SlideShare a Scribd company logo

Log-management based on bigdata platform

Download as PPTX, PDF
DO HYUNG KIM
DO HYUNG KIM

This document discusses security monitoring architecture considerations for big data platforms. It begins with an introduction and overview of MSS, a security company. It then discusses requirements such as dealing with changing IT environments and cloud/big data. The current security architecture is shown, along with a new approach involving multi-dimensional analysis and correlation of security logs and events from various systems and applications. Finally, user experiences with MSS's log management system are described, along with recommendations for security monitoring programs.

Technology
1 of 15
빅데이터 플랫폼을 고려한 보안관제 아키텍쳐 김도형 매니저 2014. 9. 17
1 /14 Agenda 1. Introduction 2. About MSS 3. MSS Requirement 4. User Experience 5. Wrap-up (Do & Don’t) 6. Q & A
2 /14 Biz DEVINFRA SECURITY Each function should interact and be integrated in your organization. 1. Introduction > DEVOP’s
3 /14 1. Introduction > Example  PHP Configuration, Application Vul.  Developer, Operator, Security  Personal Information  ID/PASSWORD Attack  Hacking Technology
4 /14 2. About MSS > company overview  History : SK M&C(2008.4) + SK Planet(2011.10)  Mission : HUG  Business Area – Digital Contents : T Store, hoppin, T Cloud, Tictoc, Cyworld, Nate, NateOn, Cymera – Integrated Commerce : 11st, Gifticon, Smart Wallet, Paypin, Styletag, T Shopping – Marketing Communication : OK Cashbag, BENEPIA – Location Based Service : T Map, picket, OK Map, NaviCall – Advertising  Affiliates : SK Communications, Commerce planet, M & Service
5 /14 2. About MSS > spotlighted
6 /14 3. MSS Requirement > Workaround < IT Environment is changing > < Co-operation in your organization >
7 /14 3. MSS Requirement > Cloud Computing & Big data BIG DATA Velocity Diversity Volume Analytics Mobile Web 2.0 Cloud IoT Privacy Legacy Security Incident Management Vague/Fear ?
8 /14 3. MSS Requirement > Architecture(AS-IS) < IDC #1 > <IDC #2> <IDC #3> System Architecture PC 보안 Malware E-mail 보안 L7 Firewall <OFFICE> N-sensor (Firewall, IDS/IPS, DDOS, NTMS) Application-sensor (WAF) Authentication & Log-Management Vul-MNGT(Scanner, Expoit-DB) People & Process 예방 탐지 분석 대응 개선 침해사고 대응지원시스템 취약점 DB Feed Web Shell 탐지 웹 변조 감시 악성코드 감시 보안사고 신고 Honey-Net Log-management 침입정보 분석시스템
9 /149 /14 Firewall Intrusion Prevention System Anti-Malicious Site New-Generation Firewall Antivirus Traditional Security Solutions Unable to block malware from allowed addresses Unable to detect malware Unable to detect malware that needs file-based analysis Unable to block malware from allowed websites Unable to detect unknown malware New Approach Signature based (Known) Signature-less (Unknown) Symptom Oriented Responder-Pro(HBGary) Autopsy Oriented Fire Eye Protection File Comparison Parity Suite(Bit9) True False Positive True Negative False Filtering & Co-relation Event & Vulnerability Multi-dimensional analysis 3. MSS Requirement > New approach Ref : Ahnlab Co-relation, Time series, Function Analysis
10 /1410 /14 The bigger eye-sight for big data analysis rather than security information & Event Signature based (Known) End-point (Host, Server) Sensor (NW, Application) Filter (NW, Application) System log Application log Transaction log Signature-less (Unknown) Blacklist Asset_Vul IntelligenceH-Base Behavior ※ 위∙변조 방지, 일정기간 보관(Volume/Size), 정형/비정형, Parsing/실시간 분석 Multi-Dimensional analysis (Version2.0) Log-management (Time sync & conversion, normalization, forward) Security Intelligence (Visualize & Analytics) 3. MSS Requirement > Progress Direction < Enterprise Environment > Security log < MSS Technology > FW IDS WAF DDOS Web-GW DLP Etc Biz awareness Security awareness
11 /1411 /14 하둡 클러스터 (HIVE) BI 원천 데이터 서버 및 어플라이언스 File, Syslog, SNMP, NetFlow, JDBC, FTP, SFTP, JMX, JMS 등 Analysis 4. User Experience  실시간 데이터 수집 및 저장 – 500G 이상/일, 4만 EPS 이상 – 초당 50만건 저장 및 Indexing – 압축 : 500G → 89G(83%) – 이중화 구성으로 로그유실 최소화 – 암호화 저장 및 해쉬값 보관 – 다양한 프로토콜 및 Parse 지원 – 에이전트 제공  외부시스템 연동 및 시각화 – 다수 분석계로 로그전송 – SDK 제공 및 HDFS 데이터 적재 – BI 솔루션 ETL 수행  강력한 쿼리 및 실시간 분석 – No-Sql (사용방법 직관적) Log-management in SK Planet
12 /1412 /14  Enterprise Architecture - Enterprise에 적합한 보안관제 체계 (R&R, System Integration)  Technology - Don’t Customize (시스템 이해, Partnership)  Process (Communication, Policy) - 무조건 차단하지 말고 보고서를 쓰지 마라 - CERT 체계를 정비하고 대외 CERT와 커뮤니케이션 하라 - 사람도 시스템도 믿지 마라 (프로세스를 믿고 주기적으로 평가하라) - 신고, 취약점 등 모든 징후를 모두 분석하지 않는다 - 직원의 신분을 노출하지 마라 (Ranger VS Reconnaissance)  People (Mission) - 사고를 은폐하지 말고 분석∙ 대응하라 (경험과 노하우를 쌓아라) - 내 권한을 유지하자 (Constituency, 법적 권한) 5. Wrap-up > Do & Don’t
13 /1413 /14 6. Q & A
14 /1414 /14 End of Document

