Big Data Security Internal Threat Detection. The Critical Role of Machine Learning.

Similar documents
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Data Lakes & Leaks Erno Doorenspleet. IBM Security

Problem Code: #ISR13. College Code :

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Oracle Machine Learning Notebook

ForeScout Extended Module for Splunk

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

How to Prepare a Response to Cyber Attack for a Multinational Company.

Encrypted Traffic Security (ETS) White Paper

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

SIEMLESS THREAT MANAGEMENT

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Imperva Incapsula Website Security

Not your Father s SIEM

Intelligent and Secure Network

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

Artificial Intelligence Drives the next Generation of Internet Security

Importance of the Data Management process in setting up the GDPR within a company CREOBIS

Securing Office 365 with SecureCloud

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

2018 THALES DATA THREAT REPORT

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

the SWIFT Customer Security

Demystifying Machine Learning

PALANTIR CYBERMESH INTRODUCTION

Altitude Software. Data Protection Heading 2018

Logging and Log Management

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Product Questions: 62/3Case Study Version: 8.0

ECEN Security and Privacy for Big Data. Introduction Professor Yanmin Gong 08/22/2017

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

GDPR: The Day After. Pierre-Luc REFALO

Week 1 Unit 1: Introduction to Data Science

Popular SIEM vs aisiem

Big Data & Security Analytics. David J. White February 2016

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Out of the Fog: Use Case Scenarios. Industry. Smart Cities. Visual Security & Surveillance. Application

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

Securing Your Cloud Introduction Presentation

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Solving the Really Big Tech Problems with IoT Data Security and Privacy

Contents PART I: CLOUD, BIG DATA, AND COGNITIVE COMPUTING 1

Data Science & Machine Learning in Cybersecurity

Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

ALIENVAULT USM FOR AWS SOLUTION GUIDE

RSA Data Loss Prevention: Policy to Remediation

The Emerging Data Lake IT Strategy

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Cybersecurity Auditing in an Unsecure World

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

AT&T Endpoint Security

Empowering Business Adoption of the Cloud through Intelligent Security Solutions and Active Defense Platforms

RSA Fraud & Risk Intelligence Solutions

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Cloudline Autonomous Driving Solutions. Accelerating insights through a new generation of Data and Analytics October, 2018

Preserving Data Privacy in the IoT World

Microsoft Finland. Microsoft in Finland is a strong millennial, born ,000+ partners generating 8 $ revenue per each $ by MSFT

SAP HANA Spatial Location-based business platform

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Power of the Threat Detection Trinity

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Introduction Challenges with using ML Guidelines for using ML Conclusions

Leveraging Analytics for Data Protection Decisions

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

F-SECURE S UNIQUE CAPABILITIES IN DETECTION & RESPONSE

Creating a Recommender System. An Elasticsearch & Apache Spark approach

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

2017 THALES DATA THREAT REPORT

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data

Innovation policy for Industry 4.0

Machine Learning with Python

How to Write an MSSP RFP. White Paper

FOR FINANCIAL SERVICES ORGANIZATIONS

How to choose the right approach to analytics and reporting

empow s Security Platform The SIEM that Gives SIEM a Good Name

with Advanced Protection

Modern Database Architectures Demand Modern Data Security Measures

Office 365 Buyers Guide: Best Practices for Securing Office 365

Cyber-Threats and Countermeasures in Financial Sector

White Paper. How to Write an MSSP RFP

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Preventing Data Breaches without Constraining Business Beograd 2016

Introduction to K2View Fabric

Self-driving Datacenter: Analytics

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Comparison of SmartData Fabric with Cloudera and Hortonworks Revision 2.1

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

User and Entity Behavior Analytics

Cloud-Security: Show-Stopper or Enabling Technology?

