Successfully reported this slideshow.

Big data security in the cloud: Buzzword Bingo!


Published on

Check out these slides from SpiceWorld London that talk about debuzzing network security! Sometimes we get so caught up using buzzwords that we lose the point of the whole solution, we don’t want that to be the case for our new online security solution and we need the SpiceHeads to help! Be the first to see our totally new solution and help us to shape the future of a tool that gives you the power to manage your network security like large enterprises, at a fraction of the price and time commitment.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Big data security in the cloud: Buzzword Bingo!

  1. 1. Big data security in the cloud BUZZWORD BINGO? Andrew Stock Head of Applied Research, BAE Systems Applied Intelligence
  2. 2. Why are we here? Unless we can leverage synergies and address organisational wastage we’re uplifting the adversary
  3. 3. Why are we here? Unless everyone can tackle cybersecurity efficiently we’re wasting money and helping the bad guys
  4. 4. It’s  a  big  business  problem  
  5. 5. 76%of small businesses had a malicious security incident in 2012
  6. 6. threats
  7. 7. State sponsored / APT Debuzzed: •  Does represent a real threat to organisations •  Smaller organisations at threat as part of supply chain •  Not necessarily advanced in techniques
  8. 8. Supply chain Debuzzed: •  Attackers increasingly using weaker supply chain to get to hard targets •  Consider all inbound and outbound connections carefully
  9. 9. Insider Debuzzed: •  All companies run the risk of an insider attack •  Can only lock down the environment so much before you affect the business •  Will often know how to work around prevention measures
  10. 10. Competitors Debuzzed: •  There are companies out there that will hack for money •  There are competitors who will pay for that advantage •  Vulnerability will depend on your company’s markets
  11. 11. Vandals Debuzzed: •  Sometimes difficult to predict, other times they advertise •  Main goal likely to be publicity so risk depends on prominence
  12. 12. Organised crime Debuzzed: •  Probably not targeting companies directly •  Plenty of opportunity to cause problems though
  13. 13. Threats State sponsored •  Does represent a threat to some organisations Organised crime •  Not necessarily targeting companies, but can cause issues Competitors •  Does happen, but will depend on geography Insider •  Everyone at risk – balance with need to work Vandals •  Likelihood of attack varies with prominence Supply chain •  Consider all inbound and outbound connections carefully
  14. 14. detection
  15. 15. Framing the problem “…as we know, there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know”
  16. 16. Known knowns
  17. 17. Prevention is better than cure
  18. 18. Signatures Debuzzed: •  Worth looking for things you already know about – cheap and effective •  Not a universal solution •  Limited capability to detect targeted attacks
  19. 19. Known unknowns
  20. 20. Rule-based detection Debuzzed: •  More flexible than signatures allowing better detection •  False positives are likely to increase as well •  Still limited to specific details of an attack
  21. 21. Threat intelligence Debuzzed: •  Only as useful as your ability to do something about it •  Very wide range of prices… and quality •  Storing and sharing it is hard in a company
  22. 22. Unknown unknowns
  23. 23. Security analytics Debuzzed: •  Lots of odd patterns exist •  False positives are inevitable •  Beware too good to be true claims
  24. 24. “Big data is like teenage sex: everyone talks about it, nobody really knows how to do it, everyone thinks everyone else is doing it, so everyone claims they are doing it...” Dan Ariely
  25. 25. Big data Debuzzed: •  Handling large data sets isn’t new •  New technology has changed the economics •  Not a single technology or application •  Big skills gap in most organisations
  26. 26. The elephant in the room Debuzzed: •  Actually a collection of software tools rather than a single product •  No out-of-the-box capability •  Varying levels of maturity across the tools •  Vendor integrations are variable in how they embrace “the Hadoop way”
  27. 27. Big data and NoSQL Debuzzed: •  Lots of tools to choose from •  All have different advantages and compromises •  Don’t get help out of the box •  Consider using hosted services to reduce administration complexity
  28. 28. Detection roundup Known knowns •  Cheap and effective to look for known threats •  Only provides partial protection Known unknowns •  Rules provide greater detection with increased false positives •  Need to use threat intelligence effectively to inform rules Unknown unknowns •  New technologies are helpful but not the full answer •  Beware promises of perfect detection
  29. 29. resources
  30. 30. There is an I in team. Because I am the team. Debuzzed: •  Community is important •  Needs to be external for most smaller organisations
  31. 31. Why are we here? Unless everyone can tackle cybersecurity efficiently we’re wasting money and helping the bad guys