SlideShare a Scribd company logo

Big Data Analytics to Enhance Security

Data Science Thailand, profile picture
Data Science Thailand

The document discusses the role of big data analytics in enhancing security by examining large data sets to identify vulnerabilities and improve intrusion detection systems. It addresses the limitations of traditional security measures and highlights trends in security from 2015 to 2016, including advanced persistent threats. Additionally, it provides insights on utilizing open-source tools for integrated security analytics and strategies for applying big data analytics in security practices.

Data & Analytics
1 of 34
Downloaded 144 times
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics to Enhance Security Anapat Pipatkitibodee Technical Manager anapat.p@Stelligence.com
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Agenda ā€¢ Big Data Analytics ā€¢ Security Trends ā€¢ Example Security Attacks ā€¢ Integrated Security Analytics with Open Source ā€¢ How to Apply ?
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Everyone is Claiming Big Data
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Traditional vs Big Data
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Drivers of Big Data ā€¢ About 80% of the worldā€™s data are semi-structured or unstructured.
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Open Source Tools in Big Data ā€¢ Hadoop ecosystem ā€¢ NoSQL database
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Apache Hadoop Stack Reference: Hadoop Essentials by Swizec Teller
Copyright Stelligence Co.,Ltd. 2016 All rights reserved https://whatsthebigdata.com/2016/02/08/big-data-landscape-2016/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics ā€¢ The process of examining large data sets containing a variety of data types i.e., big data. ā€¢ Big Data analytics enables organizations to analyze a mix of structured, semi-structured, and unstructured data in search of valuable information and insights.
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trends
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Data Analytics for Intrusion Detection ā€¢ 1st generation: Intrusion detection systems ā€¢ 2nd generation: Security information and event management (SIEM)
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Limitation of Traditional SIEMs Storing and retaining a large quantity of data was not economically feasible. Normalization & datastore schema reduces data Traditional tools did not leverage Big Data technologies. Closed platform with limited customization & integration options
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trend from Y2015 to Y2016 Fireeye M-Trends Report 2016
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trend from Y2015 to Y2016 ā€¢ Threats are hard to investigate Fireeye M-Trends Report 2016
Copyright Stelligence Co.,Ltd. 2016 All rights reserved All Data is Security Relevant = Big Data Servers Storage DesktopsEmail Web Transaction Records Network Flows DHCP/ DNS Hypervisor Custom Apps Physical Access Badges Threat Intelligence Mobile CMDB Intrusion Detection Firewall Data Loss Prevention Anti- Malware Vulnerability Scans Traditional Authentication
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Data Analytics for Intrusion Detection ā€¢ 1st generation: Intrusion detection systems ā€¢ 2nd generation: Security information and event management (SIEM) ā€¢ 3rd generation: Big Data analytics in security (Next generation SIEM)
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Example Security Attacks
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Advanced Persistent Threats ā€¢ Advanced ā€“ The attack can cope with traditional security solutions ā€“ In many cases is based on Zero-day vulnerabilities ā€¢ Persistent ā€“ Attack has a specific goal ā€“ Remain on the system as long as the attack goal is not met. ā€¢ Threat ā€“ Collect and steal information-Confidentiality. ā€“ Make the victim's system unavailable-Availability. ā€“ Modify the victim's system data-Integrity.
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Example of Advanced Threat Activities HTTP (web) session to command & control server Remote control, Steal data, Persist in company, Rent as botnet WEB Conduct Business Create additional environment Gain Access to systemTransaction .pdf .pdf executes & unpacks malware overwriting and running ā€œallowedā€ programs Svchost.exeCalc.exe Attacker hacks website Steals .pdf files Web Portal.pdf Attacker creates malware, embed in .pdf, Emails to the target MAIL Read email, open attachment Threat intelligence Auth - User Roles Host Activity/Security Network Activity/Security
