SlideShare una empresa de Scribd logo

Big Data Analytics to Enhance Security

Data Science Thailand
Data Science Thailand

Big Data Analytics to Enhance Security Predictive Analtycis and Data Science Conference May 27-28 Anapat Pipatkitibodee Technical Manager anapat.p@Stelligence.com

Datos y análisis
1 de 34
Descargar para leer sin conexión
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics to Enhance Security Anapat Pipatkitibodee Technical Manager anapat.p@Stelligence.com
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Agenda • Big Data Analytics • Security Trends • Example Security Attacks • Integrated Security Analytics with Open Source • How to Apply ?
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Everyone is Claiming Big Data
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Traditional vs Big Data
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Drivers of Big Data • About 80% of the world’s data are semi-structured or unstructured.
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Open Source Tools in Big Data • Hadoop ecosystem • NoSQL database
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Apache Hadoop Stack Reference: Hadoop Essentials by Swizec Teller
Copyright Stelligence Co.,Ltd. 2016 All rights reserved https://whatsthebigdata.com/2016/02/08/big-data-landscape-2016/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics • The process of examining large data sets containing a variety of data types i.e., big data. • Big Data analytics enables organizations to analyze a mix of structured, semi-structured, and unstructured data in search of valuable information and insights.
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trends
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Data Analytics for Intrusion Detection • 1st generation: Intrusion detection systems • 2nd generation: Security information and event management (SIEM)
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Limitation of Traditional SIEMs Storing and retaining a large quantity of data was not economically feasible. Normalization & datastore schema reduces data Traditional tools did not leverage Big Data technologies. Closed platform with limited customization & integration options
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trend from Y2015 to Y2016 Fireeye M-Trends Report 2016
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trend from Y2015 to Y2016 • Threats are hard to investigate Fireeye M-Trends Report 2016
Copyright Stelligence Co.,Ltd. 2016 All rights reserved All Data is Security Relevant = Big Data Servers Storage DesktopsEmail Web Transaction Records Network Flows DHCP/ DNS Hypervisor Custom Apps Physical Access Badges Threat Intelligence Mobile CMDB Intrusion Detection Firewall Data Loss Prevention Anti- Malware Vulnerability Scans Traditional Authentication
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Data Analytics for Intrusion Detection • 1st generation: Intrusion detection systems • 2nd generation: Security information and event management (SIEM) • 3rd generation: Big Data analytics in security (Next generation SIEM)
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Example Security Attacks
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Advanced Persistent Threats • Advanced – The attack can cope with traditional security solutions – In many cases is based on Zero-day vulnerabilities • Persistent – Attack has a specific goal – Remain on the system as long as the attack goal is not met. • Threat – Collect and steal information-Confidentiality. – Make the victim's system unavailable-Availability. – Modify the victim's system data-Integrity.
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Example of Advanced Threat Activities HTTP (web) session to command & control server Remote control, Steal data, Persist in company, Rent as botnet WEB Conduct Business Create additional environment Gain Access to systemTransaction .pdf .pdf executes & unpacks malware overwriting and running “allowed” programs Svchost.exeCalc.exe Attacker hacks website Steals .pdf files Web Portal.pdf Attacker creates malware, embed in .pdf, Emails to the target MAIL Read email, open attachment Threat intelligence Auth - User Roles Host Activity/Security Network Activity/Security
