Big data security in the cloud poses challenges for organizations. While new technologies like big data analytics promise improved threat detection, they also have limitations and skills gaps. All organizations face a variety of cybersecurity threats, from state-sponsored actors to competitors to insiders, and prevention through approaches like signatures, rules, and threat intelligence can only do so much. Effectively leveraging security tools and sharing intelligence is needed to tackle evolving threats in an efficient manner.
11. State sponsored / APT
Debuzzed:
• Does represent a real threat
to organisations
• Smaller organisations at
threat as part of supply chain
• Not necessarily advanced in
techniques
12. Supply chain
Debuzzed:
• Attackers increasingly using
weaker supply chain to get
to hard targets
• Consider all inbound and
outbound connections
carefully
13. Insider
Debuzzed:
• All companies run the risk of
an insider attack
• Can only lock down the
environment so much
before you affect the
business
• Will often know how to work
around prevention measures
14. Competitors
Debuzzed:
• There are companies out there
that will hack for money
• There are competitors who will
pay for that advantage
• Vulnerability will depend on your
company’s markets
17. Threats
State sponsored
• Does represent a threat to
some organisations
Organised crime
• Not necessarily targeting
companies, but can cause
issues
Competitors
• Does happen, but will
depend on geography
Insider
• Everyone at risk – balance with
need to work
Vandals
• Likelihood of attack varies with
prominence
Supply chain
• Consider all inbound and
outbound connections carefully
19. Framing the problem
“…as we know, there are known knowns; there
are things that we know that we know.
We also know there are known unknowns; that
is to say we know there are some things we do
not know.
But there are also unknown unknowns, the
ones we don't know we don't know”
22. Signatures
Debuzzed:
• Worth looking for things you
already know about – cheap
and effective
• Not a universal solution
• Limited capability to detect
targeted attacks
24. Rule-based detection
Debuzzed:
• More flexible than signatures
allowing better detection
• False positives are likely to
increase as well
• Still limited to specific details of
an attack
25. Threat intelligence
Debuzzed:
• Only as useful as your ability to
do something about it
• Very wide range of prices…
and quality
• Storing and sharing it is hard in
a company
28. “Big data is like teenage sex: everyone
talks about it, nobody really knows how
to do it, everyone thinks everyone else is
doing it, so everyone claims they are
doing it...”
Dan Ariely
29. Big data
Debuzzed:
• Handling large data sets isn’t
new
• New technology has
changed the economics
• Not a single technology or
application
• Big skills gap in most
organisations
30. The
elephant
in the room
Debuzzed:
• Actually a collection of software
tools rather than a single
product
• No out-of-the-box capability
• Varying levels of maturity across
the tools
• Vendor integrations are variable
in how they embrace “the
Hadoop way”
31. Big data and NoSQL
Debuzzed:
• Lots of tools to choose from
• All have different advantages
and compromises
• Don’t get help out of the box
• Consider using hosted services to
reduce administration complexity
32. Detection roundup
Known knowns
• Cheap and effective to look for known threats
• Only provides partial protection
Known unknowns
• Rules provide greater detection with increased false positives
• Need to use threat intelligence effectively to inform rules
Unknown unknowns
• New technologies are helpful but not the full answer
• Beware promises of perfect detection