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Link Events Together Threat intelligence Auth - User Roles, Corp Context Host Activity/Security Network Activity/Security WEB Conduct Business Create additional environment Gain Access to systemTransaction MAIL .pdf Svchost.exeCalc.exe Events that contain link to file Proxy log C2 communication to blacklist How was process started? What created the program/process? Process making C2 traffic Web Portal.pdf
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Correlated Security Log Aug 08 06:09:13 acmesep01.acmetech.com Aug 09 06:17:24 SymantecServer acmesep01: Virus found,Computer name: ACME-002,Source: Real Time Scan,Risk name: Hackertool.rootkit,Occurrences: 1,C:/Documents and Settings/smithe/Local Settings/Temp/evil.tmp,"""",Actual action: Quarantined,Requested action: Cleaned, time: 2009-01-23 03:19:12,Inserted: 2009-01-23 03:20:12,End: 2009-01-23 03:19:12,Domain: Default,Group: My CompanyACME Remote,Server: acmesep01,User: smithe,Source computer: ,Source IP: 10.11.36.20 Aug 08 08:26:54 snort.acmetech.com {TCP} 10.11.36.20:5072 -> 10.11.36.26:443 itsec snort[18774]: [1:100000:3] [Classification: Potential Corporate Privacy Violation] Credit Card Number Detected in Clear Text [Priority: 2]: 20130806041221.000000Caption=ACME-2975EBAdministrator Description=Built-in account for administering the computer/domainDomain=ACME-2975EB InstallDate=NULLLocalAccount = IP: 10.11.36.20 TrueName=Administrator SID =S-1-5-21-1715567821-926492609-725345543 500SIDType=1 Status=Degradedwmi_ type=UserAccounts Sources All three occurring within a 24-hour period Source IP Data Loss Default Admin Account Malware Found Time Range Intrusion Detection Endpoint Security Windows Authentication Source IP Source IP
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Incident Analysis & Investigation Search historically - back in time Watch for new evidence Related evidence from other security devices
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Integrated Security Analytics with Open Source
Copyright Stelligence Co.,Ltd. 2016 All rights reserved SQRRL Solution https://sqrrl.com/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Anomaly detection in Visualizing https://sqrrl.com/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Prelert Behavioral Analytics for the Elastic Stack http://info.prelert.com/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Prelert Behavioral Analytics for the Elastic Stack http://info.prelert.com/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved How to Apply ?
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Determining Data That Can Be Collected Threat intelligence Auth - User Roles Service Host Network Network Security Through Data Analysisby Michael S CollinsPublished by O'Reilly Media, Inc., 2014 ā€¢ Third-party Threat Intel ā€¢ Open source blacklist ā€¢ Internal threat intelligence ā€¢ Firewall ā€¢ IDS / IPS ā€¢ Web Proxy ā€¢ Vulnerability scanners ā€¢ VPNs ā€¢ Netflow ā€¢ TCP Collector ā€¢ OS logs ā€¢ Patching ā€¢ File Integrity ā€¢ Endpoint (AV/IPS/FW) ā€¢ Malware detection ā€¢ Logins, Logouts log ā€¢ Active Directory ā€¢ LDAP ā€¢ AAA, SSO ā€¢ Application logs ā€¢ Audit log ā€¢ Service / Process
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Option 1 : Replace All Solution ā€¢ Data sent to new Big Data Analytic Platform ā€¢ Big Data Analytic Platform ā€“ Static Visualizations / Reports ā€“ Threat detection, alerts, workflow, compliance ā€“ Incident investigations/forensics ā€“ Non-security use cases Big Data Analytic Platform Raw data Alerts Static Visualizations Forensics / Search Interface
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Option 2 : Big Data to Traditional SIEM ā€¢ Data sent to both system ā€¢ Big Data Analytic Platform ā€“ Incident investigations/forensics ā€“ Non-security use cases ā€¢ Traditional SIEM ā€“ Static Visualizations / Reports ā€“ Threat detection, alerts, workflow, compliance Big Data Analytic Platform Raw data Forensics / Search Interface SIEM Alerts Static Visualizations Connectors
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Factors for evaluating Big Data Security Analytics Platforms Factors for Evaluating Open Source ā€¢ Scalable data ingestion HDFS ā€¢ Unified data management platform Cassandra / Accumulo ā€¢ Support for multiple data types Ready to Customized ā€¢ Real time Spark / Strom ā€¢ Security analytic tools No ā€¢ Compliance reporting No ā€¢ Easy to deploy and manage Manage many 3rd Party ā€¢ Flexible search, report and create new correlation rule No
Copyright Stelligence Co.,Ltd. 2016 All rights reserved

