Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Sinfonier Storm Builder for Security Intelligence
Fran Gomez @ffranzLeonardo Amor @LeoAmorV
Storm Builder for Security Intelligence
Connecting information, delivering intelligence“ ”
Telefonica Group
4
21Countries
>340m Customers
120.000 Employees
50.377mIncome
Our Employees
5
• Mostly:• Telco engineers• Computer Science• Engineers• ….• Science or Scientist people
But there also space to:
6
• Lawyers• Business
administration• Economist• Psychologist • Philologist
Diversity
7
Diversity
8
Ideas explosion
9
10
üUnfortunately yet not everyone knows to codeüFortunately everyday schools are getting it should be one more basic class
But… Why we need to code?
11
June 2015 Cover• Hot topic• +- 2020 Digital natives workforce
How we are introducing code in our kids?
The need of visual coding
12
Big Data
13
Data Visulization
14
15
Real Time Processing
16
“Apache Storm is a free and open source distributed real time computation system.Storm makes it easy to reliably process unbounded streams of data, doing for realtime processing what Hadoop did for batch processing. Storm is simple, can beused with any programming language, and is a lot of fun to use! “
http://storm.apache.org/
Where used
17
18
• Extremely broad set of use cases• Scalable• Guarantees no data loss• Extremely robust• Fault-tolerant• Programming language agnostic
19
Sinfonier
20
Le chiffonnier est un meuble àtiroirs apparu sous la Régence. Ilest destiné à ranger le linge. Ilest le plus souvent plus haut quelarge et possède généralementun marbre en guise de dessus.
21
Sinfonier is a change in the focus in respectto current solutions in the area of processinginformation in real-time. We combine aneasy-to-use interface, modular andadaptable, and we integrate it with anadvanced technological solution to allow youto do the necessary tune up suitable for yourneeds in matters of information security.
Sinfonier is borne out of the cooperation andknowledge, where any work can be re-usedand the efforts are done in improving theprocessing and collection of the newinformation which is generated.
Our Open project to stream processing
22
=
Drag & DropInterface
AutomaticDeploy API
StormCluster
Visual Progamming
23
Modules
24
Topologies
25
DRAIN
BOLT
SPOUT
BOLT
DRAINDRAIN
SPOUT
Topology life cycle
26
Topology life cycle
27
Canvas
User Tools Context Info
Topology life cycle
28
Advantages
29
Collaborative scheme
Enable automation through actionable intelligence thanks
to a flexible integration framework
Facilitate generation,
enrichment and dissemination of
cybersecurity data
Leverage on structured
cyber security data output
normalization
Some Modules
30
Some Modules
31
Adding Knowledge: Modules
32
• Name: Your module name. Must be UpperCamelCase
• Icon: Add an image.• Entity: In order to catalog.• Type: Choose your type of module. Spout,
Bolt and Drain. Won’t be change.• Language: Java or Python• Code: Url point to Gist.github.com• Description: Describe what you module do.• Fields: Declare your parameters.
Adding Knowledge: Modules
33
GIST LOGO
Sharing information – The need of standards
34
Sharing information – The need of standards
35
• TAXII™, the Trusted Automated eXchangeof Indicator Information;
• STIX™, the Structured Threat InformationeXpression; and
• CybOX™, the Cyber Observable eXpression.
https://www.us-cert.gov/Information-Sharing-Specifications-Cybersecurity
Information Sharing Specifications forCybersecurity
But really what we see lately?
ACNS
Mostly:Not standards at all…
Automated Copyright Notice System (ACNS) 2.0
20% Rejected due to missing information
ARFAbuse Reporting Format (RFC5965)
37
Time to Play
Mobile Threats
38
Mobile Threats
39
Mobile Threats
40
Mobile Threats
41
42
PRODUCTION
MSS
43
Security Service Portals
InformationTelefonica´s Proprietary Technology
Technology Global Local
BIG DATASecurity Analytics Sinfonier
Threats Antifraud VulnerabilitiesTicketing
InformationSecurity Alerts
Security Web Portals OB Ticketing Tool
SIEM
Availability Information
Health Supervision
Alert s
Supervision Tool
Saqqara CA/SC
Saqqara RA
Saqqara Broker
Saqqara DashboardReal Time Dashboard with:• Executive views with critical active incidents
and ticketing information• Full overview of SLA performance and security
indicators continuously available on the web portal
• Configurable dashboards according to user needs• Document Management System
GRC• Legal and regulatory compliance
management• Risk management• Business process modeling• Business continuity management• Configurable dashboards with
management metrics and indicators
…
Global Local Local Local
Local
Local
Global
Global
Cybersecurity Services Managed Security Services
Tool
s, P
roce
sses
and
Pe
ople
Real
Tim
e Pr
oces
sing
Diff
eren
tPr
esen
tati
onsThreat Detection
Antifraud
Vulnerability Management
Global
MSS
44
kafka
saqq-avail
saqq-health-alarm
saqq-ticket
saqq-security-
alarm
Select Data Source
1
saqq-ticket
Ticket_idAlarm_id
saqq-security-alarm
Alarm_id
Detectiondate
Notificationdate
BIG DATACASSANDRA
NotificationTime =
Notification date -Detection date
Process data
2 ProduceResults
3
Saqqara Dashboard
MATCH Alarm_id
In real time
Cyber Security
45
PersistenceAnalytics
Queue
Real TimeProcessing
Ingestion
InternalInformation
DataExploitationVisualization
FiWare
46
47
Join us
Sinfonier-project Community
48
Join us: sinfonier-project.net
@e_Sinfonier@ffranz @LeoAmorV
“ ”All knowledge is connected to all other knowledge.
The fun is in making the connections
Arthur Aufderheide
Related Documents
