Security Data Lake Leveraging Big Data Platform to build stronger cyber defense Rujirapong Ritwong CEO, Co-founder Softnix Technology
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SecurityDataLake LeveragingBigDataPlatformtobuildstrongercyberdefense
RujirapongRitwongCEO,Co-founderSoftnix Technology
YouCan’tProtectWhatYouCan’tSee
ITSecurityneedto
Visibility
(source:www.fbi.gov)
Unauthorizedaccesstodatasystem
Dataleakage/loss
72%
(source:www.fbi.gov)
Waytoincreaseyourvisibility
Definition• SecurityDataLakeisDataLakeappearinginthesecurityfield.
• DataLakeisamethodofstoringdatawithinBigDatasystem
• SecurityDataLakecentrallocationwhereallsecuritydata
• SimilarLogManagement,SIEM
TraditionalSecurityManagement• SIEMaresecuritymonitor,logmanagementactedas
thedatastoreforsecuritydata.• Technologiesused15yearsago.• Relationaldatabasesarenotwellsuitedforlarge
amountsofdata.• ACID- Fastwritesorfastreads,butnotboth• Realtimecorrelation(rules)enginerunonsingle
machine.• Notbuildtoletotherproductsreuse.• Expensiveforexplaining
Howlongdoyoucurrentlystoreeventandlogdata forSIEM
http://go.cyphort.com/rs/181-NTN-682/images/Cyphort-Ponemon-SIEM-Report.pdf
RetentiondataforcomplianceISO27001 ,PCI-DSS,HIPAA,FISMA,Sarbanes-Oxley(SOX)
UnknownEventsDataCredit:Hortonworks
ComparingSecurityDataLaketoSIEMSecurityDataLakeisnotareplaceforSIEMSecurityDataLakeObjective;◦ datastorage◦ dataprocessing◦ PurposefunctionofaSIEMcovers
LimitationofSIEMs
ScalabilityOpenness
BigDataTechnology
AttemptingsolutionstotheTWOmainproblemsofSIEMs
Hadoopbasic
2.25xMorelikelyTodetectthreatsWithinminutes
Timetodetectandidentifyasecurityincident
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html
Reportuserdemandforcybersecurityanalyticsontherisethepast12months71%
Organizationsneedtoreport
Moreinformation:https://www.ponemon.org/local/upload/file/Big_Data_Analytics_in_Cyber_Defense_V12.pdf
82%BigDataPlatform+SecurityTechnologies=StrongerCyberDefense
It’sstilldifficulttodeployBigDatacybersecurityanalytics.
WhatisstoppingBigDataanalyticsadoption?
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html
Oforganizationssayit’simpossibletoleverageBigDataanalyticswithtraditionalsystem
72%
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html
ButSecurityDataLake(Hadoopbased)can.
29 % 72 % 43%
increasedatavolumesmorethan100%
increasedataprocessingmorethan76%
increasedataaccessforanalyticsmorethan100%
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html
TopUseCase
BIGDATAAnalytics
UseCase
VodafoneUK’snewSIEMsystemreliesonApacheFlumeandApacheKafkatoingestnearly1millioneventspersecond.
OpenSourceBigDataforCybersecurity
http://spot.incubator.apache.org
ApacheSpot
OpenSourceBigDataforCybersecurity
http://metron.apache.org
ApacheMetron
DatafeedforSecurityDataLake
SecurityTechnologiesData NonSecurityData
http://go.cyphort.com/rs/181-NTN-682/images/Cyphort-Ponemon-SIEM-Report.pdf
100%
Allorganizationuse Firewallbypass Can’tmonitor.It’sBigData.
100% 100%
DNStraffic
OptimizeyourSIEM
OptimizeyourSIEM
Splitconnectionsetup
SecurityDatalakehelpoptimizeSIEMCost-EffectivelyIncreaseEnterpriseVisibilityAnalyticsFlexibilitySIEMLock-inDeploymentFlexibility
Ourhistory
Logger LoggerCloudforMSP
DataPlatformAuthenticator
LoggerforAWS
LoggerforAzure
“BigDataPlatformCompany”
Collector
EdgePoint
All-in-one LawCompliance Security&ITServices
MonitoringbyZABBIX
BigDataAnalytics
TechnologyPartner
Softnix DataPlatformBigDataAnalyticPlatform
Any DeviceAnyPlatform
Dashboard&VisualizeIntegrationtoEnterpriseAnalyticSystem
Softnix DataPlatformBigDataAnalyticPlatform
SolutionofSoftnix DataPlatform
ArchitectureSoftnixDataPlatformSoftnixDataPlatformArchitecture
CapabilityüSupportmachinedatawithanytypeüDataextractiontoanalyticformatüSupportdataindexingandaggregationüFull-textsearchorspecificsearch
üVisualizedataforhumanunderstandüSchedulesendreporttoemail
OurProcess
CollectionofData
DataEnrichment
ConvertintoStructured
AnalysisofData
VirtualizationofData
DashboardSystem
Full-TextSearch&Specificsearch
EventDetection
DataExtraction
Visualizedata
SimpleDataVisualization
DataAggregation
UseCase:SecurityDashboard
UseCase:AuthenticationMonitor
UseCase:DNSDashboard
UseCase:CloudFirewallforMSP
Multipledashboardperproject
ContactUs
www.softnix.co.thfacebook.com/softnixtechtwitter.com/softnix
medium.com/@softnix
Related Documents
