Your SlideShare is downloading. ×
Turn Your Big Security Data into a Big Advantage
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Turn Your Big Security Data into a Big Advantage

742
views

Published on

eEye Digital Security and 451 Research Group take you through how you can begin to leverage your big data to drive a more dynamic security strategy and learn how this data is impacting the enterprise …

eEye Digital Security and 451 Research Group take you through how you can begin to leverage your big data to drive a more dynamic security strategy and learn how this data is impacting the enterprise today.

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
742
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
57
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Turn Your Big Security Data into a Big Advantage February 23, 2012eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com
  • 2. What We’ll Cover Today Today’s Speakers The Challenge with Big Security Data Big Data’s Value to Security Wasn’t this Already Promised? eEye’s Unique Offering 451 Analysis  Our view of big data’s value to security  Why do something different?  How this is actually impacting the enterprise Questions, Closing Comments eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 2
  • 3. Today’s SpeakersMike Puterbaugh, Andrew Hay, Senior Analyst,VP, Marketing Enterprise Security Practice (ESP)Industry Pioneers  Leaders in IT security since 1998 Research areas  SIEM & Log ManagementThought Leaders  Forensics & Incident Response  World-renowned research team  Penetration Testing & Vulnerability ManagementSecurity Experts Twitter  Thousands of customers  @andrewsmhay  World’s largest vulnerability management deployments Personal Blog  www.andrewhay.caAward-Winning Solutions  Recognized product leadership eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 3
  • 4. There is No Bigger Data Than Your Security Data The technologies being deployed today have changed the way security teams manage risk New technologies bring new security gaps (aka Risk) with them  Virtual applications  Public/Private cloud assets  Managed and unmanaged mobile devices These new security gaps are introduced at both macro and micro levels The ability to pinpoint and act on this risk data creates a protection advantage that drives better informed decisions about how to continually evolve your security strategy eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 4
  • 5. There is no shortage of security data… “Supply”  IT Environment “Demand”  Security RequirementsApplications Security’s Risk ToleranceOSs Challenge RegulationsDesktopsServers Best Practices and StandardsMobile DevicesVirtualization Processes and ProceduresPortsServices End-user NeedsPeople Turning this Data ResourcesCloud Into Action …and this is just the natively generated data… eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 5
  • 6. …there’s more than you can handle, actually… “Supply”  IT Environment “Demand”  Security RequirementsApplications Security’s Risk ToleranceOSs Challenge RegulationsDesktopsServers Best PracticesMobile Devices Big Security Data and StandardsVirtualization The intersection Processes of tech and business and ProceduresPortsServices End-user NeedsPeople Turning this Data ResourcesCloud Into Action What about… Exploits  Misconfigurations  etc Vulnerabilities  User privileges Attacks  Attempts eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 6
  • 7. What this used to mean
  • 8. Big Data and Security Intelligence from eEye RETINA CS Centralized Management Console    Patch Management Configuration Compliance Regulatory Reporting Retina Protection Agent Built-In Remediation Configuration Benchmarking Advanced Compliance Reporting Local Scanning Agent RETINA Network The Industry’s Vulnerability Scanning Benchmark RETINA Insight Security Intelligence Engine Reduce Security Risks Close Security Gaps Improve Visibility eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 8
  • 9. Retina Insight: Security Intelligence for the Enterprise RETINA Insight Security Intelligence Engine Vulnerabilities Mobile Attacks Purpose-built data warehouse; Applications Exploits Desktop integrated with Retina CS Configuration Cloud Patches Actionable analysis via Risk Virtual Compliance Server Matrix, Trending and Targeted Reports Complete ad-hoc reporting support as well Roles-based access opens up intelligence to security, ops, risk, audit, etc. eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 9
  • 10. Retina Insight: Security Intelligence for the Enterprise RETINA Insight Security Intelligence Engine Multi-dimensional risk matrix  Viewable by technology, assets, vulnerabilities, attacks, exploits, etc. Direct access to database via Pivot Grid ad-hoc reporting  In addition to the 100’s of included reports eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com
  • 11. Retina Insight: Security Intelligence for the Enterprise RETINA Insight Security Intelligence Engine Compliance Scorecards  PCI, HIPPA, SOX, GLBA, NIST, FER/NERC, COBIT, etc. Reporting subscriptions and delivery management eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com
  • 12. Weren’t SEIM/SIMs Supposed To Deliver This? SIEM/SIM solutions gather data from multiple data sources, correlating over time and date  Technical relationship between the data points “Big Security Data” offers value beyond simple correlation, if properly leveraged Data  In addition to the technical relationship, it provides a vs business context around that data Insight  Relates to business functions, compliance requirements, forward planning This is far beyond reporting: This data can be used to optimize internal processes and workflows = creating a better security strategy eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 12
  • 13. Andrew Hay, Senior Analyst, Enterprise Security Practice (ESP) 451 ResearcheEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com
  • 14. Our view of big data’s value to security There is a wealth of data in the enterprise  Only subsets are used for security context Mathmagically speaking  Big Data = (Volume +/- Variety +/- Velocity)  Where: • Volume relates to the amount of data being generated, stored and processed; • Variety relates to the number of different data formats; and • Velocity relates to the rate at which data is updated Big data is not necessarily just about large volumes of data eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 14
  • 15. Why do something different? Most SIEM products were designed for dealing only with security-related data with  Large volume  Little variety  Fairly consistent and predictable velocity Technology built off of data pains of the late 1990’s and early 2000’s  “How do I manage all of these IDS alerts from my 10 sensors?” eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 15
  • 16. Relative strengths of traditional RDBMS andHadoop eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 16
  • 17. We need access to EVERYTHING! Image Source: http://preview.tinyurl.com/3ux8bo6
  • 18. Traditional sources of information eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 18
  • 19. But what might we be missing? Physical security  Swipe card readers  Video feeds Mobile devices  iPhone/Android data exfiltration via Starbucks Cloud  Hypervisor-level exploitation • “Hey Amazon, can I get your infrastructure logs?” The minutiae of covert low-and- slow attacks with varying velocity and variety eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 19
  • 20. Primary platform by data type eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 20
  • 21. Impact to the enterprise  Security data is not the only relevant data for data security  Think globally and act locally  Data is evolving and your organization needs to evolve with it  Plan for the future, not the past  If ‘big data security’ were easy, everyone would be doing it  A big data security product isn’t a “Big Data Easy Button™” eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 21
  • 22. Questions? Check Out These Resources www.eeye.com www.451Research.com @eEye @451Research 22
  • 23. Thank You!eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com