More Related Content

PPTX
Cyber Threat Intelligence
Prachi Mishra
Ā 
PDF
Threat hunting 101 by Sandeep Singh
OWASP Delhi
Ā 
PDF
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
Ā 
PDF
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
Ā 
PPTX
Big Data Analytics for Cyber Security: A Quick Overview
Femi Ashaye
Ā 
PDF
Cyber threat intelligence ppt
Kumar Gaurav
Ā 
PPTX
Cyber security: A roadmap to secure solutions
Schneider Electric
Ā 
PDF
Threat Hunting
Splunk
Ā 
Cyber Threat Intelligence
Prachi Mishra
Ā 
Threat hunting 101 by Sandeep Singh
OWASP Delhi
Ā 
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
Ā 
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
Ā 
Big Data Analytics for Cyber Security: A Quick Overview
Femi Ashaye
Ā 
Cyber threat intelligence ppt
Kumar Gaurav
Ā 
Cyber security: A roadmap to secure solutions
Schneider Electric
Ā 
Threat Hunting
Splunk
Ā 

What's hot (20)

PDF
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
Ā 
PDF
Threat Intelligence Workshop
Priyanka Aash
Ā 
PDF
Data Engineering Basics
Catherine Kimani
Ā 
PDF
Cyber Threat Intelligence
mohamed nasri
Ā 
PPT
Artificial Intelligence: Data Mining
The Integral Worm
Ā 
PDF
Cybersecurity Skills in Industry 4.0
Eryk Budi Pratama
Ā 
PPT
Data Classification Presentation
Derroylo
Ā 
PDF
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
Ā 
PDF
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
Ā 
PDF
Cyber Threat Intelligence
ZaiffiEhsan
Ā 
PDF
Red Team Framework
šŸ‘€ Joe Gray
Ā 
PPTX
Introduction to Data Analytics
Utkarsh Sharma
Ā 
PDF
Threat Modeling Using STRIDE
Girindro Pringgo Digdo
Ā 
PPTX
Security Operation Center - Design & Build
Sameer Paradia
Ā 
PPTX
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
Ā 
PPT
Data Protection Presentation
IBM Business Insight
Ā 
PDF
Security operations center-SOC Presentation-Ł…Ų±Ś©Ų² Ų¹Ł…Ł„ŪŒŲ§ŲŖ Ų§Ł…Ł†ŪŒŲŖ
ReZa AdineH
Ā 
PPTX
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
Ā 
PDF
Future of Data Engineering
C4Media
Ā 
PPTX
Introduction to Data Engineering
Vivek Aanand Ganesan
Ā 
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
Ā 
Threat Intelligence Workshop
Priyanka Aash
Ā 
Data Engineering Basics
Catherine Kimani
Ā 
Cyber Threat Intelligence
mohamed nasri
Ā 
Artificial Intelligence: Data Mining
The Integral Worm
Ā 
Cybersecurity Skills in Industry 4.0
Eryk Budi Pratama
Ā 
Data Classification Presentation
Derroylo
Ā 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
Ā 
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
Ā 
Cyber Threat Intelligence
ZaiffiEhsan
Ā 
Red Team Framework
šŸ‘€ Joe Gray
Ā 
Introduction to Data Analytics
Utkarsh Sharma
Ā 
Threat Modeling Using STRIDE
Girindro Pringgo Digdo
Ā 
Security Operation Center - Design & Build
Sameer Paradia
Ā 
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
Ā 
Data Protection Presentation
IBM Business Insight
Ā 
Security operations center-SOC Presentation-Ł…Ų±Ś©Ų² Ų¹Ł…Ł„ŪŒŲ§ŲŖ Ų§Ł…Ł†ŪŒŲŖ
ReZa AdineH
Ā 
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
Ā 
Future of Data Engineering
C4Media
Ā 
Introduction to Data Engineering
Vivek Aanand Ganesan
Ā 
Ad

Viewers also liked (20)

