Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Gianluca Gaias
Security, Risk & Compliance Director
YOOX NET-A-PORTER Group
Giovanni Curatola
Building an Enterprise-grade...
Personal introduction
Gianluca Gaias, YOOX NET-A-PORTER Group
Security, Risk & Compliance Director
YOOX NET-A-PORTER Group...
Key Takeaways
From a technology oriented approach to an info-centric approach.
From log correlation to pattern recognition...
Agenda
4
Yoox Group: business and challenges.
Security evolution overview
From Tech Oriented approach to Information Orien...
YOOX NET-A-PORTER GROUP
Over 180 countries served
DCs
US, UK, Italy, China, Hong Kong, Japan
Customer care covering all ti...
Rest of Europe
48.8%
 Global premier online luxury
fashion destination for content
and commerce for the season’s
must-hav...
YOOX NET-A-PORTER Group: Challenges
7
Keep the trust
– Data Confidentiality
– Data Integrity and Completeness
– Data Proce...
Security Evolution Overview
8
0
1
2
3
4
5
6
7
8
9
Data Leakage Prevention
Information Security
Compliance
IPS & Anomaly De...
Security Evolution – Tech vs Info
Technology Oriented:
– Info confined to technology
– Partial identity definition
– No co...
From Tech to Info
“From a technology oriented approach to an info-centric approach.”
1
Investigation
1
Investigation: show details
1
Advanced Dashboard: IP Blacklist
• Proactive Dashboard
• One-click blacklist on
Akamai WAF through
Akamai API calls
• Splu...
WAF activity rapresentation: standard dashboard
• Statistical evidences by:
– Source IP
– Attack type
– WAF Action
• Event...
“From standard dashboards to real-time dynamic dashboards”
Real-time Dynamic Dashboard: Attack Map
Security Evolution – Risk Mgmt & Pattern Rec.
Risk Management:
– Correlation of Tech Elements and Business Elements
– Supp...
Pattern Recognition
Single security events may be part of a more complex action.
Correlation
Brute Force
Exce. Out Data
Hi...
Risk Management
“From a security event to
an context-aware security
information”
Risk
Static
Assign.
(Lookup)
N level
corr...
Use Case: Attackers Activity
Detect sequence of relevant event by identity
Activity Score: vertical axes, max of the same ...
Reconsidering dashboard design
Native Log Collection
Splunk Log Collection
Standard Dashboards
Advanced
Dashboards
Pattern...
Key Takeaways
From a technology oriented approach to an info-centric approach.
From log correlation to pattern recognition...
Questions?
Grazie
Upcoming SlideShare
Loading in …5
×

SplunkLive! Milano 2016 - customer presentation - Yoox - Net a porter

4,831 views

Published on

SplunkLive! Milano 2016
Customer presentation Yoox-Net a porter
Security Intelligence platform

