Darin Fisher [InfluxData] | Security Monitoring in the Time Series Domain | InfluxDays Virtual Experience NA 2020

InfluxData
InfluxDataInfluxData
Security Monitoring in the Time Series Domain Darin Fisher Security Tools Manager, InfluxData
Who am I and what do I do...
© 2020 InfluxData. All rights reserved. 3 Security Tools Manager Tech Support Sys Admin Network Engineer Security Director Developer ISPs Banks Telcos Pharma OPERATIONS DEVELOPMENT MANAGEMENT Software
Why another security solution?
© 2020 InfluxData. All rights reserved. 5 “The first step in finding anomalies in network and device behavior is collecting the data and organizing it into a collection of time series.” -- Nate Fick Endgame
© 2020 InfluxData. All rights reserved. 6 The strength of time series modeling is generally not used in almost all current intrusion detection and prevention systems. Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence Azween Abdullah Thulasyammal Ramiah Pillai Long Zheng Cai ● Most are noisy and ineffectual ● SaaS access monitoring is generally not available ● Cross SaaS correlation is generally not available
Building Security Tools with InfluxDB
© 2020 InfluxData. All rights reserved. 8 “That's another reason I was interested in coming to work at InfluxData, where we can build our own security tools on top of our own platform.” -- Peter Albert, CISO, InfluxData
What are we doing?
© 2020 InfluxData. All rights reserved. 10 “Everything should be made as simple as possible, but no simpler.” -- Albert Einstein ● Build the tools we need to help keep our services safe ● Share these tools ○ InfluxDB Templates ● Collaborate with the community for more solutions ○ What would help you?
Security monitoring is noisy, focus!
© 2020 InfluxData. All rights reserved. 12 ● SaaS first company ● 100 separate providers ● SaaS provider ● Continually changing attack surface ● Anomaly Detection It can be difficult to determine what to watch with a large number of providers and an ever changing infrastructure.
© 2020 InfluxData. All rights reserved. 13 ● SaaS Access Activity ○ Compromised accounts are the #1 cause of security breaches ○ Increased failure rate ○ Source address and account ID cardinality ● Cloud Access Activity ○ Increased resource utilization ○ Access changes ○ Network changes ○ Increase in costs Do we see activity anomalies …?
© 2020 InfluxData. All rights reserved. 14 ● Network Attack Surface ○ Public address changes ○ Public port changes ● Account Audits ○ Is the terminated account removed from all SaaS providers? ● State of Security Controls ○ Is authentication active and functional? ○ Is there activity from a disabled account? Continuous Auditing
© 2020 InfluxData. All rights reserved. 15 What are we looking at? ● Authentication activity ● Authentication functionality ● Account and source location cardinality changes ● Multi SaaS correlation ● Changes to the attack surface ● State changes ● Service cost increase ● SSL Certificate validation
How…?
© 2020 InfluxData. All rights reserved. 17 Data Collection ... ● Telegraf ● InfluxDB with Flux ● FaaS using your favorite programming language ● Provider API ● Raw log files InfluxDB Cloud for storage and analysis
What Do We Have Now?
© 2020 InfluxData. All rights reserved. 19 Endpoint Monitoring InfluxDB Template ● General Availability ● Authentication Availability ● Authentication Functionality ● Certificate Status
© 2020 InfluxData. All rights reserved. 20 ● Google Workspace (G Suite) ● Authentication Failure Spikes ● Source Address Cardinality SaaS Authentication Anomaly Monitoring
© 2020 InfluxData. All rights reserved. 21
© 2020 InfluxData. All rights reserved. 22 Next Up … ? ● Multi-SaaS correlation ● Network availability changes ● Multi-SaaS account auditing ● Ingress activity tracking ● Geographic usage observability
Bumps in the road
© 2020 InfluxData. All rights reserved. 24 ● Access to event information from the SaaS providers ● Normalizing fields ● Visibility ○ What are good triggers? ○ Other indicators, i.e. provider billing services ● Data collection methods ● Deriving state for faster ongoing reference - "rollup" Ongoing efforts require overcoming a few hurdles
What else do we need?
© 2020 InfluxData. All rights reserved. 26 Cloud based software services must provide better access to authentication and activity data. ● SaaS and Cloud providers activity log access via API ● API access should be standard for all subscriptions levels ● Ability to create “service accounts” or read-only roles for automated API access
Time series data is very well suited for security analysis, providing anomaly detection, real- time audit capabilities, and much more. SaaS account activity and simple endpoint observations is a good start. Better access to SaaS audit data is necessary for better security tools
© 2020 InfluxData. All rights reserved. 28 Thank you! Slack: @darin - InfluxDB Community
1 of 28

Darin Fisher [InfluxData] | Security Monitoring in the Time Series Domain | InfluxDays Virtual Experience NA 2020