PDF
Bde presentatie bakker_bart_20170920
BigDataExpo
Ā 
PDF
Accenture Big Data Expo
BigDataExpo
Ā 
PPTX
Zoomable Menu Mockup
None None
Ā 
PPTX
Eneco Ronald Root
BigDataExpo
Ā 
PPTX
De Bijenkorf Niels Reijmer
BigDataExpo
Ā 
PPTX
Technology and AI sharing - From 2016 to Y2017 and Beyond
James Huang
Ā 
PDF
Building Blocks Big Data Expo
BigDataExpo
Ā 
PDF
Incident response on a shoestring budget
Derek Banks
Ā 
PPTX
Notilyze SAS
BigDataExpo
Ā 
PDF
What should I do when my website got hack?
Sumedt Jitpukdebodin
Ā 
PPTX
Crossyn
BigDataExpo
Ā 
PDF
If-If-If-If
Somkiat Puisungnoen
Ā 
PPTX
De groote de man Ingrid de Poorter
BigDataExpo
Ā 
PPTX
Bde presentation dv
BigDataExpo
Ā 
PPTX
Presentatie big data expo swarovski
BigDataExpo
Ā 
PPTX
Dell hans timmerman v1.1
BigDataExpo
Ā 
KEY
Java start01 in 2hours
Kenu, GwangNam Heo
Ā 
PPT
Polar Bears Mario
Patricia Muller
Ā 
PPTX
ProRail Laurens Koppenol & Paul van der Voort
BigDataExpo
Ā 
PDF
Google Big Data Expo
BigDataExpo
Ā 
Bde presentatie bakker_bart_20170920
BigDataExpo
Ā 
Accenture Big Data Expo
BigDataExpo
Ā 
Zoomable Menu Mockup
None None
Ā 
Eneco Ronald Root
BigDataExpo
Ā 
De Bijenkorf Niels Reijmer
BigDataExpo
Ā 
Technology and AI sharing - From 2016 to Y2017 and Beyond
James Huang
Ā 
Building Blocks Big Data Expo
BigDataExpo
Ā 
Incident response on a shoestring budget
Derek Banks
Ā 
Notilyze SAS
BigDataExpo
Ā 
What should I do when my website got hack?
Sumedt Jitpukdebodin
Ā 
Crossyn
BigDataExpo
Ā 
If-If-If-If
Somkiat Puisungnoen
Ā 
De groote de man Ingrid de Poorter
BigDataExpo
Ā 
Bde presentation dv
BigDataExpo
Ā 
Presentatie big data expo swarovski
BigDataExpo
Ā 
Dell hans timmerman v1.1
BigDataExpo
Ā 
Java start01 in 2hours
Kenu, GwangNam Heo
Ā 
Polar Bears Mario
Patricia Muller
Ā 
ProRail Laurens Koppenol & Paul van der Voort
BigDataExpo
Ā 
Google Big Data Expo
BigDataExpo
Ā 
Ad

Similar to Big Data Analytics to Enhance Security (20)