Published in: Technology
  • Be the first to comment

SplunkLive! Milano 2016 - customer presentation - Yoox - Net a porter

  1. 1. Gianluca Gaias Security, Risk & Compliance Director YOOX NET-A-PORTER Group Giovanni Curatola Building an Enterprise-grade Security Intelligence Platform at YOOX NET-A-PORTER Group (Gain the Big Picture)
  2. 2. Personal introduction Gianluca Gaias, YOOX NET-A-PORTER Group Security, Risk & Compliance Director YOOX NET-A-PORTER Group is the global Internet retailing partner for leading fashion and luxury brands 2
  3. 3. Key Takeaways From a technology oriented approach to an info-centric approach. From log correlation to pattern recognition. From a passive/display platform to a proactive/executive platform. From standard dashboards to real-time dynamic dashboards. From a security event to an context-aware security information. 3
  4. 4. Agenda 4 Yoox Group: business and challenges. Security evolution overview From Tech Oriented approach to Information Oriented approach – Deep Investigation – Proactive Dashboard: IP Blacklist – Real-time Dynamic Dashboard: Attack Map Risk Management and Pattern Recognition – Use Case: Attackers Activity Reconsidering dashboard design Next Steps
  5. 5. YOOX NET-A-PORTER GROUP Over 180 countries served DCs US, UK, Italy, China, Hong Kong, Japan Customer care covering all time zones Local Offices: New York, London, Milan, Bologna, Paris, Hong Kong, Shanghai, Tokyo Same-Day Delivery in London, Manhattan, Connecticut and Hong Kong Digital production facilities US, UK, Italy, China, Hong Kong, Japan Butler service and authenticity RFid seal 1 order processed every 4 seconds 1.7 billion revenues 27.1 million active customers PRO-FORMA 2015 FY 7.1 million orders 27.1 million active customers
  6. 6. Rest of Europe 48.8%  Global premier online luxury fashion destination for content and commerce for the season’s must-have womenswear collections  Unparalleled editorial content, including its weekly online magazine THE EDIT and bi- monthly print magazine PORTER  Global destination for men’s style with unparalleled offering from the season of the leading menswear, watchmakers and specialist grooming brands  Rich editorial content through the weekly online magazine The Journal and bi-monthly newspaper The MR PORTER Post MULTI-BRAND IN-SEASON MULTI-BRAND OFF-SEASON Rest of Europe 48.8% The world’s leading online lifestyle store for fashion, design and art  Broad offering of off-season premium apparel and accessories, exclusive collections, home & design and artworks  The online destination for women dedicated entirely to in-season high-end shoes  Exclusive shoe-related services and editorial component Rest of Europe 48.8%  Go-to destination for previous- season designer fashion for the global style-conscious woman looking for the best designer products at great prices  In-house label of styling essentials “Iris and Ink”  The luxury online boutique devoted to creating distinctive style through an eclectic and selective in-season assortment of high fashion and directional designers for men and women  Dedicated mini-stores ONLINE FLAGSHIP STORES  Official Online Flagship Stores of leading fashion and luxury brands for which YNAP is the exclusive partner  Long-term partnerships and many more … JVCo with Kering .com .com .com .com .com .com .com .com .com .com .com .com .com .com .com .com .com .com  Proprietary business where YNAP operates as an e-tailer for the season’s luxury fashion collections under its four own brand names  Proprietary business where YNAP operates as an e-tailer mainly for the previous-season designer fashion under its two own brand names “Powered by YOOX NET-A-PORTER GROUP”
  7. 7. YOOX NET-A-PORTER Group: Challenges 7 Keep the trust – Data Confidentiality – Data Integrity and Completeness – Data Processing Transparency High Availability in hostile enviroment Gain the big picture: – Challenge and Enabler  Shareholders  Customers  Stakeholders
  8. 8. Security Evolution Overview 8 0 1 2 3 4 5 6 7 8 9 Data Leakage Prevention Information Security Compliance IPS & Anomaly Detection Administrative Access Control PCI-DSS Compliance Sites Vulnerability Checks Code Review Logical Access Governance Security Intelligence Platform Online Brand Protection Privacy Compliance Information Process Analysis 2011 2013 2015
  9. 9. Security Evolution – Tech vs Info Technology Oriented: – Info confined to technology – Partial identity definition – No covered gaps Information Oriented - Splunk: – Enrichement of tech logs – Event correlation – Clear identity definition 9
  10. 10. From Tech to Info “From a technology oriented approach to an info-centric approach.” 1
  11. 11. Investigation 1
  12. 12. Investigation: show details 1
  13. 13. Advanced Dashboard: IP Blacklist • Proactive Dashboard • One-click blacklist on Akamai WAF through Akamai API calls • Splunk is able to run a command on input source Drilldown «From a passive/display platform to a proactive/executive platform»
  14. 14. WAF activity rapresentation: standard dashboard • Statistical evidences by: – Source IP – Attack type – WAF Action • Event distribution over the time • Spike visibility depends from the scale • Is not evident: – Attack frequency – Relation between Source IP, Attack type and WAF action Pros Cons
  15. 15. “From standard dashboards to real-time dynamic dashboards” Real-time Dynamic Dashboard: Attack Map
  16. 16. Security Evolution – Risk Mgmt & Pattern Rec. Risk Management: – Correlation of Tech Elements and Business Elements – Support to quantitative risk analysis – Assigning Risk value to alerts Pattern Recognition: – Different levels of correlation – Pattern as result of several high-level events from different systems by identity – Knowledge from historical incidents and analysts experience – Goal: detect user behavior and recurrent attack patterns
  17. 17. Pattern Recognition Single security events may be part of a more complex action. Correlation Brute Force Exce. Out Data High Conn. Correlation Level 1 Correlation Level 2 Correlation Level n Data Exfiltration «From log correlation to pattern recognition» Sequence Introduced by high level analyst Pattern Consolidation Analyst
  18. 18. Risk Management “From a security event to an context-aware security information” Risk Static Assign. (Lookup) N level correlation Content Eval Usually single security event has a static risk We need risk value based on content and other events correlated.
  19. 19. Use Case: Attackers Activity Detect sequence of relevant event by identity Activity Score: vertical axes, max of the same alert type Activity Frequency: ball diameter Pattern Recognition Risk Value
  20. 20. Reconsidering dashboard design Native Log Collection Splunk Log Collection Standard Dashboards Advanced Dashboards Pattern Recognition Splunk Engineers NOC SOC Security Analyst Head of Security Knowledge Data Meaning The Big Picture
  21. 21. Key Takeaways From a technology oriented approach to an info-centric approach. From log correlation to pattern recognition. From a passive/display platform to a proactive/executive platform. From standard dashboards to real-time dynamic dashboards. From a security event to an context-aware security information.
  22. 22. Questions?
  23. 23. Grazie

×