Download to read offline
Technology

Darin Fisher [InfluxData] | Security Monitoring in the Time Series Domain | InfluxDays Virtual Experience NA 2020

InfluxData
InfluxDataInfluxData

Recommended

Rick Spencer & Wojciech Kocjan [InfluxData] | Visualizing InfluxDB 2.0 Dashbo... by
Rick Spencer & Wojciech Kocjan [InfluxData] | Visualizing InfluxDB 2.0 Dashbo...Rick Spencer & Wojciech Kocjan [InfluxData] | Visualizing InfluxDB 2.0 Dashbo...
Rick Spencer & Wojciech Kocjan [InfluxData] | Visualizing InfluxDB 2.0 Dashbo...InfluxData
290 views24 slides
Ronald McCollam [Grafana] | Flux Queries in Grafana 7 | InfluxDays Virtual Ex... by
Ronald McCollam [Grafana] | Flux Queries in Grafana 7 | InfluxDays Virtual Ex...Ronald McCollam [Grafana] | Flux Queries in Grafana 7 | InfluxDays Virtual Ex...
Ronald McCollam [Grafana] | Flux Queries in Grafana 7 | InfluxDays Virtual Ex...InfluxData
189 views21 slides
Anais Dotis-Georgiou & Steven Soroka [InfluxData] | Machine Learning with Tel... by
Anais Dotis-Georgiou & Steven Soroka [InfluxData] | Machine Learning with Tel...Anais Dotis-Georgiou & Steven Soroka [InfluxData] | Machine Learning with Tel...
Anais Dotis-Georgiou & Steven Soroka [InfluxData] | Machine Learning with Tel...InfluxData
286 views21 slides
Paul Dix [InfluxData] | InfluxDays Opening Keynote | InfluxDays Virtual Exper... by
Paul Dix [InfluxData] | InfluxDays Opening Keynote | InfluxDays Virtual Exper...Paul Dix [InfluxData] | InfluxDays Opening Keynote | InfluxDays Virtual Exper...
Paul Dix [InfluxData] | InfluxDays Opening Keynote | InfluxDays Virtual Exper...InfluxData
244 views57 slides
InfluxDB Cloud Product Update by
InfluxDB Cloud Product Update InfluxDB Cloud Product Update
InfluxDB Cloud Product Update InfluxData
103 views20 slides
Ryan Betts [InfluxData] | InfluxDB Platform Performance | InfluxDays Virtual ... by
Ryan Betts [InfluxData] | InfluxDB Platform Performance | InfluxDays Virtual ...Ryan Betts [InfluxData] | InfluxDB Platform Performance | InfluxDays Virtual ...
Ryan Betts [InfluxData] | InfluxDB Platform Performance | InfluxDays Virtual ...InfluxData
154 views26 slides

More Related Content

What's hot

Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat... by
Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...
Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...InfluxData
147 views41 slides
Evan Kaplan [InfluxData] | InfluxDays Opening Remarks | InfluxDays EMEA 2021 by
Evan Kaplan [InfluxData] | InfluxDays Opening Remarks | InfluxDays EMEA 2021Evan Kaplan [InfluxData] | InfluxDays Opening Remarks | InfluxDays EMEA 2021
Evan Kaplan [InfluxData] | InfluxDays Opening Remarks | InfluxDays EMEA 2021InfluxData
250 views31 slides
Kristina Robinson [InfluxData] | Understand and Visualize Your Data with Infl... by
Kristina Robinson [InfluxData] | Understand and Visualize Your Data with Infl...Kristina Robinson [InfluxData] | Understand and Visualize Your Data with Infl...
Kristina Robinson [InfluxData] | Understand and Visualize Your Data with Infl...InfluxData
183 views17 slides
InfluxDB Community Office Hours September 2020 by
InfluxDB Community Office Hours September 2020 InfluxDB Community Office Hours September 2020
InfluxDB Community Office Hours September 2020 InfluxData
400 views26 slides
Tim Hall [InfluxData] | InfluxDays Keynote: InfluxDB Roadmap | InfluxDays NA ... by
Tim Hall [InfluxData] | InfluxDays Keynote: InfluxDB Roadmap | InfluxDays NA ...Tim Hall [InfluxData] | InfluxDays Keynote: InfluxDB Roadmap | InfluxDays NA ...
Tim Hall [InfluxData] | InfluxDays Keynote: InfluxDB Roadmap | InfluxDays NA ...InfluxData
228 views55 slides
Taming the Tiger: Tips and Tricks for Using Telegraf by
Taming the Tiger: Tips and Tricks for Using TelegrafTaming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using TelegrafInfluxData
689 views110 slides

What's hot(20)

Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat... by InfluxData
Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...
Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...
InfluxData147 views
Evan Kaplan [InfluxData] | InfluxDays Opening Remarks | InfluxDays EMEA 2021 by InfluxData
Evan Kaplan [InfluxData] | InfluxDays Opening Remarks | InfluxDays EMEA 2021Evan Kaplan [InfluxData] | InfluxDays Opening Remarks | InfluxDays EMEA 2021
Evan Kaplan [InfluxData] | InfluxDays Opening Remarks | InfluxDays EMEA 2021
InfluxData250 views
Kristina Robinson [InfluxData] | Understand and Visualize Your Data with Infl... by InfluxData
Kristina Robinson [InfluxData] | Understand and Visualize Your Data with Infl...Kristina Robinson [InfluxData] | Understand and Visualize Your Data with Infl...
Kristina Robinson [InfluxData] | Understand and Visualize Your Data with Infl...
InfluxData183 views
InfluxDB Community Office Hours September 2020 by InfluxData
InfluxDB Community Office Hours September 2020 InfluxDB Community Office Hours September 2020
InfluxDB Community Office Hours September 2020
InfluxData400 views
Tim Hall [InfluxData] | InfluxDays Keynote: InfluxDB Roadmap | InfluxDays NA ... by InfluxData
Tim Hall [InfluxData] | InfluxDays Keynote: InfluxDB Roadmap | InfluxDays NA ...Tim Hall [InfluxData] | InfluxDays Keynote: InfluxDB Roadmap | InfluxDays NA ...
Tim Hall [InfluxData] | InfluxDays Keynote: InfluxDB Roadmap | InfluxDays NA ...
InfluxData228 views
Taming the Tiger: Tips and Tricks for Using Telegraf by InfluxData
Taming the Tiger: Tips and Tricks for Using TelegrafTaming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using Telegraf
InfluxData689 views
Jess Ingrassellino [InfluxData] | How to Get Data Into InfluxDB | InfluxDays ... by InfluxData
Jess Ingrassellino [InfluxData] | How to Get Data Into InfluxDB | InfluxDays ...Jess Ingrassellino [InfluxData] | How to Get Data Into InfluxDB | InfluxDays ...
Jess Ingrassellino [InfluxData] | How to Get Data Into InfluxDB | InfluxDays ...
InfluxData71 views
Catalogs - Turning a Set of Parquet Files into a Data Set by InfluxData
Catalogs - Turning a Set of Parquet Files into a Data SetCatalogs - Turning a Set of Parquet Files into a Data Set
Catalogs - Turning a Set of Parquet Files into a Data Set
InfluxData575 views
Giacomo Tirabassi [InfluxData] | Istio at InfluxData | InfluxDays Virtual Exp... by InfluxData
Giacomo Tirabassi [InfluxData] | Istio at InfluxData | InfluxDays Virtual Exp...Giacomo Tirabassi [InfluxData] | Istio at InfluxData | InfluxDays Virtual Exp...
Giacomo Tirabassi [InfluxData] | Istio at InfluxData | InfluxDays Virtual Exp...
InfluxData195 views
Sebastian Spaink [InfluxData] | Layer by Layer: Printing Your Own External In... by InfluxData
Sebastian Spaink [InfluxData] | Layer by Layer: Printing Your Own External In...Sebastian Spaink [InfluxData] | Layer by Layer: Printing Your Own External In...
Sebastian Spaink [InfluxData] | Layer by Layer: Printing Your Own External In...
InfluxData105 views
How to Create a Modern IIoT Monitoring Solution On iOS Using Swift, MQTT and ... by InfluxData