PDF
Big Data Analytics to Enhance Security ąø„ąøøąø“ąø­ąø™ąøžąø±ąø—ąø¢ą¹Œ ąøžąø“ąøžąø±ąø’ąø™ą¹Œąøąø“ąø•ąø“ąøšąø”ąøµ Technical Ma...
BAINIDA
Ā 
PDF
Spo2 t17
SelectedPresentations
Ā 
PPTX
Splunk for Security Breakout Session
Splunk
Ā 
PPTX
SplunkLive! - Splunk for Security
Splunk
Ā 
PPTX
Advanced threat protection and big data
Peter Wood
Ā 
PPTX
Using Big Data to Counteract Advanced Threats
Zivaro Inc
Ā 
PDF
Big Data Dectives
- Mark - Fullbright
Ā 
PPTX
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Cloudera, Inc.
Ā 
PPTX
Operational Security Intelligence
Splunk
Ā 
PPTX
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
Ā 
PDF
SplunkLive! Stockholm 2015 breakout - Analytics based security
Splunk
Ā 
PDF
El contexto de la integraciĆ³n masiva de datos
Software Guru
Ā 
PPTX
Best Practices for Scoping Infections and Disrupting Breaches
Splunk
Ā 
PDF
Data Analytics for Security Intelligence
Data Driven Innovation
Ā 
PPTX
SplunkLive! Splunk for Security
Splunk
Ā 
PPTX
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk
Ā 
PDF
SplunkLive! Amsterdam 2015 - Analytics based security breakout
Splunk
Ā 
PDF
Kind of big data in info sec
Ben Finke
Ā 
PPTX
[Webinar] Supercharging Security with Behavioral Analytics
Interset
Ā 
PPTX
Splunk for Security-Hands On
Splunk
Ā 
Big Data Analytics to Enhance Security ąø„ąøøąø“ąø­ąø™ąøžąø±ąø—ąø¢ą¹Œ ąøžąø“ąøžąø±ąø’ąø™ą¹Œąøąø“ąø•ąø“ąøšąø”ąøµ Technical Ma...
BAINIDA
Ā 
Spo2 t17
SelectedPresentations
Ā 
Splunk for Security Breakout Session
Splunk
Ā 
SplunkLive! - Splunk for Security
Splunk
Ā 
Advanced threat protection and big data
Peter Wood
Ā 
Using Big Data to Counteract Advanced Threats
Zivaro Inc
Ā 
Big Data Dectives
- Mark - Fullbright
Ā 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Cloudera, Inc.
Ā 
Operational Security Intelligence
Splunk
Ā 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
Ā 
SplunkLive! Stockholm 2015 breakout - Analytics based security
Splunk
Ā 
El contexto de la integraciĆ³n masiva de datos
Software Guru
Ā 
Best Practices for Scoping Infections and Disrupting Breaches
Splunk
Ā 
Data Analytics for Security Intelligence
Data Driven Innovation
Ā 
SplunkLive! Splunk for Security
Splunk
Ā 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk
Ā 
SplunkLive! Amsterdam 2015 - Analytics based security breakout
Splunk
Ā 
Kind of big data in info sec
Ben Finke
Ā 
[Webinar] Supercharging Security with Behavioral Analytics
Interset
Ā 
Splunk for Security-Hands On
Splunk
Ā 

More from Data Science Thailand (20)

PDF
Data Science Thailand Meetup#11
Data Science Thailand
Ā 
PPTX
Define Your Data (Science) Career
Data Science Thailand
Ā 
PDF
Drawing Your career in business analytics and data science
Data Science Thailand
Ā 
PPTX
Data Science fuels Creativity
Data Science Thailand
Ā 
PDF
Microsoft R Server for Data Sciencea
Data Science Thailand
Ā 
PDF
Electronic Medical Records - Paperless to Big Data Initiative
Data Science Thailand
Ā 
PDF
Text Mining and Thai NLP
Data Science Thailand
Ā 
PDF
Machine learning in image processing
Data Science Thailand
Ā 
PDF
CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...
Data Science Thailand
Ā 
PDF
Bioinformatics in a Nutshell
Data Science Thailand
Ā 
PDF
Data Science Application in Business Portfolio & Risk Management
Data Science Thailand
Ā 
PDF
Myths of Data Science
Data Science Thailand
Ā 
PDF
Hr Analytics
Data Science Thailand
Ā 
PDF
Marketing analytics
Data Science Thailand
Ā 
PDF
Precision Medicine - The Future of Healthcare
Data Science Thailand
Ā 
PDF
Single Nucleotide Polymorphism Analysis (SNPs)
Data Science Thailand
Ā 
PDF
Using hadoop for big data
Data Science Thailand
Ā 
PDF
My Spark Journey
Data Science Thailand
Ā 
PDF
Technology behind-real-time-log-analytics
Data Science Thailand
Ā 
PDF
Predictive Analytics in Manufacturing
Data Science Thailand
Ā 
Data Science Thailand Meetup#11
Data Science Thailand
Ā 
Define Your Data (Science) Career
Data Science Thailand
Ā 
Drawing Your career in business analytics and data science
Data Science Thailand
Ā 
Data Science fuels Creativity
Data Science Thailand
Ā 
Microsoft R Server for Data Sciencea
Data Science Thailand
Ā 
Electronic Medical Records - Paperless to Big Data Initiative
Data Science Thailand
Ā 
Text Mining and Thai NLP
Data Science Thailand
Ā 
Machine learning in image processing
Data Science Thailand
Ā 
CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...
Data Science Thailand
Ā 
Bioinformatics in a Nutshell
Data Science Thailand
Ā 
Data Science Application in Business Portfolio & Risk Management
Data Science Thailand
Ā 
Myths of Data Science
Data Science Thailand
Ā 
Hr Analytics
Data Science Thailand
Ā 
Marketing analytics
Data Science Thailand
Ā 
Precision Medicine - The Future of Healthcare
Data Science Thailand
Ā 
Single Nucleotide Polymorphism Analysis (SNPs)
Data Science Thailand
Ā 
Using hadoop for big data
Data Science Thailand
Ā 
My Spark Journey
Data Science Thailand
Ā 
Technology behind-real-time-log-analytics
Data Science Thailand
Ā 
Predictive Analytics in Manufacturing
Data Science Thailand
Ā 