Recommended

MSS Architect Using IBM Q-radar
MSS Architect Using IBM Q-radarMSS Architect Using IBM Q-radar
MSS Architect Using IBM Q-radar
DO HYUNG KIM
 
Ahmed Sami Ahmed CV v8.0 Decision Support & Technology Director
Ahmed Sami Ahmed CV v8.0 Decision Support & Technology DirectorAhmed Sami Ahmed CV v8.0 Decision Support & Technology Director
Ahmed Sami Ahmed CV v8.0 Decision Support & Technology Director
Ahmed Sami
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
Ronnie Isherwood
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMs
Thales e-Security
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortals
Axway
 
Forecast odcau6 100_eb
Forecast odcau6 100_ebForecast odcau6 100_eb
Forecast odcau6 100_eb
Open Data Center Alliance
 
Turgay dereli 283286 software eng. ass 2-
Turgay dereli 283286 software eng. ass 2-Turgay dereli 283286 software eng. ass 2-
Turgay dereli 283286 software eng. ass 2-
Turgay Dereli
 
Cracking Chip & PIN
Cracking Chip & PINCracking Chip & PIN
Cracking Chip & PIN
onthewight
 

Recommended

MSS Architect Using IBM Q-radar
MSS Architect Using IBM Q-radarMSS Architect Using IBM Q-radar
MSS Architect Using IBM Q-radar
DO HYUNG KIM
 
Ahmed Sami Ahmed CV v8.0 Decision Support & Technology Director
Ahmed Sami Ahmed CV v8.0 Decision Support & Technology DirectorAhmed Sami Ahmed CV v8.0 Decision Support & Technology Director
Ahmed Sami Ahmed CV v8.0 Decision Support & Technology Director
Ahmed Sami
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
Ronnie Isherwood
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMs
Thales e-Security
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortals
Axway
 