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Link Events Together Threat intelligence Auth - User Roles, Corp Context Host Activity/Security Network Activity/Security WEB Conduct Business Create additional environment Gain Access to systemTransaction MAIL .pdf Svchost.exeCalc.exe Events that contain link to file Proxy log C2 communication to blacklist How was process started? What created the program/process? Process making C2 traffic Web Portal.pdf
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Correlated Security Log Aug 08 06:09:13 acmesep01.acmetech.com Aug 09 06:17:24 SymantecServer acmesep01: Virus found,Computer name: ACME-002,Source: Real Time Scan,Risk name: Hackertool.rootkit,Occurrences: 1,C:/Documents and Settings/smithe/Local Settings/Temp/evil.tmp,"""",Actual action: Quarantined,Requested action: Cleaned, time: 2009-01-23 03:19:12,Inserted: 2009-01-23 03:20:12,End: 2009-01-23 03:19:12,Domain: Default,Group: My CompanyACME Remote,Server: acmesep01,User: smithe,Source computer: ,Source IP: 10.11.36.20 Aug 08 08:26:54 snort.acmetech.com {TCP} 10.11.36.20:5072 -> 10.11.36.26:443 itsec snort[18774]: [1:100000:3] [Classification: Potential Corporate Privacy Violation] Credit Card Number Detected in Clear Text [Priority: 2]: 20130806041221.000000Caption=ACME-2975EBAdministrator Description=Built-in account for administering the computer/domainDomain=ACME-2975EB InstallDate=NULLLocalAccount = IP: 10.11.36.20 TrueName=Administrator SID =S-1-5-21-1715567821-926492609-725345543 500SIDType=1 Status=Degradedwmi_ type=UserAccounts Sources All three occurring within a 24-hour period Source IP Data Loss Default Admin Account Malware Found Time Range Intrusion Detection Endpoint Security Windows Authentication Source IP Source IP
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Incident Analysis & Investigation Search historically - back in time Watch for new evidence Related evidence from other security devices
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Integrated Security Analytics with Open Source
Copyright Stelligence Co.,Ltd. 2016 All rights reserved SQRRL Solution https://sqrrl.com/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Anomaly detection in Visualizing https://sqrrl.com/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Prelert Behavioral Analytics for the Elastic Stack http://info.prelert.com/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Prelert Behavioral Analytics for the Elastic Stack http://info.prelert.com/
Copyright Stelligence Co.,Ltd. 2016 All rights reserved How to Apply ?
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Determining Data That Can Be Collected Threat intelligence Auth - User Roles Service Host Network Network Security Through Data Analysisby Michael S CollinsPublished by O'Reilly Media, Inc., 2014 • Third-party Threat Intel • Open source blacklist • Internal threat intelligence • Firewall • IDS / IPS • Web Proxy • Vulnerability scanners • VPNs • Netflow • TCP Collector • OS logs • Patching • File Integrity • Endpoint (AV/IPS/FW) • Malware detection • Logins, Logouts log • Active Directory • LDAP • AAA, SSO • Application logs • Audit log • Service / Process
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Option 1 : Replace All Solution • Data sent to new Big Data Analytic Platform • Big Data Analytic Platform – Static Visualizations / Reports – Threat detection, alerts, workflow, compliance – Incident investigations/forensics – Non-security use cases Big Data Analytic Platform Raw data Alerts Static Visualizations Forensics / Search Interface
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Option 2 : Big Data to Traditional SIEM • Data sent to both system • Big Data Analytic Platform – Incident investigations/forensics – Non-security use cases • Traditional SIEM – Static Visualizations / Reports – Threat detection, alerts, workflow, compliance Big Data Analytic Platform Raw data Forensics / Search Interface SIEM Alerts Static Visualizations Connectors
Copyright Stelligence Co.,Ltd. 2016 All rights reserved Factors for evaluating Big Data Security Analytics Platforms Factors for Evaluating Open Source • Scalable data ingestion HDFS • Unified data management platform Cassandra / Accumulo • Support for multiple data types Ready to Customized • Real time Spark / Strom • Security analytic tools No • Compliance reporting No • Easy to deploy and manage Manage many 3rd Party • Flexible search, report and create new correlation rule No
Copyright Stelligence Co.,Ltd. 2016 All rights reserved