How to Create a Modern IIoT Monitoring Solution On iOS Using Swift, MQTT and ...How to Create a Modern IIoT Monitoring Solution On iOS Using Swift, MQTT and ...
How to Create a Modern IIoT Monitoring Solution On iOS Using Swift, MQTT and ...
InfluxData991 views
Tim Hall [InfluxData] | InfluxDB Roadmap | InfluxDays Virtual Experience Lond... by InfluxData
Tim Hall [InfluxData] | InfluxDB Roadmap | InfluxDays Virtual Experience Lond...Tim Hall [InfluxData] | InfluxDB Roadmap | InfluxDays Virtual Experience Lond...
Tim Hall [InfluxData] | InfluxDB Roadmap | InfluxDays Virtual Experience Lond...
InfluxData230 views
How to Store and Visualize CAN Bus Telematic Data with InfluxDB Cloud and Gra... by InfluxData
How to Store and Visualize CAN Bus Telematic Data with InfluxDB Cloud and Gra...How to Store and Visualize CAN Bus Telematic Data with InfluxDB Cloud and Gra...
How to Store and Visualize CAN Bus Telematic Data with InfluxDB Cloud and Gra...
InfluxData744 views
InfluxDB + Kepware: Start Monitoring Industrial Data Quickly by InfluxData
InfluxDB + Kepware: Start Monitoring Industrial Data QuicklyInfluxDB + Kepware: Start Monitoring Industrial Data Quickly
InfluxDB + Kepware: Start Monitoring Industrial Data Quickly
InfluxData1.2K views
Virtual training intro to InfluxDB - June 2021 by InfluxData
Virtual training intro to InfluxDB - June 2021Virtual training intro to InfluxDB - June 2021
Virtual training intro to InfluxDB - June 2021
InfluxData517 views
Three Ways InfluxDB Enables You to Use Time Series Data Across Your Entire En... by InfluxData
Three Ways InfluxDB Enables You to Use Time Series Data Across Your Entire En...Three Ways InfluxDB Enables You to Use Time Series Data Across Your Entire En...
Three Ways InfluxDB Enables You to Use Time Series Data Across Your Entire En...
InfluxData191 views
Brian Gilmore [InfluxData] | InfluxDB in an IoT Application Architecture | In... by InfluxData
Brian Gilmore [InfluxData] | InfluxDB in an IoT Application Architecture | In...Brian Gilmore [InfluxData] | InfluxDB in an IoT Application Architecture | In...
Brian Gilmore [InfluxData] | InfluxDB in an IoT Application Architecture | In...
InfluxData96 views
Marina Svicevic, Milos Pavkovic, Mladen Maric, Vijeta Hingorani [Socialgist] ... by InfluxData
Marina Svicevic, Milos Pavkovic, Mladen Maric, Vijeta Hingorani [Socialgist] ...Marina Svicevic, Milos Pavkovic, Mladen Maric, Vijeta Hingorani [Socialgist] ...
Marina Svicevic, Milos Pavkovic, Mladen Maric, Vijeta Hingorani [Socialgist] ...
InfluxData226 views
Andy Charlton [InfluxData] | Managing Your Dashboards, Tasks and Alerts Made ... by InfluxData
Andy Charlton [InfluxData] | Managing Your Dashboards, Tasks and Alerts Made ...Andy Charlton [InfluxData] | Managing Your Dashboards, Tasks and Alerts Made ...
Andy Charlton [InfluxData] | Managing Your Dashboards, Tasks and Alerts Made ...
InfluxData76 views
How a Time Series Database Contributes to a Decentralized Cloud Object Storag... by InfluxData
How a Time Series Database Contributes to a Decentralized Cloud Object Storag...How a Time Series Database Contributes to a Decentralized Cloud Object Storag...
How a Time Series Database Contributes to a Decentralized Cloud Object Storag...
InfluxData261 views

