Be the first to like this
With the advent of Big Data in the Threat Analytics space needs emerge to perform near real-time (NRT) threat detection and automated interpretation that speed counter measures and remediation. AT&T Chief Security Organization (CSO) has developed an enterprise architecture that includes near real-time outlier processes necessary to protect its network from cyber threats using the Hadoop ecosystem. One enterprise challenge that CSO has faced is summarized in the statement by Brian Rexroad, Executive Director of Technology and Security: "I feel there is too much emphasis is on "detecting". Significantly more emphasis is needed in automated extraction of related information/activity and interpretation of that information." Therefore; CSO Engineering team developed the Stratum™ architecture that includes many open source and commercial products facilitating the rapid development and operationalization of outliner detectors and interpreters. Extensive use of NRT data ingestion, enrichment, organization and random access storage patterns, make these capabilities possible on top of a Hadoop based ecosystem. The Stratum™ architecture offers the CSO the ability to minimize the time and effects of many cyber threats. Using Big Data technologies for cyber threat analysis is becoming quite common, but the need for outlier detection and interpretation is crucial for enterprise protection.