SlideShare a Scribd company logo

Detection of Anomalous Behavior

Download as PPTX, PDF
Capgemini
Capgemini

To take action before IT security attacks become critical, organizations need the analytics capabilities necessary to identify anomalous and suspicious behavior quickly.Our Anomalous Behavior Detection Solution addresses security issues that conventional methods can’t. It can help to detect and prevent theft of data or intellectual property (IP), for instance at the behest of nation states, organized crime, or by a disenchanted employee. It can quickly identify when a user is behaving in a way that is abnormal for them and take appropriate action to limit what they can do, or flag up the situation for managerial attention. It can also predict when anomalous behavior is likely to occur, flagging events of interest for further investigation for potential security breach.

Technology
1 of 15
Detecting Anomalous Behavior with the Business Data Lake Paul Gittins & Steve Jones
2 BIM The new threat vectors are highly targeted Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Bad “Actors”  Organized criminals  Foreign States  Hactivists Utilities: Disrupt as a strategic asset Financial Services: Operational code, user accounts, fraud Gain access to critical Intellectual Property Traditional Security approaches wouldn’t catch Edward Snowden and can’t adapt quickly enough to new cyber-crime attacks.
3 The attack surface of the business has significantly increased BIM Three drivers have increased the attack surface: Data volumes, variety and velocity are increasing Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Clouds add complexity Blurred boundaries: Increased need to share data/information across the business and with 3rd parties
4 BIM A new approach is needed to counter the threats Detect Anomalous Behavior React Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Increased Threats Traditional tools don’t protect against “bad actors” who target IP, financial Information and strategic access. Our approach creates insight into anomalous behavior and threats within the business and surrounding ecosystem. Allows you to take appropriate action based on potential impact of threat to reduce risk.
5 BIM SIEM and GRC could not prevent Mr. Snowden  Right identity & access controls Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Social engineering has been a primary attack vector for large threats  Significant IP breaches are often socially engineered  Current tooling is important but insufficient: • Governance, risk and compliance (GRC) defines a set of “allowed behavior” • Identity and access management tooling provide the system level access controls based on policy • SIEM collates but does not provide insight or analytics in the right ways to identify these threats. User accessing critical systems within role GRC Edward Snowden:  In role  Logs collated his activity  Yet the assets were accessed  The NSA could not spot the anomalous behavior. SIEM
6 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Anomalous Behavior  Traditional approaches need to be complemented – SIEM, GRC are still needed  GRC says what is approved – the tasks you can do, the gates you can go through. Abnormal Behavior Detection says whether you should have.  Extend using Anomalous Behavior Detection:  This approach: 1. Learns what is normal [the difference between approved and allowed] 2. Identifies what is anomalous and categorizes the risk 3. Alerts so you can react before it becomes a problem. New Outcomes are Possible  It is an extension of current security approaches that enables a reduction in GRC and can identify threats that GRC cannot • It shows where “allowed” is not “normal” and the scope of the deviation from the norm. • Detect social engineering attacks as well as network level detections • Minimize the exposure time and loss • Potentially predict the leakage areas ahead of the attack • This can be applied to both GRC areas (Snowden) and non-GRC areas (networks, non-controlled information) to build up a broader pattern of behavior. We need a different approach
7 BIM Detection of Anomalous Behavior – from Insight to Action Inform management Adjust policies Lockdown Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Structured data Machine learning defines “normal” across user base SIEM AD HR Unstructured data Images Social Email Video Automated response based on level of deviation and system criticality Deviation from norm triggers action Users accessing key systems within role as defined by GRC
8 BIM How we generate insight into anomalies to enable action By taking a Data Science approach: Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Tools: • Use of the opensource MADlib library to provide in-database functions • Leading edge tools to implement machine learning collaboratively  Methods: • Parallelized a wide variety of machine learning algorithms for optimum performance on the Business Data Lake • Agile, test-driven, customer focused  Process: • Analytical workflow aligned with business needs and optimized for speed • Supports iterative and collaborative working. Business Data Lake Sources Ingestion Action tier tier Insights tier Unified operations tier System monitoring System management Unified data management tier Data mgmt. services MDM RDM Audit and policy mgmt. Workflow management Processing tier In-memory MPP database Distillation tier HDFS storage Unstructured and structured data Real time Micro batch Mega batch SQL NoSQL SQL SQL MapReduce Query interfaces Real-time ingestion Micro batch ingestion Batch ingestion Real-time insights Interactive insights Batch insights IAM SIEM GRC Network Images Social Email SIEM AD Video HR
