Big Data and Security - Where are we now? (2015)

Peter Wood
Chief Executive Officer
First Base Technologies LLP
Big Data and Security
Where are we now?

© First Base Technologies 2015
Who is Peter Wood?
Worked in computers & electronics for 45 years
Founded First Base in 1989 (the first ethical hackers in UK)
Ethical hacker, security evangelist and public speaker
• Fellow of the BCS, the Chartered Institute for IT
• Chartered IT Professional
• CISSP
• Senior Member of the Information Systems Security Association (ISSA)
• 15 Year+ Member of ISACA, Member of the ISACA Security Advisory Group
• Member of the Institute of Information Security Professionals
• Member of the BCS Information Risk Management and Assurance Group
• Chair of white-hats.co.uk
• UK Programme Chair for the Corporate Executive Programme
• Member of ACM, IEEE, First Forensic Forum (F3), Institute of Directors
• Member of Mensa

Agenda
• Big Data 101
• Advanced threats – state of play
• Why Big Data for security?
• How can Big Data help?
• Big Data security challenges
• Summing up

Big Data is quite large
Every day, we create 2.5 quintillion bytes of data — so much that
90% of the data in the world today has been created in the last
two years alone. This data comes from everywhere: sensors used
to gather climate information, posts to social media sites, digital
pictures and videos, purchase transaction records, and cell phone
GPS signals to name a few.
http://www-01.ibm.com/software/data/bigdata/
IDC projects that the digital universe will reach 40 zettabytes
by 2020, resulting in a 50-fold growth from the beginning of
2010 http://uk.emc.com/about/news/press/2012/20121211-01.htm
2.5 quintillion = 2.5 exabytes = 2.5x1018 bytes
40 zettabytes = 40x1021 bytes
57 times all the grains of sand on all the beaches on earth

Big Data can be useful
• Creating transparency by making relevant data more
accessible
• Enabling experimentation to discover needs, expose
variability and improve performance - use data to
analyse variability in performance and understand the
root causes
• Segmenting populations to customise actions and tailor
products and services to meet specific needs
• Replacing/supporting human decision-making with
automated algorithms in order to minimise risk
• Innovating new business models, products and services
McKinsey Global Institute: “Big data: The next frontier for innovation, competition, and productivity”, May 2011

Apache Hadoop
• Created by Doug Cutting and Mike Cafarella in 2005
• Cutting named it after his son's toy elephant
• The Apache Hadoop software library is a framework that allows
for the distributed processing of large data sets across clusters of
computers using simple programming models
• It is designed to scale up from single servers to thousands of
machines, each offering local computation and storage
• Rather than rely on hardware to deliver high-availability, the
library itself is designed to detect and handle failures at the
application layer, so delivering a highly-available service on top
of a cluster of computers, each of which may be prone to failures
http://hadoop.apache.org/

http://bradhedlund.com/2011/09/10/understanding-hadoop-clusters-and-the-network/

Advanced Threats
• Massive increase in advanced malware bypassing
traditional security defences
• Volumes vary substantially among different industries
• Email-based attacks are growing, with link- and
attachment-based malware presenting significant risks
• Cybercriminals are increasingly employing limited-use
domains in their spear phishing emails
• Malicious email attachments growing more diverse,
evading traditional security defences
FireEye Advanced Threat Report

Organisations on average are
experiencing malware-related activities
once every three minutes.
This includes receipt of a malicious email,
a user clicking a link on an infected
website, or an infected machine making
a call back to a command and control
server.
FireEye Advanced Threat Report

The Post Breach Boom, Ponemon Institute
Survey of 3,529 IT and IT security practitioners in US, Canada, UK, Australia, Brazil, Japan, Singapore and UAE

The tipping point inputs
Complex threat landscape:
• Stealth malware
• Targeted attacks
• Social engineering
New technologies and challenges:
• Social networking
• Cloud
• BYOD / consumerisation
• Virtualisation

What do we do today?
Traditional defences:
• Signature-based anti-virus
• Signature-based IDS/IDP
• Firewalls and perimeter devices
Traditional approach:
• Data collection for compliance
• Check-list mindset
• Tactical thinking