Recomendados

Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewFemi Ashaye
 
Big data ppt
Big data pptBig data ppt
Big data pptIDBI Bank Ltd.
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Data analytics introduction
Data analytics introductionData analytics introduction
Data analytics introductionamiyadash
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Big Data & Analytics - Use Cases in Mobile, E-commerce, Media and more
Big Data & Analytics - Use Cases in Mobile, E-commerce, Media and moreBig Data & Analytics - Use Cases in Mobile, E-commerce, Media and more
Big Data & Analytics - Use Cases in Mobile, E-commerce, Media and moreAmazon Web Services
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 

Recomendados

Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewFemi Ashaye
 
Big data ppt
Big data pptBig data ppt
Big data pptIDBI Bank Ltd.
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Data analytics introduction
Data analytics introductionData analytics introduction
Data analytics introductionamiyadash
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Big Data & Analytics - Use Cases in Mobile, E-commerce, Media and more
Big Data & Analytics - Use Cases in Mobile, E-commerce, Media and moreBig Data & Analytics - Use Cases in Mobile, E-commerce, Media and more
Big Data & Analytics - Use Cases in Mobile, E-commerce, Media and moreAmazon Web Services
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Machine Learning for Fraud Detection
Machine Learning for Fraud DetectionMachine Learning for Fraud Detection
Machine Learning for Fraud DetectionNitesh Kumar
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Preventionfmi_igf
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Big Data & Analytics (Conceptual and Practical Introduction)
Big Data & Analytics (Conceptual and Practical Introduction)Big Data & Analytics (Conceptual and Practical Introduction)
Big Data & Analytics (Conceptual and Practical Introduction)Yaman Hajja, Ph.D.
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Big data ppt
Big data pptBig data ppt
Big data pptNasrin Hussain
 
Three Big Data Case Studies
Three Big Data Case StudiesThree Big Data Case Studies
Three Big Data Case StudiesAtidan Technologies Pvt Ltd (India)
 
Big Data: Its Characteristics And Architecture Capabilities
Big Data: Its Characteristics And Architecture CapabilitiesBig Data: Its Characteristics And Architecture Capabilities
Big Data: Its Characteristics And Architecture CapabilitiesAshraf Uddin
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Understanding big data and data analytics big data
Understanding big data and data analytics big dataUnderstanding big data and data analytics big data
Understanding big data and data analytics big dataSeta Wicaksana
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxChandanChandu928137
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Bde presentatie bakker_bart_20170920
Bde presentatie bakker_bart_20170920Bde presentatie bakker_bart_20170920
Bde presentatie bakker_bart_20170920BigDataExpo
 
Accenture Big Data Expo
Accenture Big Data ExpoAccenture Big Data Expo
Accenture Big Data ExpoBigDataExpo
 

Más contenido relacionado

La actualidad más candente

Machine Learning for Fraud Detection
Machine Learning for Fraud DetectionMachine Learning for Fraud Detection
Machine Learning for Fraud DetectionNitesh Kumar
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Preventionfmi_igf
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Big Data & Analytics (Conceptual and Practical Introduction)
Big Data & Analytics (Conceptual and Practical Introduction)Big Data & Analytics (Conceptual and Practical Introduction)
Big Data & Analytics (Conceptual and Practical Introduction)Yaman Hajja, Ph.D.
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Big Data: Its Characteristics And Architecture Capabilities
Big Data: Its Characteristics And Architecture CapabilitiesBig Data: Its Characteristics And Architecture Capabilities
Big Data: Its Characteristics And Architecture CapabilitiesAshraf Uddin
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Understanding big data and data analytics big data
Understanding big data and data analytics big dataUnderstanding big data and data analytics big data
Understanding big data and data analytics big dataSeta Wicaksana
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 

La actualidad más candente (20)

Machine Learning for Fraud Detection
Machine Learning for Fraud DetectionMachine Learning for Fraud Detection
Machine Learning for Fraud Detection
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Big Data & Analytics (Conceptual and Practical Introduction)
Big Data & Analytics (Conceptual and Practical Introduction)Big Data & Analytics (Conceptual and Practical Introduction)
Big Data & Analytics (Conceptual and Practical Introduction)
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Big data ppt
Big data pptBig data ppt
Big data ppt
 
Three Big Data Case Studies
Three Big Data Case StudiesThree Big Data Case Studies
Three Big Data Case Studies
 
Big Data: Its Characteristics And Architecture Capabilities
Big Data: Its Characteristics And Architecture CapabilitiesBig Data: Its Characteristics And Architecture Capabilities
Big Data: Its Characteristics And Architecture Capabilities
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Understanding big data and data analytics big data
Understanding big data and data analytics big dataUnderstanding big data and data analytics big data
Understanding big data and data analytics big data
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 

Destacado

Bde presentatie bakker_bart_20170920
Bde presentatie bakker_bart_20170920Bde presentatie bakker_bart_20170920
Bde presentatie bakker_bart_20170920BigDataExpo
 
Accenture Big Data Expo
Accenture Big Data ExpoAccenture Big Data Expo
Accenture Big Data ExpoBigDataExpo
 