Forecast odcau6 100_eb
Forecast odcau6 100_ebForecast odcau6 100_eb
Forecast odcau6 100_eb
Open Data Center Alliance
 
Turgay dereli 283286 software eng. ass 2-
Turgay dereli 283286 software eng. ass 2-Turgay dereli 283286 software eng. ass 2-
Turgay dereli 283286 software eng. ass 2-
Turgay Dereli
 
Cracking Chip & PIN
Cracking Chip & PINCracking Chip & PIN
Cracking Chip & PIN
onthewight
 
Resume - Varsharani
Resume - VarsharaniResume - Varsharani
Resume - Varsharani
Varsharani Kallimath
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
Trish McGinity, CCSK
 
Managed firewall service.
Managed firewall service.Managed firewall service.
Managed firewall service.
Mindtree Ltd.
 
Mbs t18 a
Mbs t18 aMbs t18 a
Mbs t18 a
SelectedPresentations
 
Security Best Practices for Mobile Development
Security Best Practices for Mobile DevelopmentSecurity Best Practices for Mobile Development
Security Best Practices for Mobile Development
Salesforce Developers
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Ivanti
 
Prabhu Resume
Prabhu ResumePrabhu Resume
Prabhu Resume
Prabhu P
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Adaptive Authentication: What, Why and How?
Adaptive Authentication: What, Why and How?Adaptive Authentication: What, Why and How?
Adaptive Authentication: What, Why and How?
WSO2
 
CSSLP Course
CSSLP CourseCSSLP Course
CSSLP Course
Masoud Ostad
 
Poor authorization and authentication
Poor authorization and authenticationPoor authorization and authentication
Poor authorization and authentication
Salma Gouia
 
i-law
i-lawi-law
i-law
Kyung Hee University
 
SNS 기반의 프로젝트 커뮤니케이션 효율화 방안
SNS 기반의 프로젝트 커뮤니케이션 효율화 방안SNS 기반의 프로젝트 커뮤니케이션 효율화 방안
SNS 기반의 프로젝트 커뮤니케이션 효율화 방안
Peter Kim
 
Web 2.0 기술을 활용한 프로젝트 관리 협업 환경 구축
Web 2.0 기술을 활용한 프로젝트 관리 협업 환경 구축Web 2.0 기술을 활용한 프로젝트 관리 협업 환경 구축
Web 2.0 기술을 활용한 프로젝트 관리 협업 환경 구축
Peter Kim
 
Visual PM Program - Hybrid Agile Workshop Program
Visual PM Program - Hybrid Agile Workshop Program Visual PM Program - Hybrid Agile Workshop Program
Visual PM Program - Hybrid Agile Workshop Program
Peter Kim
 
2015 RSAC POST Review
2015 RSAC POST Review2015 RSAC POST Review
2015 RSAC POST Review
DO HYUNG KIM
 
김태영프로필(프로젝트리서치)
김태영프로필(프로젝트리서치)김태영프로필(프로젝트리서치)
김태영프로필(프로젝트리서치)
Peter Kim
 
Global BA & PM 워크샵 소개서
Global BA & PM 워크샵 소개서Global BA & PM 워크샵 소개서
Global BA & PM 워크샵 소개서
Peter Kim
 
기업 및 프로젝트 커뮤니케이션활성화 툴 SNS
기업 및 프로젝트 커뮤니케이션활성화 툴 SNS기업 및 프로젝트 커뮤니케이션활성화 툴 SNS
기업 및 프로젝트 커뮤니케이션활성화 툴 SNS
Peter Kim
 
Visual pmo (hybrid agile) proposal v1 3c
Visual pmo (hybrid agile) proposal v1 3cVisual pmo (hybrid agile) proposal v1 3c
Visual pmo (hybrid agile) proposal v1 3c
Peter Kim
 
security architecture
security architecturesecurity architecture
security architecture
DO HYUNG KIM
 
김태영 프로필 2016
김태영 프로필 2016김태영 프로필 2016
김태영 프로필 2016
Peter Kim
 

More Related Content

What's hot

Prabhu Resume
Prabhu ResumePrabhu Resume
Prabhu Resume
Prabhu P
 

What's hot (11)

Resume - Varsharani
Resume - VarsharaniResume - Varsharani
Resume - Varsharani
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
 
Managed firewall service.
Managed firewall service.Managed firewall service.
Managed firewall service.
 