Similar to Darin Fisher [InfluxData] | Security Monitoring in the Time Series Domain | InfluxDays Virtual Experience NA 2020

Securing serverless system by
Securing serverless systemSecuring serverless system
Securing serverless systemNUS-ISS
74 views19 slides
Securing Serverless Systems by
Securing Serverless SystemsSecuring Serverless Systems
Securing Serverless SystemsVincent Lau
50 views19 slides
Who Broke My Cloud? SaaS Monitoring Best Practices by
Who Broke My Cloud? SaaS Monitoring Best PracticesWho Broke My Cloud? SaaS Monitoring Best Practices
Who Broke My Cloud? SaaS Monitoring Best PracticesThousandEyes
350 views30 slides
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience by
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceGetting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceThousandEyes
236 views31 slides
ciscothousandeyesusecase by
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
9 views47 slides
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE by
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBECristian Garcia G.
124 views21 slides

Similar to Darin Fisher [InfluxData] | Security Monitoring in the Time Series Domain | InfluxDays Virtual Experience NA 2020(20)

Securing serverless system by NUS-ISS
Securing serverless systemSecuring serverless system
Securing serverless system
NUS-ISS74 views
Securing Serverless Systems by Vincent Lau
Securing Serverless SystemsSecuring Serverless Systems
Securing Serverless Systems
Vincent Lau50 views
Who Broke My Cloud? SaaS Monitoring Best Practices by ThousandEyes
Who Broke My Cloud? SaaS Monitoring Best PracticesWho Broke My Cloud? SaaS Monitoring Best Practices
Who Broke My Cloud? SaaS Monitoring Best Practices
ThousandEyes350 views
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience by ThousandEyes
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceGetting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
ThousandEyes236 views
ciscothousandeyesusecase by RENJITHKNAIR5
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
RENJITHKNAIR59 views
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE by Cristian Garcia G.
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
Cristian Garcia G.124 views
Partner Briefing_January 25 (FINAL).pptx by Cloudera, Inc.
Partner Briefing_January 25 (FINAL).pptxPartner Briefing_January 25 (FINAL).pptx
Partner Briefing_January 25 (FINAL).pptx
Cloudera, Inc.107 views
Migrating Critical Applications to the Cloud - isaca seattle - sanitized by UnifyCloud
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
UnifyCloud351 views
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized by Norm Barber
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber385 views
Sam Herath - Six Critical Criteria for Cloud Workload Security by centralohioissa
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa763 views
Getting Started with ThousandEyes Proof of Concepts by ThousandEyes
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes136 views
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim... by apidays
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays174 views
The Road Map to Digitization - Software AG's Heritage of Innovation - Patrick... by Software AG South Africa
The Road Map to Digitization - Software AG's Heritage of Innovation - Patrick...The Road Map to Digitization - Software AG's Heritage of Innovation - Patrick...
The Road Map to Digitization - Software AG's Heritage of Innovation - Patrick...
Software AG South Africa3.1K views
Making Money in the Cloud by Gravitant, Inc.
Making Money in the CloudMaking Money in the Cloud
Making Money in the Cloud
Gravitant, Inc.1.9K views
Geting cloud architecture right the first time linthicum interop fall 2013 by David Linthicum
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013
David Linthicum1.8K views
Security Management in the Cloud by GaryArdito
Security Management in the CloudSecurity Management in the Cloud
Security Management in the Cloud
GaryArdito550 views
Monitoring in the DevOps Era by Mike Kavis
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
Mike Kavis10.7K views
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen... by apidays
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays1.6K views
How to Evaluate, Rollout, and Operationalize Your SD-WAN Projects by ThousandEyes
How to Evaluate, Rollout, and Operationalize Your SD-WAN ProjectsHow to Evaluate, Rollout, and Operationalize Your SD-WAN Projects
How to Evaluate, Rollout, and Operationalize Your SD-WAN Projects
ThousandEyes132 views
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid by eG Innovations
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to AvoidChoosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
eG Innovations911 views

More from InfluxData

Announcing InfluxDB Clustered by
Announcing InfluxDB ClusteredAnnouncing InfluxDB Clustered
Announcing InfluxDB ClusteredInfluxData
100 views30 slides
Best Practices for Leveraging the Apache Arrow Ecosystem by
Best Practices for Leveraging the Apache Arrow EcosystemBest Practices for Leveraging the Apache Arrow Ecosystem
Best Practices for Leveraging the Apache Arrow EcosystemInfluxData
49 views25 slides
How Bevi Uses InfluxDB and Grafana to Improve Predictive Maintenance and Redu... by
How Bevi Uses InfluxDB and Grafana to Improve Predictive Maintenance and Redu...How Bevi Uses InfluxDB and Grafana to Improve Predictive Maintenance and Redu...
How Bevi Uses InfluxDB and Grafana to Improve Predictive Maintenance and Redu...InfluxData
134 views24 slides
Power Your Predictive Analytics with InfluxDB by
Power Your Predictive Analytics with InfluxDBPower Your Predictive Analytics with InfluxDB
Power Your Predictive Analytics with InfluxDBInfluxData
125 views41 slides
Build an Edge-to-Cloud Solution with the MING Stack by
Build an Edge-to-Cloud Solution with the MING StackBuild an Edge-to-Cloud Solution with the MING Stack
Build an Edge-to-Cloud Solution with the MING StackInfluxData
375 views52 slides
Meet the Founders: An Open Discussion About Rewriting Using Rust by
Meet the Founders: An Open Discussion About Rewriting Using RustMeet the Founders: An Open Discussion About Rewriting Using Rust
Meet the Founders: An Open Discussion About Rewriting Using RustInfluxData
234 views12 slides

More from InfluxData(20)

