks / Financial
More informationProgress DataDirect For Business Intelligence And Analytics Vendors
Progress DataDirect For Business Intelligence And Analytics Vendors DATA SHEET FEATURES: Direction connection to a variety of SaaS and on-premises data sources via Progress DataDirect Hybrid Data Pipeline
More informationSobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.
Sobering statistics The frequency and sophistication of cybersecurity attacks are getting worse. 146 >63% $500B $3.8M The median # of days that attackers reside within a victim s network before detection
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationTen Innovative Financial Services Applications Powered by Data Virtualization
Ten Innovative Financial Services Applications Powered by Data Virtualization DATA IS THE NEW ALPHA In an industry driven to deliver alpha, where might financial services firms find opportunities when
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationTHE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS
DATA SHEET THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS LUMETA SPECTRE FOR 100% REAL-TIME INFRASTRUCTURE VISIBILITY, REAL-TIME NETWORK CHANGE MONITORING AND THREAT DETECTION FOR PREVENTING SUCCESSFUL
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationFrom Single Purpose to Multi Purpose Data Lakes. Thomas Niewel Technical Sales Director DACH Denodo Technologies March, 2019
From Single Purpose to Multi Purpose Data Lakes Thomas Niewel Technical Sales Director DACH Denodo Technologies March, 2019 Agenda Data Lakes Multiple Purpose Data Lakes Customer Example Demo Takeaways
More informationOracle Big Data Connectors
Oracle Big Data Connectors Oracle Big Data Connectors is a software suite that integrates processing in Apache Hadoop distributions with operations in Oracle Database. It enables the use of Hadoop to process
More informationWe re Gonna Need a Bigger Boat
SESSION ID: CSV-F01 We re Gonna Need a Bigger Boat Alan Ross Senior Principal Engineer Intel Corporation Grant Babb Research Scientist Intel Corporation IT Analytics: All about the changing Enterprise
More informationSOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE
RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE KEY CUSTOMER BENEFITS: Gain complete visibility across enterprise networks Continuously monitor all traffic Faster analysis reduces risk exposure
More informationThe Technology of the Business Data Lake. Appendix
The Technology of the Business Data Lake Appendix Pivotal data products Term Greenplum Database GemFire Pivotal HD Spring XD Pivotal Data Dispatch Pivotal Analytics Description A massively parallel platform
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationPopular SIEM vs aisiem
Popular SIEM vs aisiem You cannot flip a page in any Cybersecurity magazine, or scroll through security blogging sites without a mention of Next Gen SIEM. You can understand why traditional SIEM vendors
More informationEvolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa
Evolution of Cyber Security Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Nasser.Kettani@microsoft.com @nkettani MODERN SECURITY THREATS THERE ARE TWO KINDS OF BIG COMPANIES:
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM Why it is critical to move beyond logs BUSINESS-DRIVEN SECURITY SOLUTIONS THE EVOLUTION OF SIEM Why it is critical to move beyond logs Despite increasing investments in security,
More informationIntegrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement
Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement The Challenge: Smarter Attackers and Dissolving Perimeters Modern enterprises are simultaneously
More informationPROTECT AND AUDIT SENSITIVE DATA
PROTECT AND AUDIT SENSITIVE DATA Teleran Data and Compliance KEY FEATURES Monitors user, application, query and data usage activity Enforces data access policies in real-time Alerts staff in real-time
More informationSOLUTION BRIEF BIG DATA SECURITY
SOLUTION BRIEF BIG DATA SECURITY Get maximum value and insight from your Big Data initiatives while maintaining robust data security THE CHALLENGE More and more companies are finding that Big Data strategies
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationAND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING
PROTECTING BANKING AND FINANCIAL INSTITUTIONS FROM CYBER FRAUD Enabling the financial industry to become proactively secure and compliant Overview In order to keep up with the changing digital payment
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationsecuring your network perimeter with SIEM
The basics of auditing and securing your network perimeter with SIEM Introduction To thwart network attacks, you first need to be on top of critical security events occurring in your network. While monitoring
More informationIBM Next Generation Intrusion Prevention System
IBM Next Generation Intrusion Prevention System Fadly Yahaya SWAT Optimizing the World s Infrastructure Oct 2012 Moscow 2012 IBM Corporation Please note: IBM s statements regarding its plans, directions,
More information2014 年 3 月 13 日星期四. From Big Data to Big Value Infrastructure Needs and Huawei Best Practice
2014 年 3 月 13 日星期四 From Big Data to Big Value Infrastructure Needs and Huawei Best Practice Data-driven insight Making better, more informed decisions, faster Raw Data Capture Store Process Insight 1 Data
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationWhite Paper. View cyber and mission-critical data in one dashboard
View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Datasheet SIEM in a nutshell The variety of cyber-attacks is extraordinarily large. Phishing, DDoS attacks in combination with ransomware demanding bitcoins
More information