9 Examples – SIEM, GRC and Detection of Anomalous Behavior BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. 1 Out of policy access In policy but extremely abnormal access 2 3 In policy but abnormal access User tries to access what they shouldn’t GRC says “no”, notifies SIEM SIEM collates, alerts, may reduce privileges via GRC/IAM User accesses single item out of norm but in policy GRC says “yes” AB ‘but that isn’t normal’, alert to SIEM SIEM collates, alerts, may reduce privileges via GRC/IAM User accesses multiple areas out of ordinary but in policy GRC says “yes” AB ‘this is the ONLY person EVER to do this!’ alert to SIEM Shutdown of user access + manager alerts
10 Investigate BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Ingest both Extendable common platform for whole business, not just security network and wider business information at scale. Ingest Store  Store for both near real time and long term analysis.  Create insight into possible anonymous behavior. Analyze Surface  Surface insight to management tools with context.  Take automated action based on risk and potential impact of anomaly. Act automatically  For final action and improve algorithms. GRC, SIEM, Investigator Use Identity and Access management to reduce/remove rights automatically Alert management Real time, batch, based on business need, swap and switch without re-engineering or recoding Ingest as many events as practical for long term analysis Ensure closed loop How do we build this approach?
11 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Typical Use Cases  Visualizing heat maps of issues across an organization by business unit or profile  Profiling systems or devices for indicators of risk, highlighting places where an alert needs to prioritized over others because of its likelihood of affecting the business  Spotting a compromised host when a particular IP address or user exhibits multiple suspicious characteristics over a week-long period  Providing investigative context after an alert gets triggered to determine the cause or impact of an issue, e.g. if the user downloaded an executable prior to the alert, or the IP accessed a critical asset after triggering the alert  Detecting lateral movement based on active data by using graph analytics to profile user behavior and peers’ behaviors.
12 BIM Sources Action tier SQL Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Business Data Lake Architecture Ingestion tier Insights tier Unified operations tier System monitoring System management Unified data management tier Data mgmt. services MDM RDM Audit and policy mgmt. Workflow management Processing tier In-memory MPP database Distillation tier HDFS storage Unstructured and structured data Real time Micro batch Mega batch SQL NoSQL SQL MapReduce Query interfaces Real-time ingestion Micro batch ingestion Batch ingestion Real-time insights Interactive insights Batch insights IAM SIEM GRC Network Images Social Email SIEM AD Video HR
13 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Provide platform for future defense capability Advanced Machine Learning Advanced Automation Anticipate Attacks Enhance through federated sharing of threats Automated quarantine of resources
14 BIM Machine Learning Algorithms  ARIMA  Principal Component Analysis  Topic Modeling (Parallel LDA)  Decision Trees  Ensemble Learners (Random  Support Vector Machines  Conditional Random Field (CRF)  Clustering (K-means)  Cross Validation. Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. MADlib in-database functions Predictive Modeling Library Generalized Linear Models  Linear Regression  Logistic Regression  Multinomial Logistic Regression  Cox Proportional Hazards  Regression  Elastic Net Regularization  Sandwich Estimators (Huber white, clustered, marginal effects). Matrix Factorization  Singular Value Decomposition (SVD). (PCA)  Association Rules (Affinity Analysis, Market Basket) Forests) Linear Systems  Sparse and Dense Solvers. Descriptive Statistics  Sketch-based Estimators • CountMin (Cormode- Muthukrishnan) • FM (Flajolet-Martin) • MFV (Most Frequent Values)  Correlation  Summary. Support Modules  Array Operations  Sparse Vectors  Random Sampling  Probability Functions.
www.capgemini.com/bdl www.pivotal.io/big-data/businessdatalake The information contained in this presentation is proprietary. Copyright © 2014 Capgemini. All rights reserved. Rightshore® is a trademark belonging to Capgemini. About Capgemini With almost 140,000 people in over 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2013 global revenues of EUR 10.1 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience™, and draws on Rightshore®, its worldwide delivery model.