Zoomable Menu Mockup
Zoomable Menu MockupZoomable Menu Mockup
Zoomable Menu MockupNone None
 
Eneco Ronald Root
Eneco Ronald RootEneco Ronald Root
Eneco Ronald RootBigDataExpo
 
De Bijenkorf Niels Reijmer
De Bijenkorf Niels ReijmerDe Bijenkorf Niels Reijmer
De Bijenkorf Niels ReijmerBigDataExpo
 
Technology and AI sharing - From 2016 to Y2017 and Beyond
Technology and AI sharing - From 2016 to Y2017 and BeyondTechnology and AI sharing - From 2016 to Y2017 and Beyond
Technology and AI sharing - From 2016 to Y2017 and BeyondJames Huang
 
Building Blocks Big Data Expo
Building Blocks Big Data ExpoBuilding Blocks Big Data Expo
Building Blocks Big Data ExpoBigDataExpo
 
Incident response on a shoestring budget
Incident response on a shoestring budgetIncident response on a shoestring budget
Incident response on a shoestring budgetDerek Banks
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?Sumedt Jitpukdebodin
 
De groote de man Ingrid de Poorter
De groote de man Ingrid de PoorterDe groote de man Ingrid de Poorter
De groote de man Ingrid de PoorterBigDataExpo
 
Bde presentation dv
Bde presentation dvBde presentation dv
Bde presentation dvBigDataExpo
 
Presentatie big data expo swarovski
Presentatie big data expo swarovskiPresentatie big data expo swarovski
Presentatie big data expo swarovskiBigDataExpo
 
Dell hans timmerman v1.1
Dell hans timmerman v1.1Dell hans timmerman v1.1
Dell hans timmerman v1.1BigDataExpo
 
ProRail Laurens Koppenol & Paul van der Voort
ProRail Laurens Koppenol & Paul van der VoortProRail Laurens Koppenol & Paul van der Voort
ProRail Laurens Koppenol & Paul van der VoortBigDataExpo
 

Destacado (20)

Bde presentatie bakker_bart_20170920
Bde presentatie bakker_bart_20170920Bde presentatie bakker_bart_20170920
Bde presentatie bakker_bart_20170920
 
Accenture Big Data Expo
Accenture Big Data ExpoAccenture Big Data Expo
Accenture Big Data Expo
 
Zoomable Menu Mockup
Zoomable Menu MockupZoomable Menu Mockup
Zoomable Menu Mockup
 
Eneco Ronald Root
Eneco Ronald RootEneco Ronald Root
Eneco Ronald Root
 
Digital transformation - Jo Caudron
Digital transformation - Jo CaudronDigital transformation - Jo Caudron
Digital transformation - Jo Caudron
 
De Bijenkorf Niels Reijmer
De Bijenkorf Niels ReijmerDe Bijenkorf Niels Reijmer
De Bijenkorf Niels Reijmer
 
Technology and AI sharing - From 2016 to Y2017 and Beyond
Technology and AI sharing - From 2016 to Y2017 and BeyondTechnology and AI sharing - From 2016 to Y2017 and Beyond
Technology and AI sharing - From 2016 to Y2017 and Beyond
 
Building Blocks Big Data Expo
Building Blocks Big Data ExpoBuilding Blocks Big Data Expo
Building Blocks Big Data Expo
 
Incident response on a shoestring budget
Incident response on a shoestring budgetIncident response on a shoestring budget
Incident response on a shoestring budget
 
Notilyze SAS
Notilyze SASNotilyze SAS
Notilyze SAS
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?
 
Crossyn
CrossynCrossyn
Crossyn
 
If-If-If-If
If-If-If-IfIf-If-If-If
If-If-If-If
 
De groote de man Ingrid de Poorter
De groote de man Ingrid de PoorterDe groote de man Ingrid de Poorter
De groote de man Ingrid de Poorter
 
Bde presentation dv
Bde presentation dvBde presentation dv
Bde presentation dv
 
Presentatie big data expo swarovski
Presentatie big data expo swarovskiPresentatie big data expo swarovski
Presentatie big data expo swarovski
 
Dell hans timmerman v1.1
Dell hans timmerman v1.1Dell hans timmerman v1.1
Dell hans timmerman v1.1
 