Announcing InfluxDB Clustered by InfluxData
Announcing InfluxDB ClusteredAnnouncing InfluxDB Clustered
Announcing InfluxDB Clustered
InfluxData100 views
Best Practices for Leveraging the Apache Arrow Ecosystem by InfluxData
Best Practices for Leveraging the Apache Arrow EcosystemBest Practices for Leveraging the Apache Arrow Ecosystem
Best Practices for Leveraging the Apache Arrow Ecosystem
InfluxData49 views
How Bevi Uses InfluxDB and Grafana to Improve Predictive Maintenance and Redu... by InfluxData
How Bevi Uses InfluxDB and Grafana to Improve Predictive Maintenance and Redu...How Bevi Uses InfluxDB and Grafana to Improve Predictive Maintenance and Redu...
How Bevi Uses InfluxDB and Grafana to Improve Predictive Maintenance and Redu...
InfluxData134 views
Power Your Predictive Analytics with InfluxDB by InfluxData
Power Your Predictive Analytics with InfluxDBPower Your Predictive Analytics with InfluxDB
Power Your Predictive Analytics with InfluxDB
InfluxData125 views
Build an Edge-to-Cloud Solution with the MING Stack by InfluxData
Build an Edge-to-Cloud Solution with the MING StackBuild an Edge-to-Cloud Solution with the MING Stack
Build an Edge-to-Cloud Solution with the MING Stack
InfluxData375 views
Meet the Founders: An Open Discussion About Rewriting Using Rust by InfluxData
Meet the Founders: An Open Discussion About Rewriting Using RustMeet the Founders: An Open Discussion About Rewriting Using Rust
Meet the Founders: An Open Discussion About Rewriting Using Rust
InfluxData234 views
Introducing InfluxDB Cloud Dedicated by InfluxData
Introducing InfluxDB Cloud DedicatedIntroducing InfluxDB Cloud Dedicated
Introducing InfluxDB Cloud Dedicated
InfluxData128 views
Gain Better Observability with OpenTelemetry and InfluxDB by InfluxData
Gain Better Observability with OpenTelemetry and InfluxDB Gain Better Observability with OpenTelemetry and InfluxDB
Gain Better Observability with OpenTelemetry and InfluxDB
InfluxData389 views
How a Heat Treating Plant Ensures Tight Process Control and Exceptional Quali... by InfluxData
How a Heat Treating Plant Ensures Tight Process Control and Exceptional Quali...How a Heat Treating Plant Ensures Tight Process Control and Exceptional Quali...
How a Heat Treating Plant Ensures Tight Process Control and Exceptional Quali...
InfluxData182 views
How Delft University's Engineering Students Make Their EV Formula-Style Race ... by InfluxData
How Delft University's Engineering Students Make Their EV Formula-Style Race ...How Delft University's Engineering Students Make Their EV Formula-Style Race ...
How Delft University's Engineering Students Make Their EV Formula-Style Race ...
InfluxData105 views
Start Automating InfluxDB Deployments at the Edge with balena by InfluxData
Start Automating InfluxDB Deployments at the Edge with balena Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena
InfluxData185 views
Understanding InfluxDB’s New Storage Engine by InfluxData
Understanding InfluxDB’s New Storage EngineUnderstanding InfluxDB’s New Storage Engine
Understanding InfluxDB’s New Storage Engine
InfluxData133 views
Streamline and Scale Out Data Pipelines with Kubernetes, Telegraf, and InfluxDB by InfluxData
Streamline and Scale Out Data Pipelines with Kubernetes, Telegraf, and InfluxDBStreamline and Scale Out Data Pipelines with Kubernetes, Telegraf, and InfluxDB
Streamline and Scale Out Data Pipelines with Kubernetes, Telegraf, and InfluxDB
InfluxData62 views
Ward Bowman [PTC] | ThingWorx Long-Term Data Storage with InfluxDB | InfluxDa... by InfluxData
Ward Bowman [PTC] | ThingWorx Long-Term Data Storage with InfluxDB | InfluxDa...Ward Bowman [PTC] | ThingWorx Long-Term Data Storage with InfluxDB | InfluxDa...
Ward Bowman [PTC] | ThingWorx Long-Term Data Storage with InfluxDB | InfluxDa...
InfluxData74 views
Scott Anderson [InfluxData] | New & Upcoming Flux Features | InfluxDays 2022 by InfluxData
Scott Anderson [InfluxData] | New & Upcoming Flux Features | InfluxDays 2022Scott Anderson [InfluxData] | New & Upcoming Flux Features | InfluxDays 2022
Scott Anderson [InfluxData] | New & Upcoming Flux Features | InfluxDays 2022
InfluxData26 views
Steinkamp, Clifford [InfluxData] | Closing Thoughts | InfluxDays 2022 by InfluxData
Steinkamp, Clifford [InfluxData] | Closing Thoughts | InfluxDays 2022Steinkamp, Clifford [InfluxData] | Closing Thoughts | InfluxDays 2022
Steinkamp, Clifford [InfluxData] | Closing Thoughts | InfluxDays 2022
InfluxData9 views
Steinkamp, Clifford [InfluxData] | Welcome to InfluxDays 2022 - Day 2 | Influ... by InfluxData
Steinkamp, Clifford [InfluxData] | Welcome to InfluxDays 2022 - Day 2 | Influ...Steinkamp, Clifford [InfluxData] | Welcome to InfluxDays 2022 - Day 2 | Influ...
Steinkamp, Clifford [InfluxData] | Welcome to InfluxDays 2022 - Day 2 | Influ...
InfluxData10 views
Steinkamp, Clifford [InfluxData] | Closing Thoughts Day 1 | InfluxDays 2022 by InfluxData
Steinkamp, Clifford [InfluxData] | Closing Thoughts Day 1 | InfluxDays 2022Steinkamp, Clifford [InfluxData] | Closing Thoughts Day 1 | InfluxDays 2022
Steinkamp, Clifford [InfluxData] | Closing Thoughts Day 1 | InfluxDays 2022
InfluxData5 views
Paul Dix [InfluxData] The Journey of InfluxDB | InfluxDays 2022 by InfluxData
Paul Dix [InfluxData] The Journey of InfluxDB | InfluxDays 2022Paul Dix [InfluxData] The Journey of InfluxDB | InfluxDays 2022
Paul Dix [InfluxData] The Journey of InfluxDB | InfluxDays 2022
InfluxData112 views
Jay Clifford [InfluxData] | Tips & Tricks for Analyzing IIoT in Real-Time | I... by InfluxData
Jay Clifford [InfluxData] | Tips & Tricks for Analyzing IIoT in Real-Time | I...Jay Clifford [InfluxData] | Tips & Tricks for Analyzing IIoT in Real-Time | I...
Jay Clifford [InfluxData] | Tips & Tricks for Analyzing IIoT in Real-Time | I...
InfluxData19 views