Recommended

InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings Data Resolve Technologies Pvt. Ltd.
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
First Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsFirst Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsPhil Huggins FBCS CITP
 
College Presentation
College PresentationCollege Presentation
College Presentationscottfrost
 

Recommended

InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings Data Resolve Technologies Pvt. Ltd.
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
First Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsFirst Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsPhil Huggins FBCS CITP
 
College Presentation
College PresentationCollege Presentation
College Presentationscottfrost
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMInfinIT - Innovationsnetværket for it
 
How to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramHow to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramMatt Moneypenny
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Coastal Pet Products, Inc.
 
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of CompromiseSecurityMetrics
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysDigital Guardian
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
You will be breached
You will be breachedYou will be breached
You will be breachedMike Saunders
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017EQS Group
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Customer Insights Prozess
Customer Insights ProzessCustomer Insights Prozess
Customer Insights ProzessCapgemini
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 

More Related Content

What's hot

How to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramHow to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramMatt Moneypenny
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Coastal Pet Products, Inc.
 
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysDigital Guardian
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
You will be breached
You will be breachedYou will be breached
You will be breachedMike Saunders
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017EQS Group
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 

What's hot (20)

Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
How to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramHow to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness Program
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the Trenches
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
 
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burns
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 
You will be breached
You will be breachedYou will be breached
You will be breached
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 

Similar to Detection of Anomalous Behavior

Customer Insights Prozess
Customer Insights ProzessCustomer Insights Prozess
Customer Insights ProzessCapgemini
 
Big Data - Amplifying Security Intelligence
Big Data - Amplifying Security IntelligenceBig Data - Amplifying Security Intelligence
Big Data - Amplifying Security IntelligenceIBM Danmark
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big riskIBM Sverige
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_referencesMaarten Werff
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
Security and Audit for Big Data
Security and Audit for Big DataSecurity and Audit for Big Data
Security and Audit for Big DataNicolas Morales
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousPriyanka Aash
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
Real-Time Analytics for Industries
Real-Time Analytics for IndustriesReal-Time Analytics for Industries
Real-Time Analytics for IndustriesAvadhoot Patwardhan
 

Similar to Detection of Anomalous Behavior (20)

Customer Insights Prozess
Customer Insights ProzessCustomer Insights Prozess
Customer Insights Prozess
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Big Data - Amplifying Security Intelligence
Big Data - Amplifying Security IntelligenceBig Data - Amplifying Security Intelligence
Big Data - Amplifying Security Intelligence
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
Security and Audit for Big Data
Security and Audit for Big DataSecurity and Audit for Big Data
Security and Audit for Big Data
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoft
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
Real-Time Analytics for Industries
Real-Time Analytics for IndustriesReal-Time Analytics for Industries
Real-Time Analytics for Industries
 

More from Capgemini

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022Capgemini
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Capgemini
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Capgemini
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022Capgemini
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Capgemini
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022Capgemini
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Capgemini
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですCapgemini
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Capgemini
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Capgemini
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Capgemini
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Capgemini
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021Capgemini
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Capgemini
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Capgemini
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Capgemini
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Capgemini
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Capgemini
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020Capgemini
 

More from Capgemini (20)

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Detection of Anomalous Behavior

