© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Secure your Enterprise with Big Data
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Today’s agenda
Why mix big data and security?
Catching Hackers
Building the Anti-Fragile Enterprise
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
AntiFragile
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Vision: The Anti-Fragile Enterprise
Andy Bell
Nassim Taleb
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Innovation -> More Data -> New Challenges
New technology &
Business Models
Too much data
Too many security solutions
No integrated solution
The InternetClient/server
Mobile, social, big data & the cloud
CRM
SCM
HCM
MRM
Amazon Web Services
IBM
GoGrid
Joyent
Hosting.com
Tata Communications
DatapipeAlterian
Hyland
LimeLight NetDocuments
NetReach
OpenText
HP
EMCQvidian
Sage
salesforce.com
Xactly
Zoho
Ariba
CCC
DCC
Cost Management
Order Entry
Product Configurator
Bills of MaterialEngineering
Inventory
Manufacturing Projects
Quality Control
Education
Lifestyle
Music
Reference
Sport
Travel
Every 60 seconds
400,710 ad requests
2000 lyrics playedon Tunewiki
1500 pingssent on PingMe
34,597 peopleusing Zinio
208,333 minutes ofAngry Birds played
23,148 apps downloaded
Unisys
Burroughs
Hitachi
NEC
Taleo
Workscape
Cornerstone onDemand
OpSource
PPM
PaperHost
Xerox
MicrosoftSLI Systems
IntraLinks
SugarCRM
Volusion
Adobe
Avid
Corel
Microsoft
Serif
Yahoo
CyberShift
Saba
Softscape
Sonar6
Yahoo!
Quadrem
Elemica
Kinaxis
SCM
ADP VirtualEdge
CyberShift
KenexaSaba
Softscape
Sonar6
Exact Online
FinancialForce.com
IntacctNetSuite
SAP
NetSuite
Plex Systems
Database
ERP HCM
PLM
Claim Processing
Bull
Fijitsu
Cash Management
Accounts Receivable
Fixed AssetsCosting
Billing
Time and Expense
Activity Management
Payroll
Training
Time & Attendance
Rostering
Sales tracking & Marketing
CommissionsService
Data Warehousing
98,000 tweets
Finance
box.net
Atlassian
SmugMug
AmazoniHandy
PingMe
Snapfish Urban
Scribd.
Pandora
AppFog
Bromium
Splunk
kaggle
Parse
ScaleXtreme
SolidFire
Quickbooks
Foursquare
buzzd
Dragon DictioneBay
SuperCam
UPS Mobile
Scanner Pro
Rackspace
Jive Software
Paint.NET
Business
Entertainment
Games
Navigation
News
Photo & Video
Productivity
Social Networking
Utilities
Workbrain
SuccessFactors
Workday
TripIt
Zynga
Zynga
Baidu
TwitterYammer
Atlassian
MobilieIronSmugMug
Atlassian
Amazon
PingMe
Associatedcontent
Flickr
YouTube
Answers.com
Tumblr.
MobileFrame.com
Mixi
CYworld
Qzone
Renren
Yandex
Yandex
Heroku
RightScale
New Relic
CloudSigma
cloudability
nebula
Zillabyte
dotCloud
BeyondCore
Mozy
Viber
FringToggl
MailChimp
Hootsuite
Fed Ex Mobile
DocuSign
HP ePrint
iSchedule
Khan Academy
BrainPOP
myHomework
Cookie Doodle
Ah! Fasion Girl
Mainframe
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
DEVICES,DATA & INFRASTRUCTURE
CLOUDPublic, Private, Adoption
MOBILEData Everywhere
CONSUMERIZATIONMobility, Device & Social Media
COLLABORATIVEOPEN & EXTENDED
FORTRESSReactive Perimeter Security
Disruptive technology trends
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Detecting Data Exfiltration
Acquire target, sneak in, hop around
(Perimeter doesn’t stop attacks)
Get privileged access to critical assets
(Impact takes time)
Collect data
(Early detection matters)
Exfiltrate data
(Final stage before data loss)
Detect Data Loss
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Hackers Leave Bread Crumbs too!
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Obstacles of a Successful Information Security Program
So Much Data (How do I store, process, collect?)What should I be looking at?How do I prioritize the events?How do I become situationally aware?What does all this data mean?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Data Collection
Integration
Analytics
Monitor & Respond
A methodical, iterative approach
See
Understand
Act
Move from data to security intelligence
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
From Millions of Events to the One that Matters
Who
Where
What
When
Correlation Engine
How
Correlation: Making sense of your Data
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Correlation taken to Extremes
Collect C
onsolidate
Correlated EventsInteractive
Discovery
Enrich
Filters
Priority formula
Prioritize
Pattern Discovery
Raw Events
*
* ** **
RulesData
monitors
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Detecting Hackers through Abnormal Behavior
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Visibility & Situational Awareness
Privileged User
Role
Asset
Anomaly
IP AddressTransactions
Session
Location
History
Action
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Collect Collect anything from anywhere
EnrichNormalize and categorize large volumes of machine data with metadata
Consolidate Unify Machine Data for compression for big data
Search Apply Rules and Indexes for Easy Prioritization
CorrelateReal-time, user-centric, and cross-device correlation of all events
Detect Act on suspicious activities
?
Transforming Big Data into Intelligence
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Deploy Defenses
For Information Security
Anti-Fragile Plan
Detect Data LossIdentify Attack
Develop a response plan with your information security incident response team
Make contacts within your upsteam ISP, they may offer DDoSmitigation services
Know your network topology and the location of critical or exposed systems
Have firewall and IPS deployed between zones of different trust levels
Identifying the attack method will help in mounting the most appropriate defense
Identification of tool used may prove more valuable that identifying the source
Leverage multiple methods of detection throughout environment taking a defense in depth approach
Multiple methods of defense can offer a gauntlet to an attacker and increase the ability to stop their actions
Many defenses require infrastructure in place ahead of time
Defenses must be agile , able to change in response to shifts in attacker techniques
A defensive strategy must be part of your overall plan
Direct and indirect monitoring should be used.
Your environment is
constantly changing
because of business
drivers
Your environment is
constantly changing
because of new
vulnerabilities
The attack landscape is
constantly changing
Plan Ahead Re-evaluate
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Keys to Security Intelligence
WHO(User Roles)
WHAT(Logs)
WHERE(Flows)
Better visibility
Superior threat
detection
Sophisticated correlation technologies and big data processing
Pattern recognition: anomaly detection to identify modern known and unknown threats
Adaptive: The more you collect, the smarter it gets
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Strive to BecomeAntiFragile
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Secure your Enterprisewith Big Data
simple, intelligent, efficient & manageable
[email protected]@kathlam