Guide to Cyber Security Compliance with GDPR

Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer

Visualization and text mining of patent and non-patent data

Transcription:

Big Data Security Internal Threat Detection The Critical Role of Machine Learning

Objectives 1.Discuss internal user risk management challenges in Big Data Environment 2.Discuss why machine learning is critical in managing internal threats 3.Share machine learning use-cases in Big Data Environment 2

Interconnected World Technology landscape is changing at a faster pace Cloud Big Data Subscription Operating environment is also changing Vendor Partner Outsourcing Third Party Processing API driven Ability to Protect Data and harness the value of the data through Analytics will separate the Leaders from the Laggards in the interconnected World 3

Data Breaches in the News 2015 Data Breach Statistics 780 reported incidents 177 million records breached 4

Why Internal Threat Management is Important? 5

Emerging Trends in Data Security 1. Automated Autonomous 2.Contextual IP protection versus PHI, PII Information 3.Performance Complexity > Data, Events and Interactions Volume & velocity Real time 6

Motivation for Big Data Security Internal Threat Management 1. Hadoop, No-SQL, IoT systems are not designed keeping security in mind 2. Data security is often overlooked in big data eco-systems because of complexity 3. Seamless monitoring of regular data and big data ecosystem for security is cumbersome Key Security Questions: 1. Who is accessing the data? 2. What data are they accessing? 3. Is someone trying to access data that they don t have access to? 4. Are there any anomalous access patterns? 7

Threat Scenarios Data in Motion Internal User 60% Transactional Data External Actors 40% Data Lake Collusion X? 8

Data Protection by Design and by Default 9

Monitoring and Analysis Methods Effort/Cost Elastic Search Machine Learning Searching/ Visualization Machine Learning Actionable Manual Monitoring Monitoring Statistical/Rule Based Expert System 10

Why Machine Learning? Traditional Usage Monitoring File Rule Based High Volume High Processing time Delay / Batch mode External Threat Focus High Infrastructure cost 11

Use of Machine Learning Identify Outliers Understand Trend Understand Patterns Classify/Group Similar Transactions Understand Relations 12

Types of Machine Learning Comparison Temporal Count and Amount Reasonability Moving Average (Stewart's Control Chart) Spatial Outlier based on Standard Deviation Benford s Law Classification Clustering Decision Tree Neural Network Correlation Regression Network Analysis 13

Machine Learnings in Internal Threat Management Data Discovery Classification of Content (e.g. email Spam), PII data SVM, NN, Random Forest Data Minimization Encryption and minimization K-Anonymity, L-Diversity, t- Closeness Usage Monitoring Anomalous User Behavior NN, Eigen-vector decomposition, TDA 14

Content Classification : Use Cases Good Corporate Citizen Amy: Accidently shares sensitive information via email, but is unable to stop the data leak. Needs to share data - Joe: Routinely shares information with vendors and clients via email. The email contains sensitive information in attachments, but is unaware of its sensitivity or the consequences. Malicious user - Mark: Shares sensitive information with vendors and clients with a malicious intent. Routinely accesses sensitive information and disguises data for sharing. 15

Content Classification Image recognition using Machine Learning PII information related images Inappropriate content Document recognition using Machine Learning Patent Document Legal Document Spam Email 16

Content Classification Ref: https://goo.gl/images/cych3j 17

Content Classification Context based Intelligence 18

Content Minimization Use Cases Production Data Sources File Test Data Sources File File File Information Exchange 19

Content Minimization Privacy with loss of information Database testid dl 123-456-7899 UK-7897 123-456-7900 UK-7898 123-456-7901 UK-7899 Format and Context Preserving Encryption Database testid dl 791-456-3456 UK-7896 833-456-4567 UK-3345 999-451-7901 UK-3456 Privacy without loss of information Ref: Unharnessing collective intelligence: A business model for privacy on Mobile devices based on k- anonymity, 2008, Ajit 20

Usage Analytics Use Cases File Unsupervised Training Sliding Window Activity Data Supervised Training Alerts 21

User Anomaly Detection Eigen Value Decomposition Method Compute mean and variance Compute Eigen Vectors and determine Principal Components Normal data points lie near first few principal components Abnormal data points lie further from first few principal components and closer to later components Reference: Apache Eagle Reference Guide 22

Graph based Usage Anomaly Detection http://ailab.wsu.edu/adgs/plads.png 23

Operationalizing Machine Learning Autonomous Automated Script Ad-hoc 24

360 Degree view of Data, User and Usage 25

Summary 1.Protecting sensitive data from accidental or intentional leakage in Big Data Eco-System is challenging because of volume, velocity and complexity 2.Rule based or statistics based systems are costly to set-up and can not keep up with the fast changing data specially in big data environment 3.Appropriate construction of machine learning based threat management schemes can help organizations to identify sensitive data, encrypt data elements and monitor user behavior to detect intentional or unintentional errors. 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback