SlideShare a Scribd company logo

Big Data Approaches to Cloud Security

Paul Morse
Paul Morse

Slides of a talk given to the Seattle Chapter of the Cloud Security Alliance. Looks briefly at Architectures, Sources of Log Data, and behavioral signatures in the data and issues and observations around using Big Data products for security.

1 of 21
Download to read offline
BIG DATA APPROACHES TO CLOUD SECURITY Paul Morse – President, WebMall Ventures Cloud Security Alliance, Seattle Chapter 3/28/2013
“BIG DATA IS NOT JUST ABOUT LOTS OF DATA, IT IS ABOUT HAVING THE ABILITY TO EXTRACT MEANING; TO SORT THROUGH THE MASSES OF DATA ELEMENTS TO DISCOVER THE HIDDEN PATTERN, THE UNEXPECTED CORRELATION,” Art Coviello, executive chairman of RSA ON THE SURFACE, BIG DATA SEEMS TO BE ALL ABOUT BUSINESS INTELLIGENCE AND ANALYTICS, BUT IT ALSO AFFECTS THE NITTY- GRITTY OF POWER AND COOLING, NETWORKING, STORAGE AND DATA CENTER EXPANSION.
AGENDA • Observations • Cloud Architectures/Components • Machine-Generated Data • Sources of Data • Time Sequencing of Events • Searching for Behavior • Recent Hack Examples
OBSERVATIONS • Big Data solutions are changing the game for security practitioners and execs • Provide the ability to look at discovery, detection and remediation across large portions of the organization in entirely new ways • Correlation between seemingly unrelated events in near real time is now relatively easy • Growing range of solution types – simple to highly complex • Roll your own to pre-packaged solutions • On-prem, Public Cloud-based and Hybrid • Simple Log search to Predictive Analysis with complex dashboards and reporting • Some solutions have extremely short “time to value” propositions • “Big Data Washing” like “Cloud Washing” is showing up • Prices vary – Free to mondo • It is NOT the holy grail for security but has many advantages over traditional SIEM products – real time, large amounts of data, broad event correlation, etc.
SET THE STAGE • Many perspectives to Cloud Computing • Main focus for this talk is as a Public Cloud Provider • You are the “owner” of the facility – all of it. • Infrastructure-centric discussion • How do Big Data solutions improve Security?
YOUR CLOUD DATACENTER
SCADA DATA SOURCES Backup Generators Door Wireless Devices Backup Batteries Sensors RFID PC’s Tablets Power Card Key Storage Distribution Systems Printers Phones? This is your attack surface Temp Water System Servers Sensors Lighting controls Routers/Switches I want all the data in one searchable repository and available in near real time
SECURE? THINK AGAIN. • Internet Mapping Project • “harmless” Port ping and bot install • 660 million IPs with 71 billion ports tested • 460 Million Devices Responded • Resulted in 420 thousand bots • Stupid uid/pwd combos • Admin/admin, Admin/no pwd, root/root, root/no pwd • What’s on your network? http://internetcensus2012.bitbucket.org/paper.html
CAUSE FOR PAUSE “ We hope other researchers will find the data we have collected useful and that this publication will help raise some awareness that, while everybody is talking about high class exploits and cyberwar, four simple stupid default telnet passwords can give you access to hundreds of thousands of consumer as well as tens of thousands of industrial devices all over the world.”
MACHINE DATA • Isn’t it really all machine data?  • Machine-generated data (MGD) is the generic term for information which was automatically created from a computer process, application, or other machine without the intervention of a human. • Network Device Log files • Event logs • Application logs • RFID logs • Storage logs • HVAC Logs • Sensor data • Etc.
MACHINE DATA EXAMPLES Apache [Fri Sep 09 10:42:29.902022 2011] [core:error] [pid 35708:tid 4328636416] [client 72.15.99.187] File does not exist: /usr/local/apache2/htdocs/favicon.ico Juniper Sep 10 07:06:45 host rpd[6451]: bgp_listen_accept: Connection attempt from unconfigured neighbor: 10.0.8.1+1350 Sep 10 07:07:53 host login: 2 LOGIN FAILURES FROM 172.24.16.21 Sep 10 07:08:25 host inetd[2785]: /usr/libexec/telnetd[7251]: exit status 0x100 Oracle/Siebel SQLParseAndExecute Statement 4 0 2003-05-13 14:07:38 select ROW_ID, NEXT_SESSION, MODIFICATION_NUM from dbo.S_SSA_ID IIS 192.168.114.201, -, 03/20/01, 7:55:20, W3SVC2, SALES1, 172.21.13.45, 4502, 163, 3223, 200, 0, GET, /DeptLogo.gif, -, 172.16.255.255, anonymous, 03/20/01, 23:58:11, MSFTPSVC, SALES1, 172.16.255.255, 60, 275, 0, 0, 0, PASS, /Intro.htm, -, Card Reader 10/23/04 06:16:32,Administrator,00000101,Anderman,Penny,00026,01000,10/22/2005 10/23/04 06:16:32,West Gate,00000100,Peterson,Bob,00954,01000,10/21/2005
TIME SEQUENCE OF EVENTS Outbound Traffic Terminate Sess Delete logs Installer runs Upload Small File Command Fail Pass Login Attempt Server TOR LB Front end IP Address/Packet T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 T17 T18 T19
TIME SEQUENCE OF EVENTS Terminate Sess Delete logs Update Upload Small File Command Fail Pass Login Attempt Device TOR LB Front end IP Address/Packet T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 T17 T18
TIME SEQUENCE OF EVENTS Terminate Sess Delete logs Update Upload Small File Command Fail Pass Login Attempt Device IP Address/Packet T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 T17 T18 Door 5 Door 4 Door 3 Door 2 Door 1 T-30 T-15 T0 T15 T30 T45
SOME AREAS TO CONSIDER • Ingesting various data formats • Many vendors claim it is easy, when it may not be • Transforms and connectors may be required (affect performance) • Device companies create add-ons, connectors, dashboards, transforms, queries, etc • Speed of indexing determines “real time” abilities • Do you need to index ALL machine data? • Vendor-specific Query languages • No standard, some commonality • Learning curve for seriously complex queries and operationalizing environment • Dashboards and Visualizations Vary • Large number of simultaneous queries is required • Workflow is critical – what happens when you find something? • Implementation architecture – lots of hardware? Bandwidth? Security? Users? • Data Governance – You found what?
HACK EXAMPLES • DOJ in January • Defacement • What specific behavior happened and what did they do? • Log in Remotely • Completely replace Index.* • Solution – monitor index.* and set up a parsing stream and search for a code in the html. Call a workflow if the file changes or the code doesn’t match. • DDoS • Overwhelm Website • Solution – compare request rate of increase to a previous ‘norm”. If the disparity is great enough, call a workflow to check IP addresses of source(s). Depending on results, do nothing or script a filter or block.
VENDORS AND GETTING STARTED • Hadoop with Flume • Getting Started • HP ArcSight • Easiest – Cloud Based • Loggly • Sumo Logic • Splunk Storm • Logrythm • Download and Install • SumoLogic • Loggly • LogScape • Logrythm • LogStash • LogScape • Sawmill • LogStash • Sawmill • Splunk • Splunk • Splunk Storm • Hadoop/Flume/Pig
Big Data Approaches to Cloud Security

