Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Catch a Hacker in Real-Time: Live Visuals of Bots and Bad Guys

317 views

Published on

Cybersecurity today is a big data problem. There’s a ton of data landing on you faster than you can load, let alone search it. In order to make sense of it, we need to act on data-in-motion, use both machine learning, and the most advanced pattern recognition system on the planet: your SOC analysts. Advanced visualization makes your analysts more efficient, helps them find the hidden gems, or bombs in masses of logs and packets.

https://hortonworks.com/webinar/catch-hacker-real-time-live-visuals-bots-bad-guys/

Published in: Technology
  • Be the first to comment

Catch a Hacker in Real-Time: Live Visuals of Bots and Bad Guys

  1. 1. 1 © Hortonworks Inc. 2011–2018. All rights reserved. Catch a hacker in realtime: Live visuals, bots and bad guys with Zoomdata and Apache Metron Justin Langseth (Zoomdata), Simon Elliston Ball (Hortonworks)
  2. 2. 2 © Hortonworks Inc. 2011–2018. All rights reserved. Big Business • $tn market • Access is bought and sold: 5 bitcoin for 100m accounts • Sharing networks • Criminals as a Service • DDoS attacks: cost attackers $5 per hour, defenders ~$40k
  3. 3. 3 © Hortonworks Inc. 2011–2018. All rights reserved. Drowning in Data
  4. 4. 4 © Hortonworks Inc. 2011–2018. All rights reserved. Apache Metron: Open Source, Open Platform, Extensible, for consistent cyber security data REAL-TIME PROCESSING CYBER SECURITY ENGINE Cyber Security Stream Processing Pipeline Telemetry Data Sources Telemetry Data Collectors Telemetry Parsers Enrichment Threat Intel Profiler Alert Triage Indexers and Writers Security EndPoint Devices (Fireye, Palo Alto, BlueCoat, etc.) Machine Generated Logs (AD, App/ Web Server, firewall, VPN, etc.) IDS (Suricata, Snort, etc.) Network Data PCAP , Netflow, Bro, etc.) Threat Intelligence Feeds (Soltra, OpenTaxi third-party feeds) Performance Network Ingest Probes Real-Time Enrich/Threat Intel Streams /Other… Data Vault Real-Time Search Evidentiary Store Threat Intelligence Platform Model as a Service Community Models Data Science Workbench PCAP Forensics Modules Data Services & Integration Layer Telemetry Ingest Buffer
  5. 5. 5 © Hortonworks Inc. 2011–2018. All rights reserved. Apache Metron + Zoomdata Security Data Hortonworks DataFlow (HDF) Hortonworks DataPlatform (HDP)
  6. 6. 6 © Hortonworks Inc. 2011–2018. All rights reserved. IoT: the cloud for bot nets
  7. 7. 7 © Hortonworks Inc. 2011–2018. All rights reserved. Botnet demo
  8. 8. 8 © Hortonworks Inc. 2011–2018. All rights reserved. Long tail problems
  9. 9. 9 © Hortonworks Inc. 2011–2018. All rights reserved. Auth Demo
  10. 10. 10 © Hortonworks Inc. 2011–2018. All rights reserved. Cybersecurity Turnkey Solution
  11. 11. 11 © Hortonworks Inc. 2011–2018. All rights reserved. Data Pipeline and Analytics in Motion ü Visualization and Exploration ü Reporting and Compliance ü Turnkey Hardware & & ü Real-time Security Data Enrichment, Analytics, and Management Cybersecurity Turnkey Solution A multi-partner solution leveraging open source and partner ecosystems
  12. 12. 12 © Hortonworks Inc. 2011–2018. All rights reserved. CISO and Security Exec. IT InfrastructureData Scientists Security Ops Center Cybersecurity Turnkey Solution Benefits everyone in your Security Organization Out-of-the-box frameworks to meet compliance with ease: • NIST • HIPAA • PCI • SOX • ISO Accelerate speed-to-detection with consolidation of multiple cybersecurity mechanisms: • SIEMs • UEBA • network traffic monitoring • automation thru ML • reduction of false positives • alert triage Liberates staff from the heavy lifting of data gathering and cleaning: • Real-time data ingestion and normalization • Platform scalability prevents data loss • Long-term data retention • Module-as-a-Service for flexibility and extensibility Bypass lengthy setup and complex configuration for immediate time-to-value: • Performance-optimized appliance hardware • Turnkey deployment • Easily extensible hardware
  13. 13. 13 © Hortonworks Inc. 2011–2018. All rights reserved. Q&A
  14. 14. 14 © Hortonworks Inc. 2011–2018. All rights reserved. Thank you.

×