Cloudera Federal Forum 2014: A 360 Degree View of the Insider Threat

1,936 views

Published on

Marc Kriz, National Security Programs of Cloudera Government Solutions, discusses a paradigm shift for fraud detection where the enterprise data hub enables a 360 degree view of insider threats.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,936
On SlideShare
0
From Embeds
0
Number of Embeds
135
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cloudera Federal Forum 2014: A 360 Degree View of the Insider Threat

  1. 1. Enabling a 360 Degree View of the Insider Threat A Paradigm Shift for Fraud Detection 1 ©2014 Cloudera, Inc. All rights reserved.
  2. 2. 2
  3. 3. 3
  4. 4. 4
  5. 5. 360 Degree View Requires A New Approach Currently Each Analyst explores a “silo” of data via rules based analytics Bring silos of Data to Analyst Analyst Data Analyst Process-centric Single-threaded use: • Structured data mainly • Internal data only • “Important” data only Data Data Analyst Effectiveness limited to number of analysts available, data size and time Data Relative size & complexity 5 ©2014 Cloudera, Inc. All rights reserved.
  6. 6. Steps to a 360 Degree View Operational Data Sources Exploratory Data Analysis & Transformation Alert Generation Process Business Rules Alert Administration Rules Transactions Analytics External Data 6 Intelligent Repository Categories Predictive Modeling Unstructured Text Analytics Anomaly Detection Internal Data Link Analysis Sentiment Learn and Improve Cycle Enterprise Data Hub Alert Management & BI / Reporting Case Management Analytics
  7. 7. Relevant Data Surfaced in Dashboard Overall Risk Assessment: Ranked List of High Risk Personnel: Name Risk Score Ed Snowden Personnel with Risk Scores that Recently Changed Old Score New Score 94 Hans Bjork 34 94 Bob Miller 93 Ann West 26 93 Jeff Hughes Risk Per Category: SF 86: Public Records: Financial: Network Activity: Social Media Activity: Building Access: Foreign Travel: Name 87 Jack Fisher 17 87 Bill Jones 86 Henry Chi 45 86 Mary Smith 82 Susan Lee 12 82 Open Cases: Name Risk Score Investigator Charlie Smith 94 Bob P. Karen Miller 93 Jane F. Hank Williams 87 Bill J.
  8. 8. Time Spent Focused on Unknowns Name: Edward Snowden DOB: 06/21/83 Org: S2-3A2 Risk Assessment: Building Access: Network Activity: SF 86: • • Matches Public Record Verified by Investigators Public Records: • • 2011-02-12: Acquired insurance on new Ferrari, registered in brother’s name 2011-03-17: Arrested for DUI Foreign Travel: • 2011-06-12: • 2010-11-25: • 2010-12-25: Beijing, China Taipei, Taiwan Mogadishu, Somalia Text Analytics Associations
  9. 9. 9
  10. 10. 10 ©2014 Cloudera, Inc. All rights reserved.

×