Recently uploaded (20)

PPT
Quality review (1)_presentation of this 21
abobaker13
Ā 
PDF
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
Ā 
PDF
.pdf is not working space design for the following data for the following dat...
jerinjoy242
Ā 
PPTX
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
Ā 
PDF
Lecture1 pattern recognition............
ZafriFarid
Ā 
PPTX
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
Ā 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
Ā 
PPTX
advance b rammar.pptxfdgdfgdfsgdfgsdgfdfgdfgsdfgdfgdfg
rohullahansari5
Ā 
PPTX
A Quantitative-WPS Office.pptx research study
ssuser7b04d8
Ā 
PPTX
climate analysis of Dhaka ,Banglades.pptx
rrawjatun
Ā 
PPTX
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
hildogavino28
Ā 
PPTX
MODULE 8 - DISASTER risk PREPAREDNESS.pptx
AceAquino4
Ā 
PDF
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
Ā 
PDF
TRAFFIC-MANAGEMENT-AND-ACCIDENT-INVESTIGATION-WITH-DRIVING-PDF-FILE.pdf
chouziyu14
Ā 
PPTX
05. PRACTICAL GUIDE TO MICROSOFT EXCEL.pptx
macomputermacomputer
Ā 
PDF
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
Ā 
PDF
ā€œGetting Started with Data Analytics Using R ā€“ Concepts, Tools & Case Studiesā€
Nusrat Gulbarga
Ā 
PDF
22.Patil - Early prediction of Alzheimerā€™s disease using convolutional neural...
ngaviet5
Ā 
PPTX
DISORDERS OF THE LIVER, GALLBLADDER AND PANCREASE (1).pptx
chepkoitcheruiyot
Ā 
PDF
Mega Projects Data Mega Projects Data
saidsalah8181
Ā 
Quality review (1)_presentation of this 21
abobaker13
Ā 
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
Ā 
.pdf is not working space design for the following data for the following dat...
jerinjoy242
Ā 
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
Ā 
Lecture1 pattern recognition............
ZafriFarid
Ā 
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
Ā 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
Ā 
advance b rammar.pptxfdgdfgdfsgdfgsdgfdfgdfgsdfgdfgdfg
rohullahansari5
Ā 
A Quantitative-WPS Office.pptx research study
ssuser7b04d8
Ā 
climate analysis of Dhaka ,Banglades.pptx
rrawjatun
Ā 
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
hildogavino28
Ā 
MODULE 8 - DISASTER risk PREPAREDNESS.pptx
AceAquino4
Ā 
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
Ā 
TRAFFIC-MANAGEMENT-AND-ACCIDENT-INVESTIGATION-WITH-DRIVING-PDF-FILE.pdf
chouziyu14
Ā 
05. PRACTICAL GUIDE TO MICROSOFT EXCEL.pptx
macomputermacomputer
Ā 
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
Ā 
ā€œGetting Started with Data Analytics Using R ā€“ Concepts, Tools & Case Studiesā€
Nusrat Gulbarga
Ā 
22.Patil - Early prediction of Alzheimerā€™s disease using convolutional neural...
ngaviet5
Ā 
DISORDERS OF THE LIVER, GALLBLADDER AND PANCREASE (1).pptx
chepkoitcheruiyot
Ā 
Mega Projects Data Mega Projects Data
saidsalah8181
Ā 

