Upload File

fighting cybersecurity threats with apache spot

19
1 © Cloudera, Inc. All rights reserved. A Community Approach to Fighting Cyber Threats - Apache Spot (incubating) Mark Grover | @mark_grover Apache Spot (incubating) committer and PPMC member Slides at slideshare.com/markgrover

Upload: markgrover

Post on 19-Mar-2017

88 views

Category:

Engineering


1 download

Report

TRANSCRIPT

Page 1: Fighting cybersecurity threats with Apache Spot

1©Cloudera,Inc.Allrightsreserved.

ACommunityApproachtoFightingCyberThreats -ApacheSpot(incubating)MarkGrover|@mark_groverApacheSpot(incubating)committerandPPMCmemberSlidesatslideshare.com/markgrover

Page 2: Fighting cybersecurity threats with Apache Spot

2©Cloudera,Inc.Allrightsreserved.

Aboutthebook

•@hadooparchbook• hadooparchitecturebook.com• github.com/hadooparchitecturebook• slideshare.com/hadooparchbook

Page 3: Fighting cybersecurity threats with Apache Spot

3©Cloudera,Inc.Allrightsreserved.

Agenda

• ApacheSpot(incubating)

Page 4: Fighting cybersecurity threats with Apache Spot

4©Cloudera,Inc.Allrightsreserved.

…whilesecurityoperationscentersdonot.

SOC2

SOC1

SOC3

SOC4

Hackerscollaborateeveryday…

Page 5: Fighting cybersecurity threats with Apache Spot

5©Cloudera,Inc.Allrightsreserved.

ApacheSpot(Incubating)

Acommunityapproachtofightingcyberthreats.

spot.incubator.apache.org

Page 6: Fighting cybersecurity threats with Apache Spot

6©Cloudera,Inc.Allrightsreserved.

Gapsinexistingcybersecuritysolutions

DetectingAdvancedThreats

Onlysignatureandcorrelationbaseddetection

Machinelearningisdifficulttoimplement

Dataisnotenrichedforbetterdetection

ReducingInvestigationandResponseTime

Accessmultipleapplicationsinordertoact

Partialenterprisevisibility

Onlyaccessmonthsworthofdata

UnderstandingTrueBusinessRisk

Balancingriskwithcosts

Gettinganunderstandingoftheriskofanentityoruser

Meetingchangingcomplianceregulations

Page 7: Fighting cybersecurity threats with Apache Spot

7©Cloudera,Inc.Allrightsreserved.

WhySpot?Whynow?

• Bigdatatools• Scalablestorageandcomputer

• Reasonablecost• Commodityhardware

• Advancedthreatdetection•MachineLearning

Page 8: Fighting cybersecurity threats with Apache Spot

8©Cloudera,Inc.Allrightsreserved.

TheValueofApacheSpot

Detectadvancedthreatsfasterviamachinelearning

Fastertimetoincidentinvestigationandresponsewith

comprehensiveenterprisevisibility

Changetheeconomicsofcybersecurity withanopen

sourceplatformthatsupportsmultipleLOBworkloads

Page 9: Fighting cybersecurity threats with Apache Spot

9©Cloudera,Inc.Allrightsreserved.

Architecturediagram

Page 10: Fighting cybersecurity threats with Apache Spot

10©Cloudera,Inc.Allrightsreserved.

Page 11: Fighting cybersecurity threats with Apache Spot

11©Cloudera,Inc.Allrightsreserved.

ApacheSpotIngestionPartneringwith:

Page 12: Fighting cybersecurity threats with Apache Spot

12©Cloudera,Inc.Allrightsreserved.

ApacheSpotProcessing

Analystqueries(UI)

Analystfull-textsearch(UI)

MachineLearning

Page 13: Fighting cybersecurity threats with Apache Spot

13©Cloudera,Inc.Allrightsreserved.

RememberNetflixprize?

Page 14: Fighting cybersecurity threats with Apache Spot

14©Cloudera,Inc.Allrightsreserved.

Whatif…

• …wecombinednetflow,DNS,proxydatawith• Usercontext• Org,privileges,etc.

• Endpointcontext•Whatsecurityregulationgovernsthisserver

• Networkcontext• Informationaboutnetworkfromwhoisservers,etc.

• Threatintelligencemodel• SetofknownmaliciousIPs,etc.

Page 15: Fighting cybersecurity threats with Apache Spot

15©Cloudera,Inc.Allrightsreserved.

OpenDataModel

• Rawevent1Zg2y780a,10.1.1.3:23444,10.1.1.10:1521,successfulloginassysdba byjsmith,Oracle• UsercontextJohnSmith,jsmith,smithj,csdkkv,[email protected],Jeff Beck,703-555-1212,Recruiter,domainusers,HR• Endpointcontext10.1.1.10,crm.companyA.com,IT,Prod,SOX,PCI,Redhat6.1,OracleCM,[email protected]

Page 16: Fighting cybersecurity threats with Apache Spot

16©Cloudera,Inc.Allrightsreserved.

OpenDataModel

• Rawevent1Zg2y780a,10.1.1.3:23444,10.1.1.10:1521,successfulloginassysdba byjsmith,Oracle• UsercontextJohnSmith,jsmith,smithj,csdkkv,[email protected],Jeff Beck,703-555-1212,Recruiter,domainusers,HR• Endpointcontext10.1.1.10,crm.companyA.com,IT,Prod,SOX,PCI,Redhat6.1,OracleCM,[email protected]

JohnSmith,amemberoftheHRrecruitingteamsuccessfullyloggedinasaprivilegedusertoanOracledatabasehousingthecompany’sCRMdata,regulatedbySOX&PCI

Page 17: Fighting cybersecurity threats with Apache Spot

17©Cloudera,Inc.Allrightsreserved.