Why we need big data tools
• System Log files that can grow by gigabytes per second
• Network data captures, which can grow by 10s of
gigabytes per second
• Intrusion Detection/Protection log files that can grow by
10s of gigabytes per second
• Application Log files that can grow by gigabytes per
second
http://www.virtualizationpractice.com/big-data-security-tools-22075/

http://www.emc.com/collateral/industry-overview/sbic-rpt.pdf

How can Big Data help?
• SIEM on steroids?
• Fraud detection
• APT detection?
• Integration of IT and physical security?
• SIEM + IDS/IPS?
• Predictive analysis

Big Data to Collect
• Logs
• Network traffic
• IT assets
• Senstitive / valuable information
• Vulnerabilities
• Threat intelligence
• Application behaviour
• User behaviour

Big Data Analytics
• Real-time updates
• Behaviour models
• Correlation
• Heuristic capability
• Interoperability
• … advising the analysts?
• … active defence?

Big Data Security Challenges
• Bigger data = bigger breaches?
• New technology = security later?
• Information classification
• Information ownership (outputs and raw data)
• Big data in cloud + BYOD = more problems?
• New security technologies (e.g. ABE)

Big Data Security Risks
• New technology will introduce new vulnerabilities
• Potential for back doors and default credentials
• Attack surface of the nodes in a cluster may not have
been reviewed and servers adequately hardened
• User authentication and access to data from multiple
locations may not be sufficiently controlled
• Regulatory requirements may not be fulfilled, with
access to logs and audit trails problematic
• Significant opportunity for malicious data input and
inadequate data validation

Big Data Privacy Concerns (1)
• “De-Identifed” Information Can Be “Re-Identified”: data
collectors claim that the aggregated information has been “de-
identified”, however, it is possible to re-associate
“anonymous” data with specific individuals, especially since so
much information is linked with smartphones
• Possible Deduction of Personally Identifiable Information: non-
personal data could be used to make predictions of a sensitive
nature, like sexual orientation, financial status, and the like
• Risk of Data Breach Is Increased: The higher concentration of
data, the more appealing a target it makes for hackers, and
the greater impact as a result of the breach
http://www.ftc.gov/public-statements/2012/03/big-data-big-issues

Big Data Privacy Concerns (2)
• "Creepy" Factor: Consumers are often unnerved when they
feel that companies know more about them than they are
willing to volunteer (the anecdote of Target sending baby
related coupons to a teenage girl before she had even told her
immediate family members about her new bundle of joy still
stands as the benchmark horror story of invasive marketing)
• Big Brother or Big Data: Municipalities are using Big Data for
predictive policing and tracking potential terrorist activities.
Concerns have been raised that such uses could become a
slippery slope to using Big Data in a manner that infringes on
individual rights, or could be used to deny consumers
important benefits (such as housing or employment) in lieu of
credit reports.
http://www.ftc.gov/public-statements/2012/03/big-data-big-issues

Big Data Adoption
RSA said in 2013:
Within the next two years, we predict big data analytics
will disrupt the status quo in most information security
product segments, including SIEM; network monitoring;
user authentication and authorization; identity
management; fraud detection; and governance, risk &
compliance.
Big Data Holds Big Promise For Security – RSA Security Brief, January 2013

Summary
• As with all new technologies, security in Big Data use cases
seems to be an afterthought at best
• Big Data breaches will be big too, with even more serious
reputational damage and legal repercussions
• All organisations need to invest in research and study of the
emerging Big Data Security Analytics landscape
• Big Data has the potential to defend against advanced threats,
but requires a Big Re-think of approach
• Relevant skills are key to successful deployment, only the
largest organisations can invest in this now
• Offerings exist for the other 97% that can enhance existing
technologies using cloud-based solutions

Peter Wood
Chief Executive Officer
First Base Technologies LLP
peter@firstbase.co.uk
http://firstbase.co.uk
http://white-hats.co.uk
http://peterwood.com
Twitter: @peterwoodx
Need more information?

Big Data and Security - Where are we now? (2015)

More Related Content

What's hot

Viewers also liked

Similar to Big Data and Security - Where are we now? (2015)

More from Peter Wood

Recently uploaded

Big Data and Security - Where are we now? (2015)

Editor's Notes