Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ProtectWise Revolutionizes Enterprise Network Security in the Cloud with DataStax Platform

1,384 views

Published on

ProtectWise Revolutionizes enterprise Network Security in the Cloud with DataStax Platform

Published in: Technology
  • Be the first to comment

ProtectWise Revolutionizes Enterprise Network Security in the Cloud with DataStax Platform

  1. 1. ProtectWise Revolutionizes Enterprise Network Security in the Cloud with DataStax Platform Gene Stevens Co-founder & CTO gene@protectwise.com Thank you for joining. We will begin shortly. Eric Stevens Principle Architect eric@protectwise.com
  2. 2. All attendees placed on mute Input questions at any time using the online interface Webinar Housekeeping
  3. 3. © 2015 DataStax, All Rights Reserved. 4 Founded April 2013 Based in Denver Enterprise Network Security Launched March 2015 About ProtectWise
  4. 4. The Enterprise Network Security Problem © 2015 DataStax, All Rights Reserved. 5 • Complex threats execute over time • Point solutions overwhelm the human ability to process • Responders don’t scale, they don’t hunt and they are outmatched • Legacy technology not built for modern problems
  5. 5. © 2015 DataStax, All Rights Reserved. 6 The Solution The World’s First Security DVR Platform A single solution that combines Detection, Visibility and Response
  6. 6. © 2015 DataStax, All Rights Reserved. 7 How It Works Egress Core Cloud Remote Ingest Secure Vault Time Machine Visualizer Network Sensors Optimized Network Replay Security DVR Platform
  7. 7. Time Machine Analytics © 2015 DataStax, All Rights Reserved. 8 Behavioral Analytics Machine Learning Reputation Signatures Real Time Analysis +24 hours +1 month +6 months Predictive Analysis C1 C2 C3 Collective Correlation 24 hours 1 month 6 months 1 year Automated Retrospective Analysis Network Traffic
  8. 8. ProtectWise Demo © 2015 DataStax, All Rights Reserved. 9 Security DVR Visualizer
  9. 9. Network Security and High Scalability Scale meets Security delivered as a Utility • Enterprise networks produce massive intel output • Real time workloads surge wildly • Latency is king • Infinite I/O • A high fidelity memory for the network in the cloud • Fault tolerant, distributed, asynchronous, parallel and concurrent © 2015 DataStax, All Rights Reserved. 10
  10. 10. Building a Memory for the Network © 2014 DataStax, All Rights Reserved. 11 A high fidelity Memory for the Network in the Cloud • Turning the network into a database which speaks IP • High fidelity emphasis on packets: the network does not lie • Haystack is inherently advantaged to being asked new questions • The bad guys are always one step ahead • Linear scale requirements • Constant response times
  11. 11. Building a Time Machine © 2014 DataStax, All Rights Reserved. 12 A massive State Machine in the Cloud with a comprehensive sense of time • Strong focus on time-series and time oriented views • Half a billion new records per day • Write demand increases with growth • Performance becomes more strict with growth • Retrospection fires tens of thousands of times per day • Constant time performance must be assumed • We need to be able to recall those records with consistent high performance • Shortening the OODA Loop (Observe, Orient, Decide, Act) improves analyst performance
  12. 12. Core Characteristics • Stream processing, not batch processing • Unbounded data processing • Out of order data • Accuracy and correctness • Not lambda architecture © 2015 DataStax, All Rights Reserved. 13 Stream Processing at Scale On massive I/O streams • Packet processing at Gigabits per second • Network shattering: destructuring at wire speed • Near real time threat detection • Data processing at millions of transactions per second
  13. 13. Cassandra at ProtectWise © 2015 DataStax, All Rights Reserved. 14 Why Cassandra • Time Series • Write optimized • Surge friendly • Cluster sophistication • Atypical data structures • Hot spots Use Cases • Network flows • Applications and protocols • Observations & Events • Context • Incident Response • Forensics
  14. 14. DSE Search at ProtectWise - Solr © 2015 DataStax, All Rights Reserved. 15 Why DSE Search • Solves data parity/synchronization issues • Very low effort to get online, lets us focus on core business • Enables query classes difficult to solve with Cassandra alone Use Cases • Open ended search of the entire haystack • Relationship graphing • Conversation tracing • Threat indicator history and performance • Incident Response • Forensics
  15. 15. Why Not RDBMS or Hadoop? © 2014 DataStax, All Rights Reserved. 16 Industry shift away from Batch to Stream RDBMS • Lack of horizontal linear scalability • Relational structures not core challenge Hadoop • Can’t answer questions in real time • We’re looking through history tens of thousands of times per day • An analyst can’t afford repeated multiple-second response times when investigating an incident: seconds matter
  16. 16. Analytics and Other Tech © 2014 DataStax, All Rights Reserved. 17 New TechFamiliar Tech Scala + Akka - pretty much everything Kafka - async message passing, offline queues Storm - Simple counters Spark - Historic schema processing Thrift - Tuple messaging, transport, RPC Node.js - Visualizer, customer APIs Impala - Offline threat research, operational validation Scala + Akka - All custom tech Swarm - Distributed packet delivery and processing, module containerization Streamy - Framework for streaming tuple processing Count Sumula - Advanced counters Broski - Threat engine, state machine Custom data formats - packet handling, binary protocols
  17. 17. Future Tech Graph databases - Edge walking, property distribution, relationship discovery, distance calculations Attack Prediction - Early warning system, organizational profiling, risk forecast, anticipation engine Asset Profiling - Unsupervised deep learning, baselining, behavioral profile shifts Deep Learning – Neural nets, supervised and unsupervised, retrospective propagation, layered intelligence, automated fitness © 2014 DataStax, All Rights Reserved. Company Confidential 18
  18. 18. Thank you! Input questions at any time using the online interface

×