Leverage Big Data in Cybersecurity
Download as PPTX, PDF0 likes141 views
The document discusses the increasing risks in cybersecurity due to the adoption of big data and connected objects, highlighting that 60% of organizations faced major breaches in 2020. It emphasizes the shift from reactive to prescriptive security approaches, enabling better threat detection and remediation through machine learning and automation. Additionally, it outlines the need for improved visibility and intelligence sharing across global enterprises to effectively respond to escalating threats.
Leverage Big Data in Cybersecurity
- 1. Leverage Big Data in Cybersecurity Ladies in Cyber Security Bucharest, 21st March 2019
- 3. Atos PSOC - Enablers
- 4. Connected objects and technology adoption dramatically extend the threat landscape 60% of organizations victim of major breaches in 2020 (Gartner) Impact of breaches increases dramatically 2016 2017 2018 2019 goes mainstream Big data = big problems Supercharged connectivity overwhelms defenses Crime syndicates take a quantum leap Systemic vulnerabilities are weaponized Smart machines create new risks IoT risks explode Mobile apps become the main route for compromise Opaque algorithms compromise integrity More Criminals More Threats More Impact
- 5. | 06-10-2018 | © Atos - For internal use5
- 6. | 06-10-2018 | © Atos - For internal use Machine Learning Supervised Unsupervised source: https://www.quora.com/What-is-the-difference-between-supervised-and-unsupervised-learning-algorithms
- 7. Prescriptive Security Predictive Security UBA and UEBA as components supporting transformation of approach from Reactive to Predictive to Prescriptive BusinessRisk Security Maturity Model LowHigh Fragmented Security PrescriptiveReactive 1 Security Consolidation2 Holistic Business- Driven Security3 • Better control and governance over all end points and IOT • More proactive and predictive approaches to threat remediation 4 • Orchestrates the automation of security actions to quickly resolve current, and anticipate future, threats at scale. 5 • Lack of visibility across global enterprises results in reactive, uncoordinated responses • Increased efforts to consolidate security platforms – from point solutions to standard platform • More cohesive ability to sense, analyze and secure the enterprise • Deeper ability to share intelligence and react to threats faster what may happen? what & why did happen? prevent from happen
- 8. Atos PSOC - The Big Picture
- 9. Overview what needs to be addressed Initial compromise Establish foothold Maintain presence Lateral movement Data collection Data exfiltration AV SIEM EDR IDS DLP Threat Intel CMDB User directory Ticketing system Alerts Insights/context UBA Decision Response Ignore & Tune Escalate Notify Drill down Create Ticket Lock user Contain Host Proxy block FW Block Get evidence
- 11. | 06-10-2018 | © Atos - For internal use11
- 12. Decision regarding triggering an alert supported by Alert Chart Analysis & Remediation Send Alarm to Security Team Behavioral Analytics – Big Data Processing Decision regarding triggering an alert supported by Alert Chart victim_user Normal Behaviour in KPI under analysis victim_user Anomaly Detection in KPI under analysis victim_user Normal Behaviour in KPI under analysis victim_user Anomaly Detection in KPI under analysis victim_user drill down in KPI before anomaly victim_user drill down in KPI after anomaly victim_user drill down in KPI before anomaly victim_user drill down in KPI after anomaly YES (risk found) NO (risk not found) HOST ACCESS ANOMALY UNUSUAL ADMIN TOOLS USAGE LOGON TYPES ANOMALYSUSPICIOUS URL ON FRESHLY REGISTERED DOMAIN Analysis & Remediation victim_user evolution Chart victim_user Normal Behaviour in KPI under analysis victim_user Anomaly Detection in KPI under analysis victim_user evolution Chart victim_user Normal Behaviour in KPI under analysis victim_user Anomaly Detection in KPI under analysis victim_user drill down in KPI before anomaly victim_user drill down in KPI after anomaly victim_user evolution Chart victim_user drill down in KPI before anomaly victim_user drill down in KPI after anomaly victim_user evolution Chart victim_user Normal Behaviour in KPI under analysis victim_user Anomaly Detection in KPI under analysis victim_user Normal Behaviour in KPI under analysis victim_user Anomaly Detection in KPI under analysis Send Alerts to Security Team
- 13. Next steps Customer X Other Atos Customers Assets Threat Intelligence External Sources Threat Intelligence Internal Ecosystem EDR Service Cyber Security Dashboard Domain Controller SIEM Codex for Security Endpoint Protection Threat Intelligence Platform AtosStandard TicketingTool Security Automation & Orchestration SecurityAutomation&Orchestration Validation&Remediation Atos CSIRT SOC T1/T2 Advanced Threat Defense Playbooks
- 14. Conclusion Logs collection Logic based correlation SOC expert analysis on excess of alerts Long time later… Decision Logic based correlation Big data processing Machine Learning User Behavior Analytics Automated investigation SOC expert analysis on readily available insights Logs & data collection Decision support Automated remediation SIEM SIEM Data Lake
- 15. Atos, the Atos logo, Atos Codex, Atos Consulting, Atos Worldgrid, Bull, Canopy, equensWorldline, Unify, Worldline and Zero Email are registered trademarks of the Atos group. August 2018. © 2018 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos. Thank you ! For more information please contact: T+40 356 221151 corina-stefania.nebela@atos.net