Mbs t18 a
Mbs t18 aMbs t18 a
Mbs t18 a
 
Security Best Practices for Mobile Development
Security Best Practices for Mobile DevelopmentSecurity Best Practices for Mobile Development
Security Best Practices for Mobile Development
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere Workplace
 
Prabhu Resume
Prabhu ResumePrabhu Resume
Prabhu Resume
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Adaptive Authentication: What, Why and How?
Adaptive Authentication: What, Why and How?Adaptive Authentication: What, Why and How?
Adaptive Authentication: What, Why and How?
 
CSSLP Course
CSSLP CourseCSSLP Course
CSSLP Course
 
Poor authorization and authentication
Poor authorization and authenticationPoor authorization and authentication
Poor authorization and authentication
 

Viewers also liked

글로벌 사례로 보는 데이터로 돈 버는 법 - 트레저데이터 (Treasure Data)
글로벌 사례로 보는 데이터로 돈 버는 법 - 트레저데이터 (Treasure Data)글로벌 사례로 보는 데이터로 돈 버는 법 - 트레저데이터 (Treasure Data)
글로벌 사례로 보는 데이터로 돈 버는 법 - 트레저데이터 (Treasure Data)
Treasure Data, Inc.
 

Viewers also liked (19)

i-law
i-lawi-law
i-law
 
SNS 기반의 프로젝트 커뮤니케이션 효율화 방안
SNS 기반의 프로젝트 커뮤니케이션 효율화 방안SNS 기반의 프로젝트 커뮤니케이션 효율화 방안
SNS 기반의 프로젝트 커뮤니케이션 효율화 방안
 
Web 2.0 기술을 활용한 프로젝트 관리 협업 환경 구축
Web 2.0 기술을 활용한 프로젝트 관리 협업 환경 구축Web 2.0 기술을 활용한 프로젝트 관리 협업 환경 구축
Web 2.0 기술을 활용한 프로젝트 관리 협업 환경 구축
 
Visual PM Program - Hybrid Agile Workshop Program
Visual PM Program - Hybrid Agile Workshop Program Visual PM Program - Hybrid Agile Workshop Program
Visual PM Program - Hybrid Agile Workshop Program
 
2015 RSAC POST Review
2015 RSAC POST Review2015 RSAC POST Review
2015 RSAC POST Review
 
김태영프로필(프로젝트리서치)
김태영프로필(프로젝트리서치)김태영프로필(프로젝트리서치)
김태영프로필(프로젝트리서치)
 
Global BA & PM 워크샵 소개서
Global BA & PM 워크샵 소개서Global BA & PM 워크샵 소개서
Global BA & PM 워크샵 소개서
 
기업 및 프로젝트 커뮤니케이션활성화 툴 SNS
기업 및 프로젝트 커뮤니케이션활성화 툴 SNS기업 및 프로젝트 커뮤니케이션활성화 툴 SNS
기업 및 프로젝트 커뮤니케이션활성화 툴 SNS
 
Visual pmo (hybrid agile) proposal v1 3c
Visual pmo (hybrid agile) proposal v1 3cVisual pmo (hybrid agile) proposal v1 3c
Visual pmo (hybrid agile) proposal v1 3c
 
security architecture
security architecturesecurity architecture
security architecture
 
김태영 프로필 2016
김태영 프로필 2016김태영 프로필 2016
김태영 프로필 2016
 
Visual PMO / ALM 소개서
Visual PMO / ALM 소개서Visual PMO / ALM 소개서
Visual PMO / ALM 소개서
 