Recently uploaded

Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum... by
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...NUS-ISS
28 views35 slides
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor... by
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...Vadym Kazulkin
70 views64 slides
handbook for web 3 adoption.pdf by
handbook for web 3 adoption.pdfhandbook for web 3 adoption.pdf
handbook for web 3 adoption.pdfLiveplex
19 views16 slides
Understanding GenAI/LLM and What is Google Offering - Felix Goh by
Understanding GenAI/LLM and What is Google Offering - Felix GohUnderstanding GenAI/LLM and What is Google Offering - Felix Goh
Understanding GenAI/LLM and What is Google Offering - Felix GohNUS-ISS
39 views33 slides
Tunable Laser (1).pptx by
Tunable Laser (1).pptxTunable Laser (1).pptx
Tunable Laser (1).pptxHajira Mahmood
21 views37 slides
PharoJS - Zürich Smalltalk Group Meetup November 2023 by
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023Noury Bouraqadi
113 views17 slides

Recently uploaded(20)

Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum... by NUS-ISS
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
NUS-ISS28 views
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor... by Vadym Kazulkin
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
Vadym Kazulkin70 views
handbook for web 3 adoption.pdf by Liveplex
handbook for web 3 adoption.pdfhandbook for web 3 adoption.pdf
handbook for web 3 adoption.pdf
Liveplex19 views
Understanding GenAI/LLM and What is Google Offering - Felix Goh by NUS-ISS
Understanding GenAI/LLM and What is Google Offering - Felix GohUnderstanding GenAI/LLM and What is Google Offering - Felix Goh
Understanding GenAI/LLM and What is Google Offering - Felix Goh
NUS-ISS39 views
Tunable Laser (1).pptx by Hajira Mahmood
Tunable Laser (1).pptxTunable Laser (1).pptx
Tunable Laser (1).pptx
Hajira Mahmood21 views
PharoJS - Zürich Smalltalk Group Meetup November 2023 by Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi113 views
Transcript: The Details of Description Techniques tips and tangents on altern... by BookNet Canada
Transcript: The Details of Description Techniques tips and tangents on altern...Transcript: The Details of Description Techniques tips and tangents on altern...
Transcript: The Details of Description Techniques tips and tangents on altern...
BookNet Canada119 views
Voice Logger - Telephony Integration Solution at Aegis by Nirmal Sharma
Voice Logger - Telephony Integration Solution at AegisVoice Logger - Telephony Integration Solution at Aegis
Voice Logger - Telephony Integration Solution at Aegis
Nirmal Sharma17 views
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors by sugiuralab
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
sugiuralab11 views
Empathic Computing: Delivering the Potential of the Metaverse by Mark Billinghurst
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst449 views
Report 2030 Digital Decade by Massimo Talia
Report 2030 Digital DecadeReport 2030 Digital Decade
Report 2030 Digital Decade
Massimo Talia13 views
Special_edition_innovator_2023.pdf by WillDavies22
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdf
WillDavies2214 views
How the World's Leading Independent Automotive Distributor is Reinventing Its... by NUS-ISS
How the World's Leading Independent Automotive Distributor is Reinventing Its...How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...
NUS-ISS15 views
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen... by NUS-ISS
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
NUS-ISS23 views
Web Dev - 1 PPT.pdf by gdsczhcet
Web Dev - 1 PPT.pdfWeb Dev - 1 PPT.pdf
Web Dev - 1 PPT.pdf
gdsczhcet52 views
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu... by NUS-ISS
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
NUS-ISS32 views
Java Platform Approach 1.0 - Picnic Meetup by Rick Ossendrijver
Java Platform Approach 1.0 - Picnic MeetupJava Platform Approach 1.0 - Picnic Meetup
Java Platform Approach 1.0 - Picnic Meetup
Rick Ossendrijver25 views
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica... by NUS-ISS
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
NUS-ISS15 views
Black and White Modern Science Presentation.pptx by maryamkhalid2916
Black and White Modern Science Presentation.pptxBlack and White Modern Science Presentation.pptx
Black and White Modern Science Presentation.pptx
maryamkhalid291614 views
The Research Portal of Catalonia: Growing more (information) & more (services) by CSUC - Consorci de Serveis Universitaris de Catalunya
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya66 views

Darin Fisher [InfluxData] | Security Monitoring in the Time Series Domain | InfluxDays Virtual Experience NA 2020

