Big data security

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Secure your Enterprise with Big Data


Today’s agenda

Why mix big data and security?

Catching Hackers

Building the Anti-Fragile Enterprise


AntiFragile


Vision: The Anti-Fragile Enterprise

Andy Bell

Nassim Taleb


Innovation -> More Data -> New Challenges

New technology &

Business Models

Too much data

Too many security solutions

No integrated solution

The InternetClient/server

Mobile, social, big data & the cloud

CRM

SCM

HCM

MRM

Amazon Web Services

IBM

GoGrid

Joyent

Hosting.com

Tata Communications

DatapipeAlterian

Hyland

LimeLight NetDocuments

NetReach

OpenText

Google

HP

EMCQvidian

Sage

salesforce.com

Xactly

Zoho

Ariba

CCC

DCC

Cost Management

Order Entry

Product Configurator

Bills of MaterialEngineering

Inventory

Manufacturing Projects

Quality Control

Education

Lifestyle

Music

Reference

Sport

Travel

Every 60 seconds

400,710 ad requests

2000 lyrics playedon Tunewiki

1500 pingssent on PingMe

34,597 peopleusing Zinio

208,333 minutes ofAngry Birds played

23,148 apps downloaded

Unisys

Burroughs

Hitachi

NEC

Taleo

Workscape

Cornerstone onDemand

OpSource

PPM

PaperHost

Xerox

MicrosoftSLI Systems

IntraLinks

SugarCRM

Volusion

Adobe

Avid

Corel

Microsoft

Serif

Yahoo

CyberShift

Saba

Softscape

Sonar6

Yahoo!

Quadrem

Elemica

Kinaxis

SCM

ADP VirtualEdge

CyberShift

KenexaSaba

Softscape

Sonar6

Exact Online

FinancialForce.com

IntacctNetSuite

SAP

NetSuite

Plex Systems

Database

ERP HCM

PLM

Claim Processing

Bull

Fijitsu

Cash Management

Accounts Receivable

Fixed AssetsCosting

Billing

Time and Expense

Activity Management

Payroll

Training

Time & Attendance

Rostering

Sales tracking & Marketing

CommissionsService

Data Warehousing

98,000 tweets

Finance

box.net

Facebook

LinkedIn

Pinterest

Atlassian

SmugMug

AmazoniHandy

PingMe

Snapfish Urban

Scribd.

Pandora

AppFog

Bromium

Splunk

kaggle

Parse

ScaleXtreme

SolidFire

Quickbooks

Foursquare

buzzd

Dragon DictioneBay

SuperCam

UPS Mobile

Scanner Pro

Rackspace

Jive Software

Paint.NET

Business

Entertainment

Games

Navigation

News

Photo & Video

Productivity

Social Networking

Utilities

Workbrain

SuccessFactors

Workday

TripIt

Zynga

Zynga

Baidu

Twitter

TwitterYammer

Atlassian

MobilieIronSmugMug

Atlassian

Amazon

PingMe

Associatedcontent

Flickr

YouTube

Answers.com

Tumblr.

MobileFrame.com

Mixi

CYworld

Qzone

Renren

Xing

Yandex

Yandex

Heroku

RightScale

New Relic

CloudSigma

cloudability

nebula

Zillabyte

dotCloud

BeyondCore

Mozy

Viber

FringToggl

MailChimp

Hootsuite

Fed Ex Mobile

DocuSign

HP ePrint

iSchedule

Khan Academy

BrainPOP

myHomework

Cookie Doodle

Ah! Fasion Girl

Mainframe


DEVICES,DATA & INFRASTRUCTURE

CLOUDPublic, Private, Adoption

MOBILEData Everywhere

CONSUMERIZATIONMobility, Device & Social Media

COLLABORATIVEOPEN & EXTENDED

FORTRESSReactive Perimeter Security

Disruptive technology trends


Detecting Data Exfiltration

Acquire target, sneak in, hop around

(Perimeter doesn’t stop attacks)

Get privileged access to critical assets

(Impact takes time)

Collect data

(Early detection matters)

Exfiltrate data

(Final stage before data loss)

Detect Data Loss


Hackers Leave Bread Crumbs too!


Obstacles of a Successful Information Security Program

So Much Data (How do I store, process, collect?)What should I be looking at?How do I prioritize the events?How do I become situationally aware?What does all this data mean?


Data Collection

Integration

Analytics

Monitor & Respond

A methodical, iterative approach

See

Understand

Act

Move from data to security intelligence


From Millions of Events to the One that Matters

Who

Where

What

When

Correlation Engine

How

Correlation: Making sense of your Data


Correlation taken to Extremes

Collect C

onsolidate

Correlated EventsInteractive

Discovery

Enrich

Filters

Priority formula

Prioritize

Pattern Discovery

Raw Events

*

* ** **

RulesData

monitors


Detecting Hackers through Abnormal Behavior


Visibility & Situational Awareness

Privileged User

Role

Asset

Anomaly

IP AddressTransactions

Session

Location

History

Action


Collect Collect anything from anywhere

EnrichNormalize and categorize large volumes of machine data with metadata

Consolidate Unify Machine Data for compression for big data

Search Apply Rules and Indexes for Easy Prioritization

CorrelateReal-time, user-centric, and cross-device correlation of all events

Detect Act on suspicious activities

?

Transforming Big Data into Intelligence


Deploy Defenses

For Information Security

Anti-Fragile Plan

Detect Data LossIdentify Attack

Develop a response plan with your information security incident response team

Make contacts within your upsteam ISP, they may offer DDoSmitigation services

Know your network topology and the location of critical or exposed systems

Have firewall and IPS deployed between zones of different trust levels

Identifying the attack method will help in mounting the most appropriate defense

Identification of tool used may prove more valuable that identifying the source

Leverage multiple methods of detection throughout environment taking a defense in depth approach

Multiple methods of defense can offer a gauntlet to an attacker and increase the ability to stop their actions

Many defenses require infrastructure in place ahead of time

Defenses must be agile , able to change in response to shifts in attacker techniques

A defensive strategy must be part of your overall plan

Direct and indirect monitoring should be used.

Your environment is

constantly changing

because of business

drivers

Your environment is

constantly changing

because of new

vulnerabilities

The attack landscape is

constantly changing

Plan Ahead Re-evaluate


Keys to Security Intelligence

WHO(User Roles)

WHAT(Logs)

WHERE(Flows)

Better visibility

Superior threat

detection

Sophisticated correlation technologies and big data processing

Pattern recognition: anomaly detection to identify modern known and unknown threats

Adaptive: The more you collect, the smarter it gets


Strive to BecomeAntiFragile


Secure your Enterprisewith Big Data

simple, intelligent, efficient & manageable

[email protected]@kathlam

Technology

Big data security