Big Data Analytics to Enhance Security

  • 1. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics to Enhance Security Anapat Pipatkitibodee Technical Manager anapat.p@Stelligence.com
  • 2. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Agenda ā€¢ Big Data Analytics ā€¢ Security Trends ā€¢ Example Security Attacks ā€¢ Integrated Security Analytics with Open Source ā€¢ How to Apply ?
  • 3. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics
  • 4. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Everyone is Claiming Big Data
  • 5. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Traditional vs Big Data
  • 6. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Drivers of Big Data ā€¢ About 80% of the worldā€™s data are semi-structured or unstructured.
  • 7. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Open Source Tools in Big Data ā€¢ Hadoop ecosystem ā€¢ NoSQL database
  • 8. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Apache Hadoop Stack Reference: Hadoop Essentials by Swizec Teller
  • 9. Copyright Stelligence Co.,Ltd. 2016 All rights reserved https://whatsthebigdata.com/2016/02/08/big-data-landscape-2016/
  • 10. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics ā€¢ The process of examining large data sets containing a variety of data types i.e., big data. ā€¢ Big Data analytics enables organizations to analyze a mix of structured, semi-structured, and unstructured data in search of valuable information and insights.
  • 11. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trends
  • 12. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Data Analytics for Intrusion Detection ā€¢ 1st generation: Intrusion detection systems ā€¢ 2nd generation: Security information and event management (SIEM)
  • 13. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Limitation of Traditional SIEMs Storing and retaining a large quantity of data was not economically feasible. Normalization & datastore schema reduces data Traditional tools did not leverage Big Data technologies. Closed platform with limited customization & integration options
  • 14. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trend from Y2015 to Y2016 Fireeye M-Trends Report 2016
  • 15. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trend from Y2015 to Y2016 ā€¢ Threats are hard to investigate Fireeye M-Trends Report 2016
  • 16. Copyright Stelligence Co.,Ltd. 2016 All rights reserved All Data is Security Relevant = Big Data Servers Storage DesktopsEmail Web Transaction Records Network Flows DHCP/ DNS Hypervisor Custom Apps Physical Access Badges Threat Intelligence Mobile CMDB Intrusion Detection Firewall Data Loss Prevention Anti- Malware Vulnerability Scans Traditional Authentication
  • 17. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Data Analytics for Intrusion Detection ā€¢ 1st generation: Intrusion detection systems ā€¢ 2nd generation: Security information and event management (SIEM) ā€¢ 3rd generation: Big Data analytics in security (Next generation SIEM)
  • 18. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Example Security Attacks
  • 19. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Advanced Persistent Threats ā€¢ Advanced ā€“ The attack can cope with traditional security solutions ā€“ In many cases is based on Zero-day vulnerabilities ā€¢ Persistent ā€“ Attack has a specific goal ā€“ Remain on the system as long as the attack goal is not met. ā€¢ Threat ā€“ Collect and steal information-Confidentiality. ā€“ Make the victim's system unavailable-Availability. ā€“ Modify the victim's system data-Integrity.
  • 20. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Example of Advanced Threat Activities HTTP (web) session to command & control server Remote control, Steal data, Persist in company, Rent as botnet WEB Conduct Business Create additional environment Gain Access to systemTransaction .pdf .pdf executes & unpacks malware overwriting and running ā€œallowedā€ programs Svchost.exeCalc.exe Attacker hacks website Steals .pdf files Web Portal.pdf Attacker creates malware, embed in .pdf, Emails to the target MAIL Read email, open attachment Threat intelligence Auth - User Roles Host Activity/Security Network Activity/Security
  • 21. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Link Events Together Threat intelligence Auth - User Roles, Corp Context Host Activity/Security Network Activity/Security WEB Conduct Business Create additional environment Gain Access to systemTransaction MAIL .pdf Svchost.exeCalc.exe Events that contain link to file Proxy log C2 communication to blacklist How was process started? What created the program/process? Process making C2 traffic Web Portal.pdf