Java start01 in 2hours
Java start01 in 2hoursJava start01 in 2hours
Java start01 in 2hours
 
Polar Bears Mario
Polar Bears MarioPolar Bears Mario
Polar Bears Mario
 
ProRail Laurens Koppenol & Paul van der Voort
ProRail Laurens Koppenol & Paul van der VoortProRail Laurens Koppenol & Paul van der Voort
ProRail Laurens Koppenol & Paul van der Voort
 

Similar a Big Data Analytics to Enhance Security

Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...BAINIDA
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & ResponseHarry McLaren
 
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the UnionCloudera, Inc.
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayInterset
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...PROIDEA
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetuppbink
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsat MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsat MicroFocus Italy ❖✔
 
A Community Approach to Fighting Cyber Threats
A Community Approach to Fighting Cyber ThreatsA Community Approach to Fighting Cyber Threats
A Community Approach to Fighting Cyber ThreatsCloudera, Inc.
 
Security Analytics & Security Intelligence-as-a-Service
Security Analytics & Security Intelligence-as-a-ServiceSecurity Analytics & Security Intelligence-as-a-Service
Security Analytics & Security Intelligence-as-a-ServiceMarco Casassa Mont
 
Security Challenges and Use Cases in the Modern Application Build-and-Deploy ...
Security Challenges and Use Cases in the Modern Application Build-and-Deploy ...Security Challenges and Use Cases in the Modern Application Build-and-Deploy ...
Security Challenges and Use Cases in the Modern Application Build-and-Deploy ...Amazon Web Services
 

Similar a Big Data Analytics to Enhance Security (20)

Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environments
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environments
 
A Community Approach to Fighting Cyber Threats
A Community Approach to Fighting Cyber ThreatsA Community Approach to Fighting Cyber Threats
A Community Approach to Fighting Cyber Threats
 
Security Analytics & Security Intelligence-as-a-Service
Security Analytics & Security Intelligence-as-a-ServiceSecurity Analytics & Security Intelligence-as-a-Service
Security Analytics & Security Intelligence-as-a-Service
 
Security Challenges and Use Cases in the Modern Application Build-and-Deploy ...
Security Challenges and Use Cases in the Modern Application Build-and-Deploy ...Security Challenges and Use Cases in the Modern Application Build-and-Deploy ...
Security Challenges and Use Cases in the Modern Application Build-and-Deploy ...
 
Data Science for Cyber Risk
Data Science for Cyber RiskData Science for Cyber Risk
Data Science for Cyber Risk
 

Más de Data Science Thailand

Drawing Your career in business analytics and data science
Drawing Your career in business analytics and data scienceDrawing Your career in business analytics and data science
Drawing Your career in business analytics and data scienceData Science Thailand
 
Microsoft R Server for Data Sciencea
Microsoft R Server for Data ScienceaMicrosoft R Server for Data Sciencea
Microsoft R Server for Data ScienceaData Science Thailand
 
Electronic Medical Records - Paperless to Big Data Initiative
Electronic Medical Records - Paperless to Big Data InitiativeElectronic Medical Records - Paperless to Big Data Initiative
Electronic Medical Records - Paperless to Big Data InitiativeData Science Thailand
 
Machine learning in image processing
Machine learning in image processingMachine learning in image processing
Machine learning in image processingData Science Thailand
 
CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...
CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...
CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...Data Science Thailand
 
Data Science Application in Business Portfolio & Risk Management
Data Science Application in Business Portfolio & Risk ManagementData Science Application in Business Portfolio & Risk Management
Data Science Application in Business Portfolio & Risk ManagementData Science Thailand
 
Precision Medicine - The Future of Healthcare
Precision Medicine - The Future of HealthcarePrecision Medicine - The Future of Healthcare
Precision Medicine - The Future of HealthcareData Science Thailand
 
Single Nucleotide Polymorphism Analysis (SNPs)
Single Nucleotide Polymorphism Analysis (SNPs)Single Nucleotide Polymorphism Analysis (SNPs)
Single Nucleotide Polymorphism Analysis (SNPs)Data Science Thailand
 
Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Data Science Thailand
 
Predictive Analytics in Manufacturing
Predictive Analytics in ManufacturingPredictive Analytics in Manufacturing
Predictive Analytics in ManufacturingData Science Thailand
 

