Your SlideShare is downloading. ×
Big Data & Security Have Collided - What Are You Going to do About It?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Big Data & Security Have Collided - What Are You Going to do About It?

361
views

Published on

Big data has recently begun to impact enterprise security organizations. How can organizations use the flood of security-relevant data to improve overall security? How can organizations actually …

Big data has recently begun to impact enterprise security organizations. How can organizations use the flood of security-relevant data to improve overall security? How can organizations actually secure the big data systems themselves? This session discusses the opportunity for big data to improve security and reduce risk, focusing especially on the critical role of security strategy and management.


Objective 1: Identify the key current challenges of security and why improved security requires big data tools and techniques.
After this session you will be able to:
Objective 2: Describe strategies for using big data tools and techniques to improve security, in particular monitoring and analysis.
Objective 3: Identify best practices and technologies that can be used to secure big data systems themselves.


Access the recording via http://www.brainshark.com/emcworld/vu?pi=zIGzOvwlUzB8sLz0

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
361
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Big Data & Security Have Collided What Are You Going to do About It? Matthew Gardiner, Sr. Manager, RSA, The Security Division of EMC © Copyright 2013 EMC Corporation. All rights reserved. 1
  • 2. Roadmap Information Disclaimer  EMC makes no representation and undertakes no obligations with regard to product planning information, anticipated product characteristics, performance specifications, or anticipated release dates (collectively, “Roadmap Information”).  Roadmap Information is provided by EMC as an accommodation to the recipient solely for purposes of discussion and without intending to be bound thereby.  Roadmap information is EMC Restricted Confidential and is provided under the terms, conditions and restrictions defined in the EMC NonDisclosure Agreement in place with your organization. © Copyright 2013 EMC Corporation. All rights reserved. 2
  • 3. Alternative Title Security for Big Data & Big Data for Security © Copyright 2013 EMC Corporation. All rights reserved. 3
  • 4. How Many of You are IT Security Professionals? © Copyright 2013 EMC Corporation. All rights reserved. 4
  • 5. Security for Big Data © Copyright 2013 EMC Corporation. All rights reserved. 5
  • 6. At this point more questions than answers New Technology, New Use Cases, New Social Norms © Copyright 2013 EMC Corporation. All rights reserved. 6
  • 7. Add Big Data to the List of Hard Security Challenges Security is always trying to catch up Mobile Cloud Extended Workforce Big Data © Copyright 2013 EMC Corporation. All rights reserved. APTs Sophisticated Fraud Networked Value Chains 7
  • 8. Big Data Has A Tidal Wave of New Technologies And Surprise! Security/Privacy has not been a key focus to date © Copyright 2013 EMC Corporation. All rights reserved. 8
  • 9. Your Organization’s Security Professional? © Copyright 2013 EMC Corporation. All rights reserved. 9
  • 10. How is Big Data Different? And why this creates security challenges  Distributed nodes – Moving computation is cheaper than moving data  Shared data – Don’t know where data is or how many copies there are  Coarse grained data access ownership – Most limited at the schema level only  Inter-node communication – Usually done in the clear  Client applications typically not verified  Web services with limited or no protection Sourced from: Securosis, Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments, October 12, 2012 © Copyright 2013 EMC Corporation. All rights reserved. 10
  • 11. Suggestion - Go Back to Security Basics And apply to new domain Prevention Remediation Detection © Copyright 2013 EMC Corporation. All rights reserved. 11
  • 12. Security Concepts Haven’t Changed Just how to apply them  Prevention – – – – Authentication/Authorization Secure communications Encryption/tokenization/redaction Patching the underlying systems  Detection – Auditing/Monitoring/Logging  Remediation – Fast, (pre-defined) incident response  Data Privacy – Principled (& legal) data/analysis usage © Copyright 2013 EMC Corporation. All rights reserved. 12
  • 13. Don’t Fall into the Obfuscation Security “Strategy” Infrastructures often are (or soon will be) Web accessible © Copyright 2013 EMC Corporation. All rights reserved. 13
  • 14. But wait - Didn’t we just do this for the Cloud? © Copyright 2013 EMC Corporation. All rights reserved. 14
  • 15. Providing centralized control with dist. enforcement? Are Web Access Management Systems a Model for big data systems? Access Manager Admin Console Access Manager Agent User Access Manager Server Website with Access Manager Agent Website with Access Manager Agent Access Manager Agent © Copyright 2013 EMC Corporation. All rights reserved. Access Manager Agent Website with Access Manager Agent 15