  • 22. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Correlated Security Log Aug 08 06:09:13 acmesep01.acmetech.com Aug 09 06:17:24 SymantecServer acmesep01: Virus found,Computer name: ACME-002,Source: Real Time Scan,Risk name: Hackertool.rootkit,Occurrences: 1,C:/Documents and Settings/smithe/Local Settings/Temp/evil.tmp,"""",Actual action: Quarantined,Requested action: Cleaned, time: 2009-01-23 03:19:12,Inserted: 2009-01-23 03:20:12,End: 2009-01-23 03:19:12,Domain: Default,Group: My CompanyACME Remote,Server: acmesep01,User: smithe,Source computer: ,Source IP: 10.11.36.20 Aug 08 08:26:54 snort.acmetech.com {TCP} 10.11.36.20:5072 -> 10.11.36.26:443 itsec snort[18774]: [1:100000:3] [Classification: Potential Corporate Privacy Violation] Credit Card Number Detected in Clear Text [Priority: 2]: 20130806041221.000000Caption=ACME-2975EBAdministrator Description=Built-in account for administering the computer/domainDomain=ACME-2975EB InstallDate=NULLLocalAccount = IP: 10.11.36.20 TrueName=Administrator SID =S-1-5-21-1715567821-926492609-725345543 500SIDType=1 Status=Degradedwmi_ type=UserAccounts Sources All three occurring within a 24-hour period Source IP Data Loss Default Admin Account Malware Found Time Range Intrusion Detection Endpoint Security Windows Authentication Source IP Source IP
  • 23. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Incident Analysis & Investigation Search historically - back in time Watch for new evidence Related evidence from other security devices
  • 24. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Integrated Security Analytics with Open Source
  • 25. Copyright Stelligence Co.,Ltd. 2016 All rights reserved SQRRL Solution https://sqrrl.com/
  • 26. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Anomaly detection in Visualizing https://sqrrl.com/
  • 27. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Prelert Behavioral Analytics for the Elastic Stack http://info.prelert.com/
  • 28. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Prelert Behavioral Analytics for the Elastic Stack http://info.prelert.com/
  • 29. Copyright Stelligence Co.,Ltd. 2016 All rights reserved How to Apply ?
  • 30. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Determining Data That Can Be Collected Threat intelligence Auth - User Roles Service Host Network Network Security Through Data Analysisby Michael S CollinsPublished by O'Reilly Media, Inc., 2014 ā€¢ Third-party Threat Intel ā€¢ Open source blacklist ā€¢ Internal threat intelligence ā€¢ Firewall ā€¢ IDS / IPS ā€¢ Web Proxy ā€¢ Vulnerability scanners ā€¢ VPNs ā€¢ Netflow ā€¢ TCP Collector ā€¢ OS logs ā€¢ Patching ā€¢ File Integrity ā€¢ Endpoint (AV/IPS/FW) ā€¢ Malware detection ā€¢ Logins, Logouts log ā€¢ Active Directory ā€¢ LDAP ā€¢ AAA, SSO ā€¢ Application logs ā€¢ Audit log ā€¢ Service / Process
  • 31. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Option 1 : Replace All Solution ā€¢ Data sent to new Big Data Analytic Platform ā€¢ Big Data Analytic Platform ā€“ Static Visualizations / Reports ā€“ Threat detection, alerts, workflow, compliance ā€“ Incident investigations/forensics ā€“ Non-security use cases Big Data Analytic Platform Raw data Alerts Static Visualizations Forensics / Search Interface
  • 32. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Option 2 : Big Data to Traditional SIEM ā€¢ Data sent to both system ā€¢ Big Data Analytic Platform ā€“ Incident investigations/forensics ā€“ Non-security use cases ā€¢ Traditional SIEM ā€“ Static Visualizations / Reports ā€“ Threat detection, alerts, workflow, compliance Big Data Analytic Platform Raw data Forensics / Search Interface SIEM Alerts Static Visualizations Connectors
  • 33. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Factors for evaluating Big Data Security Analytics Platforms Factors for Evaluating Open Source ā€¢ Scalable data ingestion HDFS ā€¢ Unified data management platform Cassandra / Accumulo ā€¢ Support for multiple data types Ready to Customized ā€¢ Real time Spark / Strom ā€¢ Security analytic tools No ā€¢ Compliance reporting No ā€¢ Easy to deploy and manage Manage many 3rd Party ā€¢ Flexible search, report and create new correlation rule No
  • 34. Copyright Stelligence Co.,Ltd. 2016 All rights reserved