Más de Data Science Thailand (20)

Data Science Thailand Meetup#11
Data Science Thailand Meetup#11Data Science Thailand Meetup#11
Data Science Thailand Meetup#11
 
Define Your Data (Science) Career
Define Your Data (Science) CareerDefine Your Data (Science) Career
Define Your Data (Science) Career
 
Drawing Your career in business analytics and data science
Drawing Your career in business analytics and data scienceDrawing Your career in business analytics and data science
Drawing Your career in business analytics and data science
 
Data Science fuels Creativity
Data Science fuels CreativityData Science fuels Creativity
Data Science fuels Creativity
 
Microsoft R Server for Data Sciencea
Microsoft R Server for Data ScienceaMicrosoft R Server for Data Sciencea
Microsoft R Server for Data Sciencea
 
Electronic Medical Records - Paperless to Big Data Initiative
Electronic Medical Records - Paperless to Big Data InitiativeElectronic Medical Records - Paperless to Big Data Initiative
Electronic Medical Records - Paperless to Big Data Initiative
 
Text Mining and Thai NLP
Text Mining and Thai NLP Text Mining and Thai NLP
Text Mining and Thai NLP
 
Machine learning in image processing
Machine learning in image processingMachine learning in image processing
Machine learning in image processing
 
CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...
CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...
CUSTOMER ANALYTICS & SEGMENTATION FOR CUSTOMER CENTRIC ORGANIZATION & MARKETI...
 
Bioinformatics in a Nutshell
Bioinformatics in a NutshellBioinformatics in a Nutshell
Bioinformatics in a Nutshell
 
Data Science Application in Business Portfolio & Risk Management
Data Science Application in Business Portfolio & Risk ManagementData Science Application in Business Portfolio & Risk Management
Data Science Application in Business Portfolio & Risk Management
 
Myths of Data Science
Myths of Data ScienceMyths of Data Science
Myths of Data Science
 
Hr Analytics
Hr AnalyticsHr Analytics
Hr Analytics
 
Marketing analytics
Marketing analyticsMarketing analytics
Marketing analytics
 
Precision Medicine - The Future of Healthcare
Precision Medicine - The Future of HealthcarePrecision Medicine - The Future of Healthcare
Precision Medicine - The Future of Healthcare
 
Single Nucleotide Polymorphism Analysis (SNPs)
Single Nucleotide Polymorphism Analysis (SNPs)Single Nucleotide Polymorphism Analysis (SNPs)
Single Nucleotide Polymorphism Analysis (SNPs)
 
Using hadoop for big data
Using hadoop for big dataUsing hadoop for big data
Using hadoop for big data
 
My Spark Journey
My Spark JourneyMy Spark Journey
My Spark Journey
 
Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics
 
Predictive Analytics in Manufacturing
Predictive Analytics in ManufacturingPredictive Analytics in Manufacturing
Predictive Analytics in Manufacturing
 

Último

GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]📊 Markus Baersch
 
Multiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfMultiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfchwongval
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort servicejennyeacort
 
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDRafezzaman
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
Identifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population MeanIdentifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population MeanMYRABACSAFRA2
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsVICTOR MAESTRE RAMIREZ
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...dajasot375
 
9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home ServiceSapana Sha
 
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Jack DiGiovanna
 
2006_GasProcessing_HB (1).pdf HYDROCARBON PROCESSING
2006_GasProcessing_HB (1).pdf HYDROCARBON PROCESSING2006_GasProcessing_HB (1).pdf HYDROCARBON PROCESSING
2006_GasProcessing_HB (1).pdf HYDROCARBON PROCESSINGmarianagonzalez07
 
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...limedy534
 
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...soniya singh
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxthyngster
 
IMA MSN - Medical Students Network (2).pptx
IMA MSN - Medical Students Network (2).pptxIMA MSN - Medical Students Network (2).pptx
IMA MSN - Medical Students Network (2).pptxdolaknnilon
 
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一fhwihughh
 
RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.natarajan8993
 

Último (20)

GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]
 
Multiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfMultiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdf
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
 
Call Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort ServiceCall Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort Service
 
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
Identifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population MeanIdentifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population Mean
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business Professionals
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
 
9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service
 
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
 
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
 
2006_GasProcessing_HB (1).pdf HYDROCARBON PROCESSING
2006_GasProcessing_HB (1).pdf HYDROCARBON PROCESSING2006_GasProcessing_HB (1).pdf HYDROCARBON PROCESSING
2006_GasProcessing_HB (1).pdf HYDROCARBON PROCESSING
 
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
Effects of Smartphone Addiction on the Academic Performances of Grades 9 to 1...
 