기업 프로젝트 성공을 위한 Visual PMO 및 PM성숙도 코칭
기업 프로젝트 성공을 위한 Visual PMO 및 PM성숙도 코칭기업 프로젝트 성공을 위한 Visual PMO 및 PM성숙도 코칭
기업 프로젝트 성공을 위한 Visual PMO 및 PM성숙도 코칭
 
[법무법인 민후 | 김경환 변호사] 기업의 국외진출과 Privacy Policy
[법무법인 민후 | 김경환 변호사] 기업의 국외진출과 Privacy Policy[법무법인 민후 | 김경환 변호사] 기업의 국외진출과 Privacy Policy
[법무법인 민후 | 김경환 변호사] 기업의 국외진출과 Privacy Policy
 
글로벌 사례로 보는 데이터로 돈 버는 법 - 트레저데이터 (Treasure Data)
글로벌 사례로 보는 데이터로 돈 버는 법 - 트레저데이터 (Treasure Data)글로벌 사례로 보는 데이터로 돈 버는 법 - 트레저데이터 (Treasure Data)
글로벌 사례로 보는 데이터로 돈 버는 법 - 트레저데이터 (Treasure Data)
 
POPAPP
POPAPPPOPAPP
POPAPP
 
Papago/N2MT 개발이야기
Papago/N2MT 개발이야기Papago/N2MT 개발이야기
Papago/N2MT 개발이야기
 
Pingbox presentation
Pingbox presentationPingbox presentation
Pingbox presentation
 
Manpacks
ManpacksManpacks
Manpacks
 

Similar to Log-management based on bigdata platform

CV_Jyosthna_SAP BASIS
CV_Jyosthna_SAP BASISCV_Jyosthna_SAP BASIS
CV_Jyosthna_SAP BASIS
JYOSTHNA
 
Resume_Nikhil_Kedar
Resume_Nikhil_KedarResume_Nikhil_Kedar
Resume_Nikhil_Kedar
Nikhil Kedar
 
RatanSingh_JPMorgan
RatanSingh_JPMorganRatanSingh_JPMorgan
RatanSingh_JPMorgan
Ratan Singh
 
CV_Templete_ABB_PORNPAN 05022015
CV_Templete_ABB_PORNPAN 05022015CV_Templete_ABB_PORNPAN 05022015
CV_Templete_ABB_PORNPAN 05022015
pornpan
 
CV_Templete_GUIDE_PORNPAN 05022015
CV_Templete_GUIDE_PORNPAN 05022015CV_Templete_GUIDE_PORNPAN 05022015
CV_Templete_GUIDE_PORNPAN 05022015
pornpan
 
RahulPurwar_Resume
RahulPurwar_ResumeRahulPurwar_Resume
RahulPurwar_Resume
Rahul Purwar
 
24th April 2016
24th April 201624th April 2016
24th April 2016
ydmec
 
Devasis Kumar Mahato - Resume
Devasis Kumar Mahato - ResumeDevasis Kumar Mahato - Resume
Devasis Kumar Mahato - Resume
Devasis Kumar
 

Similar to Log-management based on bigdata platform (20)

Pavan_G
Pavan_GPavan_G
Pavan_G
 
Sap Traning Course Material
Sap Traning Course MaterialSap Traning Course Material
Sap Traning Course Material
 
CV_Jyosthna_SAP BASIS
CV_Jyosthna_SAP BASISCV_Jyosthna_SAP BASIS
CV_Jyosthna_SAP BASIS
 
Resume_Nikhil_Kedar
Resume_Nikhil_KedarResume_Nikhil_Kedar
Resume_Nikhil_Kedar
 
RatanSingh_JPMorgan
RatanSingh_JPMorganRatanSingh_JPMorgan
RatanSingh_JPMorgan
 
CV_Templete_ABB_PORNPAN 05022015
CV_Templete_ABB_PORNPAN 05022015CV_Templete_ABB_PORNPAN 05022015
CV_Templete_ABB_PORNPAN 05022015
 
