1 BIG DATA AND SECURITY JOINING FORCES
2 Agenda Security for Big Data Big Data for Security Conclusions
Structured + Unstructured Data = Big Telemetry, Location-Based, etc. Structured in Relational Databases Managed, Unmanaged & Unstructured Internet of Things Non-Enterprise
IN 2000 THE WORLD GENERATED TWO EXABYTES OF NEW INFORMATION EVERY DAY Sources: How Much Information? Peter Lyman and Hal Varian, UC Berkeley,. 2011 IDC Digital Universe Study.
FBI THE LEADING EDGE OF BIG DATA: THEN AND NOW Copyright 2013 EMC Corporation. All rights reserved.
THE LEADING EDGE OF BIG DATA: THEN AND NOW Copyright 2013 EMC Corporation. All rights reserved. Wikipedia
7 VLC DDoS Analysis 30 Gbps 200 Downloads/sec 400 Requests/sec http://www.geek.com/apps/this-is-what-a-ddos-attack-looks-like-1552975/
8 Global Flight Analysis 60,000 Aircraft Routes Sensors On Each Gas Turbine Engine = 1Tb/day http://www.spatialanalysis.ca/2011/global-connectivity-mapping-out-flight-routes/ http://www.computerweekly.com/news/2240176248/ge-uses-big-data-to-power-machine-services-business
Big Data Analytics: Not a New Idea Used Already in Many Industries Risk Assessment Price Optimization Monte Carlo Regression Product Recommendation Finance Retail Online Casino Travel Insurance
10 Expanding Use Cases and New Norms
11 IS WHERE SECURITY MEETS BIG DATA
12 Security Must Keep Up With IT Evolution Cloud Virtual Big Data Mobile
13 New Wave of Big Data Technologies Hadoop Vertica MapReduce Esper kdb Greenplum Hive SciPy Mahout MATLAB Revolution R AMPL Machine Learning Behavior Analysis Sentiment Analysis Predictive Models Network Analysis Business ETL ECL Netezza Teradata SPSS SAS Visualization Simulation Objectives Data Analytics Insights
14 Your Big Data Architecture? Nodes Distributed Data Shared Access Controls Open Networks Open Clients Unauthenticated Web Services Open
15 Your Organization s Security Professional?
16 Protection Requires A New Approach
17 Central Control, Distributed Management Admin Console Access Manager Agent Access Manager Server Access Manager Agent User Service n Access Manager Agent
18 Central Control, Distributed Enforcement PAP/PDP/PEP (XACML standard) Policy Admin Policy Enforcement Policy Decision Policy Enforcement User Node n Policy Enforcement
19 Agenda Security for Big Data Big Data for Security Conclusions
Evolution of Threats Copyright 2013 EMC Corporation. All rights reserved. 20 Unsophisticated Sophisticated Financial Amateur Organized Social Regional Global Fundamental Opposed Destabilizing
Can You Respond Fast Enough? 85% 60% breaches take weeks or more to discover risk reduced when breach response under 2 hours Source: Verizon 2012 Data Breach Investigations Report, NYT Copyright 2013 EMC Corporation. All rights reserved.
Threats Require A New Approach Copyright 2013 EMC Corporation. All rights reserved. Proprietary and Conf idential To Silv er Tail Sy stems
Improved Response Time Required Copyright 2013 EMC Corporation. All rights reserved. 23 1 STEALTHY LOW AND SLOW 2 TARGETED SPECIFIC OBJECTIVE 3 INTERACTIVE HUMAN INVOLVEMENT Attack Pivot and Hide Cover Intrusion Dwell Time Response Time Prevention Identification Response A Reduce Dwell B Speed Response
24 Fighting Advanced Threats With Big Data Analysis Visibility Speed Intelligence Find target height (H), width (W), position (P), from level (L), at time (T) with changed P to P, P, P over T1, T2, T3
Data Scope Copyright 2013 EMC Corporation. All rights reserved. 25 Security Product Evolution Response Speed After Near Real Single Well- Defined Events Platform Normalized SIEM IDS Closely Related Events Raw Security Analytics Isolated Events Correlated
26 Security Analytics Platform Big Data Analytics Governance Data Apps Systems Network Alert & Report Investigate & Analyze SECURITY ANALYTICS + Store Visualize Respond Compliance ARCHER GRC Incident Management Remediation Public & Private Threat Intelligence
27 A Fresh Look At Perimeters Virtual Data Centers, Cloud Compute and BYOD Traditional Data Center Modern Data Center Dedicated, Vertical Gaps and Stacks Dynamic Pools Of Compute & Storage
28 A Fresh Look At Perimeters Focus Now on People, Data Flow and Transactions Traditional People Data Center Data Flow Transactions Dedicated, Vertical Gaps and Stacks Challenges ID and Authenticity Modern Data Center Complex Relationships New and Different Layers Opportunities with Data Velocity Variety Volume Vulnerability Big Dynamic Pools Of Compute & Storage
29 A Fresh Look At Perimeters Focus Now on People, Data Flow and Transactions People Analysis Engine Data Flow Transactions Device Profile User Behavior Profile Fraud Network
30 Adaptive & Risk-Based Authentication User Action Analysis Engine High Risk Step Up Authentication Two-Factor Out Of Band Challenge Q s Proceed As Normal Device Profile User Behavior Profile Fraud Network
31 Adaptive & Risk-Based Authentication User Action Analysis Engine Private Cloud AUTHENTICATION MANAGER + SECURID Read Email Username & Password Download Sales Pipeline Additional Authentication Two-Factor Device Profile User Behavior Profile Fraud Network Public Cloud Access Bank Account Username & Password Out Of Band IDENTITY PROTECTION & VERIFICATION + SILVERTAIL Transfer Funds Challenge Q Additional Authentication
32 Agenda Security for Big Data Big Data for Security Conclusions
33
34 Three Steps to Big Data Security 1. Data Analysis to Monitor ID and Relationships 2. Adaptive Perimeters to Protect Data 3. Increased Response Speed