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
 
IMA MSN - Medical Students Network (2).pptx
IMA MSN - Medical Students Network (2).pptxIMA MSN - Medical Students Network (2).pptx
IMA MSN - Medical Students Network (2).pptx
 
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
 
RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.
 

Big Data Analytics to Enhance Security

  • 1. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics to Enhance Security Anapat Pipatkitibodee Technical Manager anapat.p@Stelligence.com
  • 2. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Agenda • Big Data Analytics • Security Trends • Example Security Attacks • Integrated Security Analytics with Open Source • How to Apply ?
  • 3. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics
  • 4. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Everyone is Claiming Big Data
  • 5. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Traditional vs Big Data
  • 6. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Drivers of Big Data • About 80% of the world’s data are semi-structured or unstructured.
  • 7. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Open Source Tools in Big Data • Hadoop ecosystem • NoSQL database
  • 8. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Apache Hadoop Stack Reference: Hadoop Essentials by Swizec Teller
  • 9. Copyright Stelligence Co.,Ltd. 2016 All rights reserved https://whatsthebigdata.com/2016/02/08/big-data-landscape-2016/
  • 10. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Big Data Analytics • The process of examining large data sets containing a variety of data types i.e., big data. • Big Data analytics enables organizations to analyze a mix of structured, semi-structured, and unstructured data in search of valuable information and insights.
  • 11. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trends
  • 12. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Data Analytics for Intrusion Detection • 1st generation: Intrusion detection systems • 2nd generation: Security information and event management (SIEM)
  • 13. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Limitation of Traditional SIEMs Storing and retaining a large quantity of data was not economically feasible. Normalization & datastore schema reduces data Traditional tools did not leverage Big Data technologies. Closed platform with limited customization & integration options
  • 14. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trend from Y2015 to Y2016 Fireeye M-Trends Report 2016
  • 15. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Security Trend from Y2015 to Y2016 • Threats are hard to investigate Fireeye M-Trends Report 2016
  • 16. Copyright Stelligence Co.,Ltd. 2016 All rights reserved All Data is Security Relevant = Big Data Servers Storage DesktopsEmail Web Transaction Records Network Flows DHCP/ DNS Hypervisor Custom Apps Physical Access Badges Threat Intelligence Mobile CMDB Intrusion Detection Firewall Data Loss Prevention Anti- Malware Vulnerability Scans Traditional Authentication
  • 17. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Data Analytics for Intrusion Detection • 1st generation: Intrusion detection systems • 2nd generation: Security information and event management (SIEM) • 3rd generation: Big Data analytics in security (Next generation SIEM)
  • 18. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Example Security Attacks
  • 19. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Advanced Persistent Threats • Advanced – The attack can cope with traditional security solutions – In many cases is based on Zero-day vulnerabilities • Persistent – Attack has a specific goal – Remain on the system as long as the attack goal is not met. • Threat – Collect and steal information-Confidentiality. – Make the victim's system unavailable-Availability. – Modify the victim's system data-Integrity.
  • 20. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Example of Advanced Threat Activities HTTP (web) session to command & control server Remote control, Steal data, Persist in company, Rent as botnet WEB Conduct Business Create additional environment Gain Access to systemTransaction .pdf .pdf executes & unpacks malware overwriting and running “allowed” programs Svchost.exeCalc.exe Attacker hacks website Steals .pdf files Web Portal.pdf Attacker creates malware, embed in .pdf, Emails to the target MAIL Read email, open attachment Threat intelligence Auth - User Roles Host Activity/Security Network Activity/Security