CV_Templete_GUIDE_PORNPAN 05022015
CV_Templete_GUIDE_PORNPAN 05022015CV_Templete_GUIDE_PORNPAN 05022015
CV_Templete_GUIDE_PORNPAN 05022015
 
Sanjay_shaw
Sanjay_shawSanjay_shaw
Sanjay_shaw
 
Resume1
Resume1Resume1
Resume1
 
RahulPurwar_Resume
RahulPurwar_ResumeRahulPurwar_Resume
RahulPurwar_Resume
 
SAP d-code 2014, Overview Track Stories, v1.02
SAP d-code 2014, Overview Track Stories, v1.02SAP d-code 2014, Overview Track Stories, v1.02
SAP d-code 2014, Overview Track Stories, v1.02
 
24th April 2016
24th April 201624th April 2016
24th April 2016
 
iiNet Westnet casestudy
iiNet Westnet casestudyiiNet Westnet casestudy
iiNet Westnet casestudy
 
Devasis Kumar Mahato - Resume
Devasis Kumar Mahato - ResumeDevasis Kumar Mahato - Resume
Devasis Kumar Mahato - Resume
 
Presentation by GoDB Tech to Zensar #TechShowcase. An iSPIRT ProductNation in...
Presentation by GoDB Tech to Zensar #TechShowcase. An iSPIRT ProductNation in...Presentation by GoDB Tech to Zensar #TechShowcase. An iSPIRT ProductNation in...
Presentation by GoDB Tech to Zensar #TechShowcase. An iSPIRT ProductNation in...
 
Chand_chanu
Chand_chanuChand_chanu
Chand_chanu
 
Gaurav k gupta sr.test consultant
Gaurav k gupta sr.test consultantGaurav k gupta sr.test consultant
Gaurav k gupta sr.test consultant
 
Gaurav k gupta sr.test consultant
Gaurav k gupta sr.test consultantGaurav k gupta sr.test consultant
Gaurav k gupta sr.test consultant
 
Challenges of Mobile HR framework and program
Challenges of Mobile HR framework and programChallenges of Mobile HR framework and program
Challenges of Mobile HR framework and program
 
Gangadhar_Challa_Profile
Gangadhar_Challa_ProfileGangadhar_Challa_Profile
Gangadhar_Challa_Profile
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Log-management based on bigdata platform

