I delivered this presentation at the Omantel Cybersec event hosted at the Sheraton Muscat, Oman on Oct 30th, 2018.

1. CyberSecurity Analytics
How Data Analytics is Redefining Modern Era in Cyber Security
1
By
Saqib Chaudhry

2. What is Cyber Crime?
“In 2018, NATO
officially declared
cyberspace a warfare
domain and confirmed
that a cyberattack on
any of its allies will be
considered as an act of
war.”
Understanding Our (Cyber) Adversaries
- Methods and Motivations -

3. What is Cyber Crime?Cyber Threat Timeline

4. “Digital transformation is the
profound transformation of
business and organizational
activities, processes,
competencies and models to fully
leverage the changes and
opportunities of a mix of digital
technologies and their
accelerating impact across
society in a strategic and
prioritized way, with present and
future shifts in mind.”

5. “Digital transformation is the
profound transformation of
business and organizational
activities, processes, competencies
and models to fully leverage the
changes and opportunities of a mix
of digital technologies and their
accelerating impact across society
in a strategic and prioritized
way, with present and future shifts
in mind.”

6. “Digital transformation is the
profound transformation of
business and organizational
activities, processes, competencies
and models to fully leverage the
changes and opportunities of a mix
of digital technologies and their
accelerating impact across society
in a strategic and prioritized
way, with present and future shifts
in mind.”

7. “Digital transformation is the
profound transformation of
business and organizational
activities, processes, competencies
and models to fully leverage the
changes and opportunities of a mix
of digital technologies and their
accelerating impact across society
in a strategic and prioritized
way, with present and future shifts
in mind.”

8. Data is at the heart of Digital Transformation

9. Mellanox Technologies
Source: Mellanox Technologies
Mellanox Technologies

10. ANOTHER
TOPIC

12. Cyber-Crime is est. to be a $1.5 Trillion Global Economy!!!!
“According to
computerweekly.com global
cybercrime worth is estimated
at
$1.5 Trillion a year.
Cyber criminal operations
worldwide are generating
revenues equal to the GDP of
Russia through a web of profit
that involves legitimate
businesses.”

14. Key Challenges to Protect Against Cyber Adversaries

15. Too Many Alerts, Never Enough Resources

16. The New York Stock
Exchange Capture 1TB of
Trade Information during
each trading session
Poor Data quality costs
the US Economy around
$3.1 Trillion a Year
30 Billion Pieces of
Content are shared on
Facebook every Month
Est. 2.3 Trillion Gigabytes
Bytes of data is created
each day
Big Data
Analytics to
the
Rescue!!!
Source: DataconomySource: Accubisolutions.com

17. In order to
effectively work with
your Data Scientists/
IT Analytics Teams,
you need to
understand the
different types of Big
Data analytics
techniques and how
to utilize them to get
the actionable
insights
Source: Winwire via @BrianJohson

18. Potential
Big Data
Applications
for
CxOs

19. Cyber Security Specific Big Data Capabilities - Sample
- Identify anomalies in device behavior
For example, employee devices could be used as Trojan horses to access and steal
data — but you can stop it with big data analytics.
- Identify anomalies in employee and contractor behavior
Do you have an Edward Snowden downloading large amounts of data? There are
ways to detect and stop that.
- Detect anomalies in the network
Identify new threats without known signatures. Correlate data from silos to
understand the nature of various attacks. Look at a wide range of data attributes.
- Performed Machine Learning Detections (Dimensional Analysis)
• Lateral Movement
• Domain Generation algorithm
• DNS Tunneling
• Network Beaconing
• Data Staging
- Assess network vulnerabilities and risks
Ingest data and analyze it to determine which databases have customer-
identifying information, and how vulnerable they are to hackers.
Eliminate serious potential sources of risk.
- Manage data classification, data lineage, security and data lifecycle
management
- Detect and investigate Malware
- Detect and stop data Exfiltration
- Privileged User Monitoring ( PUM)
- Detect Zero-Day Attacks
- Use DNS Data to Identify Patient-Zero Malware

20. Use Case - User & Entity Behavior Analytics

21. Use Case
- User &
Entity
Behavior
Analytics

22. What are some of the key PPL needs to setup
Cybersecurity Big Data Analytics?

23. Needs a Reference Architecture for setting up Cybersecurity Big Data
Analytics in Your Organization? Check out Hortonworks Metron
Provides organizations a scalable capability to detect cyber anomalies and enable organizations to rapidly respond to identified anomalies

24. What does the Reference Architecture Entail?
1. Raw events are captured by Nifi/custom
probe & pushed to Kafka for ingestion.
2. Each raw event is parsed and normalized.
3. Different data elements are enriched.
E.g. an external IP address is enriched with
GeoIP information (lat/long coordinates +
City/State/Country)
4. Threat intel cross reference checks are
performed and telemetry events are
“labelled” with threat intel metadata.
5. Telemetry events can initiate alerts, as
needed. Labeled telemetry events are
indexed and stored in security data vault
for next generation analytics.
7a. For high volume network telemetry
data like packet capture (PCAP), custom
Metron probes are available to ingest data
directly from a network tap.
7b For most security telemetry data
sources that uses transports and protocols
like file, syslog, REST, HTTP, custom API,
etc., Metron uses Nifi to ingest data at the
source.

25. Integration Options: Anomali Threat Intelligent Platform

26. Integration Options: Sqrrl Threat Hunting Platform
• Enables organizations to target, hunt, and disrupt advanced
cyber threat by uniting threat hunting, behavioral analytics,
and incident analysis.
• It detects the Tactics, Techniques, and Procedures (TTPs) of
cyber adversaries as part of the kill chain assessment.
• It utilizes linked data, machine learning, UEBA, risk scoring,
and Big Data Analytics to reveal malicious patterns and
anomalies hidden within security datasets.

27. Integration Options: Kibana (Data Visualization Tool)
Open-source data visualization and exploration tool used for log and time-series analytics, application monitoring, and operational intelligence
use cases. It offers powerful and easy-to-use features such as histograms, line graphs, pie charts, heat maps, and built-in geospatial support.

28. What are some of the benefits of the utilizing Reference Architecture for
Your SOC Operations?
Source: hortonworks apache metron

29. • APPENDIX
29