  • 21. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Link Events Together Threat intelligence Auth - User Roles, Corp Context Host Activity/Security Network Activity/Security WEB Conduct Business Create additional environment Gain Access to systemTransaction MAIL .pdf Svchost.exeCalc.exe Events that contain link to file Proxy log C2 communication to blacklist How was process started? What created the program/process? Process making C2 traffic Web Portal.pdf
  • 22. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Correlated Security Log Aug 08 06:09:13 acmesep01.acmetech.com Aug 09 06:17:24 SymantecServer acmesep01: Virus found,Computer name: ACME-002,Source: Real Time Scan,Risk name: Hackertool.rootkit,Occurrences: 1,C:/Documents and Settings/smithe/Local Settings/Temp/evil.tmp,"""",Actual action: Quarantined,Requested action: Cleaned, time: 2009-01-23 03:19:12,Inserted: 2009-01-23 03:20:12,End: 2009-01-23 03:19:12,Domain: Default,Group: My CompanyACME Remote,Server: acmesep01,User: smithe,Source computer: ,Source IP: 10.11.36.20 Aug 08 08:26:54 snort.acmetech.com {TCP} 10.11.36.20:5072 -> 10.11.36.26:443 itsec snort[18774]: [1:100000:3] [Classification: Potential Corporate Privacy Violation] Credit Card Number Detected in Clear Text [Priority: 2]: 20130806041221.000000Caption=ACME-2975EBAdministrator Description=Built-in account for administering the computer/domainDomain=ACME-2975EB InstallDate=NULLLocalAccount = IP: 10.11.36.20 TrueName=Administrator SID =S-1-5-21-1715567821-926492609-725345543 500SIDType=1 Status=Degradedwmi_ type=UserAccounts Sources All three occurring within a 24-hour period Source IP Data Loss Default Admin Account Malware Found Time Range Intrusion Detection Endpoint Security Windows Authentication Source IP Source IP
  • 23. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Incident Analysis & Investigation Search historically - back in time Watch for new evidence Related evidence from other security devices
  • 24. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Integrated Security Analytics with Open Source
  • 25. Copyright Stelligence Co.,Ltd. 2016 All rights reserved SQRRL Solution https://sqrrl.com/
  • 26. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Anomaly detection in Visualizing https://sqrrl.com/
  • 27. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Prelert Behavioral Analytics for the Elastic Stack http://info.prelert.com/
  • 28. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Prelert Behavioral Analytics for the Elastic Stack http://info.prelert.com/
  • 29. Copyright Stelligence Co.,Ltd. 2016 All rights reserved How to Apply ?
  • 30. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Determining Data That Can Be Collected Threat intelligence Auth - User Roles Service Host Network Network Security Through Data Analysisby Michael S CollinsPublished by O'Reilly Media, Inc., 2014 • Third-party Threat Intel • Open source blacklist • Internal threat intelligence • Firewall • IDS / IPS • Web Proxy • Vulnerability scanners • VPNs • Netflow • TCP Collector • OS logs • Patching • File Integrity • Endpoint (AV/IPS/FW) • Malware detection • Logins, Logouts log • Active Directory • LDAP • AAA, SSO • Application logs • Audit log • Service / Process
  • 31. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Option 1 : Replace All Solution • Data sent to new Big Data Analytic Platform • Big Data Analytic Platform – Static Visualizations / Reports – Threat detection, alerts, workflow, compliance – Incident investigations/forensics – Non-security use cases Big Data Analytic Platform Raw data Alerts Static Visualizations Forensics / Search Interface
  • 32. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Option 2 : Big Data to Traditional SIEM • Data sent to both system • Big Data Analytic Platform – Incident investigations/forensics – Non-security use cases • Traditional SIEM – Static Visualizations / Reports – Threat detection, alerts, workflow, compliance Big Data Analytic Platform Raw data Forensics / Search Interface SIEM Alerts Static Visualizations Connectors
  • 33. Copyright Stelligence Co.,Ltd. 2016 All rights reserved Factors for evaluating Big Data Security Analytics Platforms Factors for Evaluating Open Source • Scalable data ingestion HDFS • Unified data management platform Cassandra / Accumulo • Support for multiple data types Ready to Customized • Real time Spark / Strom • Security analytic tools No • Compliance reporting No • Easy to deploy and manage Manage many 3rd Party • Flexible search, report and create new correlation rule No
  • 34. Copyright Stelligence Co.,Ltd. 2016 All rights reserved