  • 1. 빅데이터 플랫폼을 고려한 보안관제 아키텍쳐 김도형 매니저 2014. 9. 17
  • 2. 1 /14 Agenda 1. Introduction 2. About MSS 3. MSS Requirement 4. User Experience 5. Wrap-up (Do & Don’t) 6. Q & A
  • 3. 2 /14 Biz DEVINFRA SECURITY Each function should interact and be integrated in your organization. 1. Introduction > DEVOP’s
  • 4. 3 /14 1. Introduction > Example  PHP Configuration, Application Vul.  Developer, Operator, Security  Personal Information  ID/PASSWORD Attack  Hacking Technology
  • 5. 4 /14 2. About MSS > company overview  History : SK M&C(2008.4) + SK Planet(2011.10)  Mission : HUG  Business Area – Digital Contents : T Store, hoppin, T Cloud, Tictoc, Cyworld, Nate, NateOn, Cymera – Integrated Commerce : 11st, Gifticon, Smart Wallet, Paypin, Styletag, T Shopping – Marketing Communication : OK Cashbag, BENEPIA – Location Based Service : T Map, picket, OK Map, NaviCall – Advertising  Affiliates : SK Communications, Commerce planet, M & Service
  • 6. 5 /14 2. About MSS > spotlighted
  • 7. 6 /14 3. MSS Requirement > Workaround < IT Environment is changing > < Co-operation in your organization >
  • 8. 7 /14 3. MSS Requirement > Cloud Computing & Big data BIG DATA Velocity Diversity Volume Analytics Mobile Web 2.0 Cloud IoT Privacy Legacy Security Incident Management Vague/Fear ?
  • 9. 8 /14 3. MSS Requirement > Architecture(AS-IS) < IDC #1 > <IDC #2> <IDC #3> System Architecture PC 보안 Malware E-mail 보안 L7 Firewall <OFFICE> N-sensor (Firewall, IDS/IPS, DDOS, NTMS) Application-sensor (WAF) Authentication & Log-Management Vul-MNGT(Scanner, Expoit-DB) People & Process 예방 탐지 분석 대응 개선 침해사고 대응지원시스템 취약점 DB Feed Web Shell 탐지 웹 변조 감시 악성코드 감시 보안사고 신고 Honey-Net Log-management 침입정보 분석시스템
  • 10. 9 /149 /14 Firewall Intrusion Prevention System Anti-Malicious Site New-Generation Firewall Antivirus Traditional Security Solutions Unable to block malware from allowed addresses Unable to detect malware Unable to detect malware that needs file-based analysis Unable to block malware from allowed websites Unable to detect unknown malware New Approach Signature based (Known) Signature-less (Unknown) Symptom Oriented Responder-Pro(HBGary) Autopsy Oriented Fire Eye Protection File Comparison Parity Suite(Bit9) True False Positive True Negative False Filtering & Co-relation Event & Vulnerability Multi-dimensional analysis 3. MSS Requirement > New approach Ref : Ahnlab Co-relation, Time series, Function Analysis
  • 11. 10 /1410 /14 The bigger eye-sight for big data analysis rather than security information & Event Signature based (Known) End-point (Host, Server) Sensor (NW, Application) Filter (NW, Application) System log Application log Transaction log Signature-less (Unknown) Blacklist Asset_Vul IntelligenceH-Base Behavior ※ 위∙변조 방지, 일정기간 보관(Volume/Size), 정형/비정형, Parsing/실시간 분석 Multi-Dimensional analysis (Version2.0) Log-management (Time sync & conversion, normalization, forward) Security Intelligence (Visualize & Analytics) 3. MSS Requirement > Progress Direction < Enterprise Environment > Security log < MSS Technology > FW IDS WAF DDOS Web-GW DLP Etc Biz awareness Security awareness
  • 12. 11 /1411 /14 하둡 클러스터 (HIVE) BI 원천 데이터 서버 및 어플라이언스 File, Syslog, SNMP, NetFlow, JDBC, FTP, SFTP, JMX, JMS 등 Analysis 4. User Experience  실시간 데이터 수집 및 저장 – 500G 이상/일, 4만 EPS 이상 – 초당 50만건 저장 및 Indexing – 압축 : 500G → 89G(83%) – 이중화 구성으로 로그유실 최소화 – 암호화 저장 및 해쉬값 보관 – 다양한 프로토콜 및 Parse 지원 – 에이전트 제공  외부시스템 연동 및 시각화 – 다수 분석계로 로그전송 – SDK 제공 및 HDFS 데이터 적재 – BI 솔루션 ETL 수행  강력한 쿼리 및 실시간 분석 – No-Sql (사용방법 직관적) Log-management in SK Planet
  • 13. 12 /1412 /14  Enterprise Architecture - Enterprise에 적합한 보안관제 체계 (R&R, System Integration)  Technology - Don’t Customize (시스템 이해, Partnership)  Process (Communication, Policy) - 무조건 차단하지 말고 보고서를 쓰지 마라 - CERT 체계를 정비하고 대외 CERT와 커뮤니케이션 하라 - 사람도 시스템도 믿지 마라 (프로세스를 믿고 주기적으로 평가하라) - 신고, 취약점 등 모든 징후를 모두 분석하지 않는다 - 직원의 신분을 노출하지 마라 (Ranger VS Reconnaissance)  People (Mission) - 사고를 은폐하지 말고 분석∙ 대응하라 (경험과 노하우를 쌓아라) - 내 권한을 유지하자 (Constituency, 법적 권한) 5. Wrap-up > Do & Don’t
  • 15. 14 /1414 /14 End of Document