Demo

Page 18: Fighting cybersecurity threats with Apache Spot

18©Cloudera,Inc.Allrightsreserved.

OpenSourceCollaboration1. Collaboratewithanalytic,bigdata,andcybersecurity industryleaders2. Shareanalyticswithpeerorganizationsleveragingtheopendatamodel

3. Future-proofyourplatformasopensourcecommunityinnovatesatgreaterspeed

Page 19: Fighting cybersecurity threats with Apache Spot

19©Cloudera,Inc.Allrightsreserved.

Thanksspot.apache.org@mark_grover


Integrating Apache Syncope with Apache CXF

Cybersecurity – Fighting Crime’s Enfant Terrible · 2. Review of the cybersecurity landscape 14 3. Future trends and areas of concern for cybersecurity 18 4. Cybersecurity and

Five-Part Cybersecurity Webinar Series How to Minimize ......Five-Part Cybersecurity Webinar Series 2 Click to add text WannaCry –spreads around the world!! Equifax –Apache not

Cybersecurity – Fighting Crime’s Enfant Terrible€¦ · Managing Director at Gary R. Brown, ... on a range of matters including business sales and purchases, ... utilities, manufacturing,

Apache Kafka - RainFocus · Apache Kafka Scalable Message ... Introduction& Motivation Apache Kafka -Scalable Message Processing and more! Apache Kafka -Overview ... • Apache Spark

Cybersecurity – Fighting Crime’s Enfant Terrible

Develop Hybrid Mobile Applications with Apache …...• Learning Webinars on big topics (Cloud/Mobile Development, Cybersecurity, Big Data, Recommender Systems, SaaS, Agile, Machine

Apache Metron Meetup May 4, 2016 - Big data cybersecurity

Fighting cyber with cyber - KPMG · facts, opinions, figures, and statistics. And ... 1 Source: Cybersecurity Ventures, “Official 2017 Annual Cybercrime Report” (October 19, 2017)

Managing Apache HAWQ with Apache AMBARI

CYBERSECURITY RISK DISCLOSURE AND CYBERSECURITY DISCLOSURE ... · CYBERSECURITY RISK DISCLOSURE AND CYBERSECURITY DISCLOSURE GUIDANCE ABSTRACT Cybersecurity risk disclosure has received

Apache Hadoop Ingestion Patterns & Apache Flume

Apache Metron and Apache Spot big data tools for cybersecurity · Apache Hadoop • Open-source big data ecosystem allowing: ... enrichment, cross reference with threat intel feeds,

Integrating Apache Camel with Apache Syncope

Apache Stratos: the PaaS from Apache

Apache Hivemall @ Apache BigData '17, Miami

CYBERSECURITY ROADMAP CYBERSECURITY OPERATIONS …

Using Apache Spark, Apache Kafka and Apache Cassandra...USING APACHE SPARK, APACHE KAFKA AND APACHE CASSANDRA TO POWER INTELLIGENT APPLICATIONS | 02 Apache Cassandra is well known

BAMA NEWS - Snake Blockersnakeblocker.com/article11.pdfMarc Halleck - Filipino Knife W. Hock Hochheim - Knife Combatives and knife ground fighting Snake Blocker - Apache Knife Fighting

Apache®, Apache Ignite, Ignite®, and the Apache Ignite ... · Apache®, Apache Ignite, Ignite®, and the Apache Ignite logo are either registered trademarks or trademarks of the

NoSQL, Apache SOLR and Apache Hadoop

Apache Directory Studio Apache DS Configuration

Cybersecurity 5 improving cybersecurity

Critical Cybersecurity Questions Cybersecurity... · Critical Cybersecurity Questions 1 • How do you measure successful cybersecurity efforts? • Who is accountable for cybersecurity?

Apache Sqoop with Apache Hbase

HttpClient Tutorial - Apache HttpComponents - Apache HttpComponents

Integrating Apache Sqoop And Apache Pig With Apache Hadoop · 2020-01-07 · Integrating Apache Sqoop And Apache Pig With Apache Hadoop 3 6789 SecondaryNameNode 7057 TaskTracker If

Apache Tomcat + Java EE = Apache TomEE

Integrating Apache NiFi and Apache Apex

FROM ZERO TO PORTABILITY - FOSDEM · Apache Kafka Google Cloud Pub/Sub JMS MQTT Databases Apache Cassandra Apache Hadoop InputFormat Apache HBase Apache Hive (HCatalog) Apache Kudu

Apache ActiveMQ and Apache Camel

Apache HTTP 2 - documentation.help · .htaccess Server Side Includes (SSI) (public_html) Microsoft Windows Novell NetWare ... Apache 2.0 Apache autoconf libtool Apache 1.3 APACI Apache

Fighting a different battle than conventional cybersecurity … · 2020. 8. 3. · 4 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Varonis at a Glance $235.7MM ARR2 99% Subscription

Hortonworks Data Platform for HDInsight · • Apache Pig 0.16.0 • Apache Ranger 1.2.0 • Apache Spark 2.4.0 • Apache Sqoop 1.4.7 • Apache Storm 1.2.1 • Apache TEZ 0.9.1

Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Platform