• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cloudera Federal Forum 2014: Hadoop-Powered Solutions for Cybersecurity
 

Cloudera Federal Forum 2014: Hadoop-Powered Solutions for Cybersecurity

on

  • 743 views

Chief Architect of Cloudera Government Solutions, Joey Echeverria, shares knowledge about Hadoop cybersecurity and the pieces of Cloudera's Enterprise Data Hub that address cybersecurity.

Chief Architect of Cloudera Government Solutions, Joey Echeverria, shares knowledge about Hadoop cybersecurity and the pieces of Cloudera's Enterprise Data Hub that address cybersecurity.

Statistics

Views

Total Views
743
Views on SlideShare
693
Embed Views
50

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 50

http://www.cloudera.com 49
http://cloudera.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cloudera Federal Forum 2014: Hadoop-Powered Solutions for Cybersecurity Cloudera Federal Forum 2014: Hadoop-Powered Solutions for Cybersecurity Presentation Transcript

    • Apache Hadoop-Powered Cybersecurity Joey Echeverria, Chief Architect Cloudera Government Solutions February 2014 1 ©2014 Cloudera, Inc. All rights reserved.
    • What is Cybersecurity? • Applications • Security-in-depth • Local/public networks source: http://www.flickr.com/photos/shimgray/2985486716/ 2 ©2014 Cloudera, Inc. All rights reserved.
    • Why Cybersecurity? • Protect your data • Service availability source: http://www.flickr.com/photos/kevinmarks/5218166919/ 3 ©2014 Cloudera, Inc. All rights reserved.
    • WHY IS THIS A HARD PROBLEM? 4
    • Breadth • Firewalls • Switches • Servers • Desktops • Mobiles source: http://www.flickr.com/photos/larskflem/3100856376/ 5 ©2014 Cloudera, Inc. All rights reserved.
    • Depth • Deep packet inspection • Intrusion logs • Server logs • Desktop logs 6 ©2014 Cloudera, Inc. All rights reserved.
    • Update all the things source: http://www.flickr.com/photos/bovinity/2125620107/ 7 ©2014 Cloudera, Inc. All rights reserved.
    • TWO WAYS TO FIGHT BACK 8
    • Streaming • Intrusion Detection System (IDS) • Intrusion Prevention System (IPS) • Complex Event Processing (CEP) • Alert/react in real-time 9 source: http://www.flickr.com/photos/conifer/9535872266/ ©2014 Cloudera, Inc. All rights reserved.
    • Historical Analysis • Not all attacks are real- time • Hiding in plane sight Anomaly detection • Steganography • source: http://www.flickr.com/photos/bjornmeansbear/4249524324/ 10 ©2014 Cloudera, Inc. All rights reserved.
    • Example: Attack Timeline • When did the attacker get in? • How did the attacker get in? • What data was stolen? 11 ©2014 Cloudera, Inc. All rights reserved.
    • Scale • 10 Gbps • 900,000 packets per second • Thousands of servers • Tens of thousands of desktops and mobile devices • Two aspects Capture at scale • Archive • 12 ©2014 Cloudera, Inc. All rights reserved.
    • FOCUS ON HISTORICAL ANALYSIS 13
    • Apache Hadoop • Massive storage • Massive throughput • Batch processing • Correlate petabytes of data source: http://svn.apache.org/viewvc/hadoop/logos/out_rgb/elephant_rgb.pdf?view=log 14 ©2014 Cloudera, Inc. All rights reserved.
    • Transform source: http://www.flickr.com/photos/accardi1/3294248678/ 15 ©2014 Cloudera, Inc. All rights reserved.
    • Enrich source: http://www.flickr.com/photos/shookphotos/4597753813/ 16 ©2014 Cloudera, Inc. All rights reserved.
    • Sessionize • Combine activity into user sessions • Analyze application sessions, 17 not packets ©2014 Cloudera, Inc. All rights reserved.
    • Beyond Batch • NoMR • Any framework Interactive SQL • In-memory processing • Machine learning • Search • Accumulo • source: http://www.flickr.com/photos/rhinoneal/5633001128/ 18 ©2014 Cloudera, Inc. All rights reserved.
    • Impala • MPP analytic query engine for Hadoop • SQL • UDFs and UDAFs • Future: window functions 19 ©2014 Cloudera, Inc. All rights reserved.
    • Pretty Charts! source: http://www.flickr.com/photos/caseorganic/5407670731/ 20 ©2014 Cloudera, Inc. All rights reserved.
    • Reporting • What are the most commonly accessed blacklist sites? • What are the top destinations by country? • Summary of port scanning activity • Top IDS event types 21 ©2014 Cloudera, Inc. All rights reserved.
    • Spark • In-memory processing • Iterative algorithms • Simple API source: http://www.flickr.com/photos/mrzeon/4458423242/ 22 ©2014 Cloudera, Inc. All rights reserved.
    • Analytics source: http://www.flickr.com/photos/iconolith/253426954/ 23 source: http://www.flickr.com/photos/derletzteschrei/193503222/ ©2014 Cloudera, Inc. All rights reserved.
    • Finding Outliers 24 ©2014 Cloudera, Inc. All rights reserved.
    • Rare Event Prediction 25 ©2014 Cloudera, Inc. All rights reserved.
    • Questions • Contact me! • Joey Echeverria • joey@clouderagovt.com • @fwiffo 26 ©2014 Cloudera, Inc. All rights reserved.
    • 27 ©2014 Cloudera, Inc. All rights reserved.