Successfully reported this slideshow.
Your SlideShare is downloading. ×

Threat Detection and Response at Scale with Dominique Brezinski

Jun. 12, 2018
4 likes 2,354 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Loading in …3
×

Check these out next

Machine Data Analytics
Nicolas Morales
Analyst Keynote: Delivering Faster Insights with a Logical Data Fabric in a H...
Denodo
The Rise of Logical Data Architecture - Breaking the Data Gravity Notion (Mid...
Denodo
Open Source Data Management for Industry 4.0
DataWorks Summit
ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...
Yahoo Developer Network
Big Data Analytics for Real Time Systems
Kamalika Dutta
Security Framework for Multitenant Architecture
DataWorks Summit
Architecting a Modern Data Warehouse: Enterprise Must-Haves
Yellowbrick Data
1 of 25 Ad

Threat Detection and Response at Scale with Dominique Brezinski

Jun. 12, 2018
4 likes 2,354 views

Download to read offline

Data & Analytics

Security monitoring and threat response has diverse processing demands on large volumes of log and telemetry data. Processing requirements span from low-latency stream processing to interactive queries over months of data. To make things more challenging, we must keep the data accessible for a retention window measured in years. Having tackled this problem before in a massive-scale environment using Apache Spark, when it came time to do it again, there were a few things I knew worked and a few wrongs I wanted to right.

We approached Databricks with a set of challenges to collaborate on: provide a stable and optimized platform for Unified Analytics that allows our team to focus on value delivery using streaming, SQL, graph, and ML; leverage decoupled storage and compute while delivering high performance over a broad set of workloads; use S3 notifications instead of list operations; remove Hive Metastore from the write path; and approach indexed response times for our more common search cases, without hard-to-scale index maintenance, over our entire retention window. This is about the fruit of that collaboration.

Security monitoring and threat response has diverse processing demands on large volumes of log and telemetry data. Processing requirements span from low-latency stream processing to interactive queries over months of data. To make things more challenging, we must keep the data accessible for a retention window measured in years. Having tackled this problem before in a massive-scale environment using Apache Spark, when it came time to do it again, there were a few things I knew worked and a few wrongs I wanted to right.

We approached Databricks with a set of challenges to collaborate on: provide a stable and optimized platform for Unified Analytics that allows our team to focus on value delivery using streaming, SQL, graph, and ML; leverage decoupled storage and compute while delivering high performance over a broad set of workloads; use S3 notifications instead of list operations; remove Hive Metastore from the write path; and approach indexed response times for our more common search cases, without hard-to-scale index maintenance, over our entire retention window. This is about the fruit of that collaboration.

Data & Analytics
Advertisement

Recommended

Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Databricks
610 views
28 slides
Automating Splunk at Large Scale with Cloudify
Cloudify Community
401 views
16 slides
Digital Velocity 2014: "The Holy Grail of Digital Data Analytics"
Tealium
1.6k views
23 slides
Big Data Lessons from the Cloud
MapR Technologies
942 views
48 slides
Applying Noisy Knowledge Graphs to Real Problems
DataWorks Summit
239 views
61 slides
BigData
Shankar R
2.7k views
34 slides
Open Source in the Energy Industry - Creating a New Operational Model for Dat...
DataWorks Summit
451 views
21 slides
02 a holistic approach to big data
Raul Chong
3.9k views
68 slides
Advertisement

More Related Content

Slideshows for you (20)

Machine Data Analytics
Nicolas Morales
4.9k views
Analyst Keynote: Delivering Faster Insights with a Logical Data Fabric in a H...
Denodo
168 views
The Rise of Logical Data Architecture - Breaking the Data Gravity Notion (Mid...
Denodo
78 views
Open Source Data Management for Industry 4.0
DataWorks Summit
822 views
ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...
Yahoo Developer Network
435 views
Big Data Analytics for Real Time Systems
Kamalika Dutta
1.8k views
Security Framework for Multitenant Architecture
DataWorks Summit
1.1k views
Architecting a Modern Data Warehouse: Enterprise Must-Haves
Yellowbrick Data
180 views
Big Data Tech Stack
Abdullah Çetin ÇAVDAR
15.2k views
The Yellowbrick Impact for MicroStrategy
Yellowbrick Data
91 views
Talend introduction v1
Softnix Technology
792 views
2016 Cybersecurity Analytics State of the Union
Cloudera, Inc.
1.1k views
Data Science Out of The Box : Case Studies in the Telecommunication by Anand ...
Data Con LA
607 views
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Denodo
123 views
ROI of Big Data Analytics Native on Hadoop
DataWorks Summit
9.7k views
My other computer is a datacentre - 2012 edition
Steve Loughran
2.4k views
Modernizing to a Cloud Data Architecture
Databricks
350 views
How Yellowbrick Data Integrates to Existing Environments Webcast
Yellowbrick Data
224 views
Proof of Concept for Hadoop: storage and analytics of electrical time-series
DataWorks Summit
21.7k views
Big Data Telecom
Trick Consulting
4.1k views
Machine Data Analytics
Nicolas Morales
4.9k views
59 slides
Analyst Keynote: Delivering Faster Insights with a Logical Data Fabric in a H...
Denodo
168 views
18 slides
The Rise of Logical Data Architecture - Breaking the Data Gravity Notion (Mid...
Denodo
78 views
19 slides
Open Source Data Management for Industry 4.0
DataWorks Summit
822 views
31 slides
ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...
Yahoo Developer Network
435 views
16 slides
Big Data Analytics for Real Time Systems
Kamalika Dutta
1.8k views
41 slides

Similar to Threat Detection and Response at Scale with Dominique Brezinski (20)

Data Management - Full Stack Deep Learning
Sergey Karayev
25.1k views
Dp%20 fudamentals%20%28ch1%29
Navid Abbaspour
733 views
Optim test data management for IMS 2011
evgeni77
1.2k views
Optim test data management for IMS 2011
IBM IMS
3k views
Science cloud foster june 2013
Kirill Osipov
302 views
Science as a Service: How On-Demand Computing can Accelerate Discovery
Ian Foster
893 views
EMC Deduplication Fundamentals
emcbaltics
6.2k views
Why 2015 is the Year of Copy Data - What are the requirements?
Storage Switzerland
777 views
ADV Slides: The Evolution of the Data Platform and What It Means to Enterpris...
DATAVERSITY
800 views
Data science neural network project life cycle
Vincent Pommier
135 views
Big Data DC - Analytics at Clearspring
abramsm
1.2k views
Accelerating data-intensive science by outsourcing the mundane
Ian Foster
1.1k views
Data mining
Ujjwal Kumar
2.5k views
Final Ucat Ppt
lionqueen1985
432 views
XLDB South America Keynote: eScience Institute and Myria
University of Washington
1.4k views
High Performance Data Analytics and a Java Grande Run Time
Geoffrey Fox
6.2k views
Scaling-up collections digitisation
Vince Smith
602 views
Webinar: How Snapshots CAN be Backups
Storage Switzerland
993 views
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Kevin Mao
4.6k views
Overview of GovCloud Today
GovCloud Network
1.6k views
Data Management - Full Stack Deep Learning
Sergey Karayev
25.1k views
61 slides
Dp%20 fudamentals%20%28ch1%29
Navid Abbaspour
733 views
43 slides
Optim test data management for IMS 2011
evgeni77
1.2k views
26 slides
Optim test data management for IMS 2011
IBM IMS
3k views
26 slides
Science cloud foster june 2013
Kirill Osipov
302 views
45 slides
Science as a Service: How On-Demand Computing can Accelerate Discovery
Ian Foster
893 views
45 slides
Advertisement

More from Databricks (20)

DW Migration Webinar-March 2022.pptx
Databricks
3.6k views
Data Lakehouse Symposium | Day 1 | Part 1
Databricks
1.4k views
Data Lakehouse Symposium | Day 1 | Part 2
Databricks
672 views
Data Lakehouse Symposium | Day 4
Databricks
1.1k views
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
Databricks
6.1k views
Democratizing Data Quality Through a Centralized Platform
Databricks
1.3k views
Learn to Use Databricks for Data Science
Databricks
1.5k views
Why APM Is Not the Same As ML Monitoring
Databricks
723 views
The Function, the Context, and the Data—Enabling ML Ops at Stitch Fix
Databricks
679 views
Stage Level Scheduling Improving Big Data and AI Integration
Databricks
779 views
Simplify Data Conversion from Spark to TensorFlow and PyTorch
Databricks
1.5k views
Scaling your Data Pipelines with Apache Spark on Kubernetes
Databricks
1.9k views
Scaling and Unifying SciKit Learn and Apache Spark Pipelines
Databricks
632 views
Sawtooth Windows for Feature Aggregations
Databricks
546 views
Redis + Apache Spark = Swiss Army Knife Meets Kitchen Sink
Databricks
550 views
Re-imagine Data Monitoring with whylogs and Spark
Databricks
484 views
Raven: End-to-end Optimization of ML Prediction Queries
Databricks
404 views
Processing Large Datasets for ADAS Applications using Apache Spark
Databricks
445 views
Massive Data Processing in Adobe Using Delta Lake
Databricks
654 views
Machine Learning CI/CD for Email Attack Detection
Databricks
368 views
DW Migration Webinar-March 2022.pptx
Databricks
3.6k views
25 slides
Data Lakehouse Symposium | Day 1 | Part 1
Databricks
1.4k views
43 slides
Data Lakehouse Symposium | Day 1 | Part 2
Databricks
672 views
16 slides
Data Lakehouse Symposium | Day 4
Databricks
1.1k views
74 slides
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
Databricks
6.1k views
64 slides
Democratizing Data Quality Through a Centralized Platform
Databricks
1.3k views
36 slides

Recently uploaded (20)

Measuring Metadata Quality (doctoral defense 2019)
Péter Király
0 views
ANALYZING-THE-MEANING-OF-THE-DATA-ANG-DRAWING-for-edit.pptx
AriusFranco
0 views
Measuring Metadata Quality in Europeana (ADOCHS 2017)
Péter Király
0 views
Format Kartu Keluarga.doc
Jeck Apit
0 views
Measuring cultural heritage metadata quality (Semantics 2017)
Péter Király
0 views
32501.ppt
dhruvkathuria8
0 views
Avinash-Ranjan_16500119021_Softskills.pdf
AvinashRanjan80
0 views
Validating 126 million MARC records (DATeCH 2019)
Péter Király
0 views
computer.pdf
ParvejHossain17
0 views
Black History Month Presentation.pptx
Wawa326030
0 views
SHACL shortly (ELAG 2018)
Péter Király
0 views
Getting started with Pandas Cheatsheet.pdf
SudhakarVenkey
0 views
11700220036.pptx
SouvikRoy149
0 views
6.3 DatacenterService Laporan Juni .pptx
AndreWirawan14
0 views
Runa Capital Open Source Software Report 2022
Alexandra Skarsgard
0 views
PPT on Proposal for FY2022-23.pptx
DineshReddyManchala1
0 views
Measuring completeness as metadata quality metric in Europeana (DH 2017)
Péter Király
0 views
ZAWAR UBC Analysis Jan -22 & Action Plan Feb-23.pptx
PowerMurugan
0 views
Measuring Completeness as Metadata Quality Metric in Europeana (CAS 2018)
Péter Király
0 views
Researching metadata quality (ORKG 2018)
Péter Király
0 views
Measuring Metadata Quality (doctoral defense 2019)
Péter Király
0 views
31 slides
ANALYZING-THE-MEANING-OF-THE-DATA-ANG-DRAWING-for-edit.pptx
AriusFranco
0 views
22 slides
Measuring Metadata Quality in Europeana (ADOCHS 2017)
Péter Király
0 views
30 slides
Format Kartu Keluarga.doc
Jeck Apit
0 views
1 slide
Measuring cultural heritage metadata quality (Semantics 2017)
Péter Király
0 views
22 slides
32501.ppt
dhruvkathuria8
0 views
54 slides
Advertisement

Threat Detection and Response at Scale with Dominique Brezinski

  1. 1. Dominique Brezinski — Apple Information Security • Threat Detection and Response • at Scale
  2. 2. This is about the data platform aspect, not the specific analytics
  3. 3. Agenda • Use Cases, Scale, • and Challenges/Solutions
  4. 4. Enabling Detection and Analytics
  5. 5. Diverse threats require diverse data sets
  6. 6. Streams (left joined) with context and filtered or (inner joined) with indicators
  7. 7. Large time window, multi-dataset graphs
  8. 8. Enabling Triage and Containment
  9. 9. Search and Query
  10. 10. WHERE date > current_date() - 30 days
  11. 11. Scale
  12. 12. >100TB new data a day
  13. 13. >300 billion events per day
  14. 14. Most queried table: 504,761,911,529,518 bytes, 11,149,012,553,409 rows Yeah, trillions!
  15. 15. Streaming Ingestion Architecture
  16. 16. WHERE src_ip = x AND dst_ip = y Total data size: 504 terabytes, 11,149,387,374,965 rows Scanned data size: 36.5 terabytes, 722,630,063,648 rows Additional reduction thanks to data skipping (bytes): 92.4% Additional reduction thanks to data skipping (rows): 93.2%
  17. 17. Simple. Unified.

×