  • 16. Providing centralized control with dist. enforcement? PAP/PDP/PEP – See XACML standard Policy Admin. Point Policy Enforcement Point User Policy Decision Point Policy Enforcement Point Hadoop Node #2 Hadoop Node #1 Policy Enforcement Point © Copyright 2013 EMC Corporation. All rights reserved. Hadoop Node #N 16
  • 17. Security Maturity – More Important than Ever Mobile Networked Value Chains Cloud Extended Workforce APTs Sophisticated Fraud Big Data CONTROL COMPLIANCE IT RISK BUSINESS RISK MATURITY LEVEL © Copyright 2013 EMC Corporation. All rights reserved. 17
  • 18. What to do Now? © Copyright 2013 EMC Corporation. All rights reserved. 18
  • 19. 3 Steps to Improved Big Data Security 1. Protect the data – – – Basic access controls (even if only password based) Establish, document, & enforce a Big Data lifecycle Understand where your data lives & moves – – – Audit the platform Audit data consumers Establish remediation procedures – Tokenization/redaction of the truly sensitive stuff 2. Audit/Monitor the systems 3. Make your data more resilient © Copyright 2013 EMC Corporation. All rights reserved. 19
  • 20. Mental break while we shift topics © Copyright 2013 EMC Corporation. All rights reserved. 20
  • 21. Big Data for Security © Copyright 2013 EMC Corporation. All rights reserved. 21
  • 22. Traditional Security is Not Working 99% of breaches led to compromise within “days” or less with 85% leading to data exfiltration in the same time 85% of breaches took “weeks” or more to discover Source: Verizon 2012 Data Breach Investigations Report © Copyright 2013 EMC Corporation. All rights reserved. 22
  • 23. Threat Actors Have Evolved Substantially Organized crime Petty criminals Criminals Organized, sophisticated supply chains (PII, financial services, retail) Unsophisticated Nation state actors PII, government, defense industrial base, IP rich organizations Terrorists Non-state actors © Copyright 2013 EMC Corporation. All rights reserved. Anti-establishment vigilantes PII, Government, critical infrastructure “Hacktivists” Targets of opportunity 23
  • 24. Advanced Threats Are Different 1 System Intrusion TARGETED SPECIFIC OBJECTIVE Attack Begins TIME LOW AND SLOW Cover-Up Discovery Leap Frog Attacks 3 INTERACTIVE HUMAN INVOLVEMENT Cover-Up Complete Dwell Time 1 © Copyright 2013 EMC Corporation. All rights reserved. 2 STEALTHY Response Time Attack Identified Decrease Dwell Time 2 Response Speed Response Time 24
  • 25. Effective Security is always about balance Most organizations need to improve detection/remediation Prevention Remediation Detection © Copyright 2013 EMC Corporation. All rights reserved. 25
  • 26. Orgs. are Increasingly Creating SOCs/CIRCs – Why? Better detection/investigation/remediation Centralized Log Collection SIEM SOC/CIRC IPS IDS AV © Copyright 2013 EMC Corporation. All rights reserved. 26
  • 27. Threats have changed, shouldn’t protection change too? Single well-defined security event – Signature-based approaches for pinpoint accuracy Group of closely related (time or space) security events – Security Incident Event Management approaches for locality identification; Send in the CIRT team in Isolated set of normal-looking events with weak correlation (Advanced or Targeted Attacks) – Needs a data-intensive analytics approach Find me a blade of grass of height H, width W, color G, from field F, cut at time T and changed colors to G’, G’’, G’’’ over time T1, T2,T3.. © Copyright 2013 EMC Corporation. All rights reserved. 27
  • 28. 3 RSA Security Technologies That Leverage Big Data © Copyright 2013 EMC Corporation. All rights reserved. 28
  • 29. RSA Security Analytics ->Using Big Data to Detect Advanced Threats DISTRIBUTED COLLECTION Enrichment Data EUROPE Logs Packets THE ANALYTICS Reporting and Alerting Investigation NORTH AMERICA REAL-TIME ASIA Complex Event Processing Free Text Speech Malware Correlation Analytics Metadata Administration Tagging WAREHOUSE Incident Management Asset Criticality Compliance LONG-TERM LIVE INTELLIGENCE Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions © Copyright 2013 EMC Corporation. All rights reserved. 29
  • 30. RSA SilverTail ->Using Big Data to Detect Web Attacks/Fraud © Copyright 2013 EMC Corporation. All rights reserved. 30
  • 31. RSA Risk Engine -> Using Big Data to Improve Authentication Device Identification User Behavior SSL VPN Authentication Policy Protected Resources PASS Web Browser Web Portals OWA Activity Details Assurance Level RISKY RSA Risk Engine Identity Challenge PASS ? SharePoint © Copyright 2013 EMC Corporation. All rights reserved. OnDemand Challenge Questions FAIL Access Denied 31
  • 32. Questions? Big Data & Security Have Collided What Are You Going to do About It? © Copyright 2013 EMC Corporation. All rights reserved. 32

×