  • 1. Security Monitoring in the Time Series Domain Darin Fisher Security Tools Manager, InfluxData
  • 2. Who am I and what do I do...
  • 3. © 2020 InfluxData. All rights reserved. 3 Security Tools Manager Tech Support Sys Admin Network Engineer Security Director Developer ISPs Banks Telcos Pharma OPERATIONS DEVELOPMENT MANAGEMENT Software
  • 5. © 2020 InfluxData. All rights reserved. 5 “The first step in finding anomalies in network and device behavior is collecting the data and organizing it into a collection of time series.” -- Nate Fick Endgame
  • 6. © 2020 InfluxData. All rights reserved. 6 The strength of time series modeling is generally not used in almost all current intrusion detection and prevention systems. Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence Azween Abdullah Thulasyammal Ramiah Pillai Long Zheng Cai ● Most are noisy and ineffectual ● SaaS access monitoring is generally not available ● Cross SaaS correlation is generally not available
  • 7. Building Security Tools with InfluxDB
  • 8. © 2020 InfluxData. All rights reserved. 8 “That's another reason I was interested in coming to work at InfluxData, where we can build our own security tools on top of our own platform.” -- Peter Albert, CISO, InfluxData
  • 9. What are we doing?
  • 10. © 2020 InfluxData. All rights reserved. 10 “Everything should be made as simple as possible, but no simpler.” -- Albert Einstein ● Build the tools we need to help keep our services safe ● Share these tools ○ InfluxDB Templates ● Collaborate with the community for more solutions ○ What would help you?
  • 11. Security monitoring is noisy, focus!
  • 12. © 2020 InfluxData. All rights reserved. 12 ● SaaS first company ● 100 separate providers ● SaaS provider ● Continually changing attack surface ● Anomaly Detection It can be difficult to determine what to watch with a large number of providers and an ever changing infrastructure.
  • 13. © 2020 InfluxData. All rights reserved. 13 ● SaaS Access Activity ○ Compromised accounts are the #1 cause of security breaches ○ Increased failure rate ○ Source address and account ID cardinality ● Cloud Access Activity ○ Increased resource utilization ○ Access changes ○ Network changes ○ Increase in costs Do we see activity anomalies …?
  • 14. © 2020 InfluxData. All rights reserved. 14 ● Network Attack Surface ○ Public address changes ○ Public port changes ● Account Audits ○ Is the terminated account removed from all SaaS providers? ● State of Security Controls ○ Is authentication active and functional? ○ Is there activity from a disabled account? Continuous Auditing
  • 15. © 2020 InfluxData. All rights reserved. 15 What are we looking at? ● Authentication activity ● Authentication functionality ● Account and source location cardinality changes ● Multi SaaS correlation ● Changes to the attack surface ● State changes ● Service cost increase ● SSL Certificate validation
  • 17. © 2020 InfluxData. All rights reserved. 17 Data Collection ... ● Telegraf ● InfluxDB with Flux ● FaaS using your favorite programming language ● Provider API ● Raw log files InfluxDB Cloud for storage and analysis
  • 18. What Do We Have Now?
  • 19. © 2020 InfluxData. All rights reserved. 19 Endpoint Monitoring InfluxDB Template ● General Availability ● Authentication Availability ● Authentication Functionality ● Certificate Status
  • 20. © 2020 InfluxData. All rights reserved. 20 ● Google Workspace (G Suite) ● Authentication Failure Spikes ● Source Address Cardinality SaaS Authentication Anomaly Monitoring
  • 21. © 2020 InfluxData. All rights reserved. 21
  • 22. © 2020 InfluxData. All rights reserved. 22 Next Up … ? ● Multi-SaaS correlation ● Network availability changes ● Multi-SaaS account auditing ● Ingress activity tracking ● Geographic usage observability
  • 23. Bumps in the road
  • 24. © 2020 InfluxData. All rights reserved. 24 ● Access to event information from the SaaS providers ● Normalizing fields ● Visibility ○ What are good triggers? ○ Other indicators, i.e. provider billing services ● Data collection methods ● Deriving state for faster ongoing reference - "rollup" Ongoing efforts require overcoming a few hurdles
  • 25. What else do we need?
  • 26. © 2020 InfluxData. All rights reserved. 26 Cloud based software services must provide better access to authentication and activity data. ● SaaS and Cloud providers activity log access via API ● API access should be standard for all subscriptions levels ● Ability to create “service accounts” or read-only roles for automated API access
  • 27. Time series data is very well suited for security analysis, providing anomaly detection, real- time audit capabilities, and much more. SaaS account activity and simple endpoint observations is a good start. Better access to SaaS audit data is necessary for better security tools
  • 28. © 2020 InfluxData. All rights reserved. 28 Thank you! Slack: @darin - InfluxDB Community