  • 1. Detecting Anomalous Behavior with the Business Data Lake Paul Gittins & Steve Jones
  • 2. 2 BIM The new threat vectors are highly targeted Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Bad “Actors”  Organized criminals  Foreign States  Hactivists Utilities: Disrupt as a strategic asset Financial Services: Operational code, user accounts, fraud Gain access to critical Intellectual Property Traditional Security approaches wouldn’t catch Edward Snowden and can’t adapt quickly enough to new cyber-crime attacks.
  • 3. 3 The attack surface of the business has significantly increased BIM Three drivers have increased the attack surface: Data volumes, variety and velocity are increasing Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Clouds add complexity Blurred boundaries: Increased need to share data/information across the business and with 3rd parties
  • 4. 4 BIM A new approach is needed to counter the threats Detect Anomalous Behavior React Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Increased Threats Traditional tools don’t protect against “bad actors” who target IP, financial Information and strategic access. Our approach creates insight into anomalous behavior and threats within the business and surrounding ecosystem. Allows you to take appropriate action based on potential impact of threat to reduce risk.
  • 5. 5 BIM SIEM and GRC could not prevent Mr. Snowden  Right identity & access controls Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Social engineering has been a primary attack vector for large threats  Significant IP breaches are often socially engineered  Current tooling is important but insufficient: • Governance, risk and compliance (GRC) defines a set of “allowed behavior” • Identity and access management tooling provide the system level access controls based on policy • SIEM collates but does not provide insight or analytics in the right ways to identify these threats. User accessing critical systems within role GRC Edward Snowden:  In role  Logs collated his activity  Yet the assets were accessed  The NSA could not spot the anomalous behavior. SIEM
  • 6. 6 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Anomalous Behavior  Traditional approaches need to be complemented – SIEM, GRC are still needed  GRC says what is approved – the tasks you can do, the gates you can go through. Abnormal Behavior Detection says whether you should have.  Extend using Anomalous Behavior Detection:  This approach: 1. Learns what is normal [the difference between approved and allowed] 2. Identifies what is anomalous and categorizes the risk 3. Alerts so you can react before it becomes a problem. New Outcomes are Possible  It is an extension of current security approaches that enables a reduction in GRC and can identify threats that GRC cannot • It shows where “allowed” is not “normal” and the scope of the deviation from the norm. • Detect social engineering attacks as well as network level detections • Minimize the exposure time and loss • Potentially predict the leakage areas ahead of the attack • This can be applied to both GRC areas (Snowden) and non-GRC areas (networks, non-controlled information) to build up a broader pattern of behavior. We need a different approach
  • 7. 7 BIM Detection of Anomalous Behavior – from Insight to Action Inform management Adjust policies Lockdown Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Structured data Machine learning defines “normal” across user base SIEM AD HR Unstructured data Images Social Email Video Automated response based on level of deviation and system criticality Deviation from norm triggers action Users accessing key systems within role as defined by GRC
  • 8. 8 BIM How we generate insight into anomalies to enable action By taking a Data Science approach: Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Tools: • Use of the opensource MADlib library to provide in-database functions • Leading edge tools to implement machine learning collaboratively  Methods: • Parallelized a wide variety of machine learning algorithms for optimum performance on the Business Data Lake • Agile, test-driven, customer focused  Process: • Analytical workflow aligned with business needs and optimized for speed • Supports iterative and collaborative working. Business Data Lake Sources Ingestion Action tier tier Insights tier Unified operations tier System monitoring System management Unified data management tier Data mgmt. services MDM RDM Audit and policy mgmt. Workflow management Processing tier In-memory MPP database Distillation tier HDFS storage Unstructured and structured data Real time Micro batch Mega batch SQL NoSQL SQL SQL MapReduce Query interfaces Real-time ingestion Micro batch ingestion Batch ingestion Real-time insights Interactive insights Batch insights IAM SIEM GRC Network Images Social Email SIEM AD Video HR
  • 9. 9 Examples – SIEM, GRC and Detection of Anomalous Behavior BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. 1 Out of policy access In policy but extremely abnormal access 2 3 In policy but abnormal access User tries to access what they shouldn’t GRC says “no”, notifies SIEM SIEM collates, alerts, may reduce privileges via GRC/IAM User accesses single item out of norm but in policy GRC says “yes” AB ‘but that isn’t normal’, alert to SIEM SIEM collates, alerts, may reduce privileges via GRC/IAM User accesses multiple areas out of ordinary but in policy GRC says “yes” AB ‘this is the ONLY person EVER to do this!’ alert to SIEM Shutdown of user access + manager alerts
  • 10. 10 Investigate BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Ingest both Extendable common platform for whole business, not just security network and wider business information at scale. Ingest Store  Store for both near real time and long term analysis.  Create insight into possible anonymous behavior. Analyze Surface  Surface insight to management tools with context.  Take automated action based on risk and potential impact of anomaly. Act automatically  For final action and improve algorithms. GRC, SIEM, Investigator Use Identity and Access management to reduce/remove rights automatically Alert management Real time, batch, based on business need, swap and switch without re-engineering or recoding Ingest as many events as practical for long term analysis Ensure closed loop How do we build this approach?
  • 11. 11 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Typical Use Cases  Visualizing heat maps of issues across an organization by business unit or profile  Profiling systems or devices for indicators of risk, highlighting places where an alert needs to prioritized over others because of its likelihood of affecting the business  Spotting a compromised host when a particular IP address or user exhibits multiple suspicious characteristics over a week-long period  Providing investigative context after an alert gets triggered to determine the cause or impact of an issue, e.g. if the user downloaded an executable prior to the alert, or the IP accessed a critical asset after triggering the alert  Detecting lateral movement based on active data by using graph analytics to profile user behavior and peers’ behaviors.
  • 12. 12 BIM Sources Action tier SQL Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Business Data Lake Architecture Ingestion tier Insights tier Unified operations tier System monitoring System management Unified data management tier Data mgmt. services MDM RDM Audit and policy mgmt. Workflow management Processing tier In-memory MPP database Distillation tier HDFS storage Unstructured and structured data Real time Micro batch Mega batch SQL NoSQL SQL MapReduce Query interfaces Real-time ingestion Micro batch ingestion Batch ingestion Real-time insights Interactive insights Batch insights IAM SIEM GRC Network Images Social Email SIEM AD Video HR
  • 13. 13 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Provide platform for future defense capability Advanced Machine Learning Advanced Automation Anticipate Attacks Enhance through federated sharing of threats Automated quarantine of resources
  • 14. 14 BIM Machine Learning Algorithms  ARIMA  Principal Component Analysis  Topic Modeling (Parallel LDA)  Decision Trees  Ensemble Learners (Random  Support Vector Machines  Conditional Random Field (CRF)  Clustering (K-means)  Cross Validation. Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. MADlib in-database functions Predictive Modeling Library Generalized Linear Models  Linear Regression  Logistic Regression  Multinomial Logistic Regression  Cox Proportional Hazards  Regression  Elastic Net Regularization  Sandwich Estimators (Huber white, clustered, marginal effects). Matrix Factorization  Singular Value Decomposition (SVD). (PCA)  Association Rules (Affinity Analysis, Market Basket) Forests) Linear Systems  Sparse and Dense Solvers. Descriptive Statistics  Sketch-based Estimators • CountMin (Cormode- Muthukrishnan) • FM (Flajolet-Martin) • MFV (Most Frequent Values)  Correlation  Summary. Support Modules  Array Operations  Sparse Vectors  Random Sampling  Probability Functions.
  • 15. www.capgemini.com/bdl www.pivotal.io/big-data/businessdatalake The information contained in this presentation is proprietary. Copyright © 2014 Capgemini. All rights reserved. Rightshore® is a trademark belonging to Capgemini. About Capgemini With almost 140,000 people in over 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2013 global revenues of EUR 10.1 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience™, and draws on Rightshore®, its worldwide delivery model.