Recommended

Is Your Data Secure
Is Your Data SecureIs Your Data Secure
Is Your Data Secure
Real-Time Innovations (RTI)
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Real-Time Innovations (RTI)
 
How to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bagHow to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bag
Beau Bullock
 
Pentest Apocalypse
Pentest ApocalypsePentest Apocalypse
Pentest Apocalypse
Beau Bullock
 
BYOD Monitoring
BYOD MonitoringBYOD Monitoring
BYOD Monitoring
NetFlow Analyzer
 
A Google Event You Won't Forget
A Google Event You Won't ForgetA Google Event You Won't Forget
A Google Event You Won't Forget
Beau Bullock
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team Apocalypse
Beau Bullock
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
 

Recommended

Is Your Data Secure
Is Your Data SecureIs Your Data Secure
Is Your Data Secure
Real-Time Innovations (RTI)
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Real-Time Innovations (RTI)
 
How to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bagHow to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bag
Beau Bullock
 
Pentest Apocalypse
Pentest ApocalypsePentest Apocalypse
Pentest Apocalypse
Beau Bullock
 
BYOD Monitoring
BYOD MonitoringBYOD Monitoring
BYOD Monitoring
NetFlow Analyzer
 
A Google Event You Won't Forget
A Google Event You Won't ForgetA Google Event You Won't Forget
A Google Event You Won't Forget
Beau Bullock
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team Apocalypse
Beau Bullock
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
 
SplunkLive! London 2016 Splunk for IT Ops
SplunkLive! London 2016 Splunk for IT OpsSplunkLive! London 2016 Splunk for IT Ops
SplunkLive! London 2016 Splunk for IT Ops
Splunk
 
Cloud Security - A Visibility Challenge
Cloud Security - A Visibility ChallengeCloud Security - A Visibility Challenge
Cloud Security - A Visibility Challenge
Raffael Marty
 
Security Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 PredictionsSecurity Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 Predictions
Raffael Marty
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShell
Beau Bullock
 
DIY Technology for the Internet of Things
DIY Technology for the Internet of ThingsDIY Technology for the Internet of Things
DIY Technology for the Internet of Things
srmonk
 
Iot Workshop Columbus
Iot Workshop ColumbusIot Workshop Columbus
Iot Workshop Columbus
Mike Branstein
 
SplunkLive! Austin Customer Presentation - Xerox
SplunkLive! Austin Customer Presentation - XeroxSplunkLive! Austin Customer Presentation - Xerox
SplunkLive! Austin Customer Presentation - Xerox
Splunk
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
stricaud
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?
Beau Bullock
 
SplunkLive! Wien 2016 - Splunk für IT Operations
SplunkLive! Wien 2016 - Splunk für IT OperationsSplunkLive! Wien 2016 - Splunk für IT Operations
SplunkLive! Wien 2016 - Splunk für IT Operations
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 Edition
Beau Bullock
 
Splunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceSplunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service Intelligence
CleverDATA
 
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingDelivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Rivetz
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT TroubleshootingSplunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting
Splunk
 
DNA: an overview
DNA: an overviewDNA: an overview
DNA: an overview
Cisco DevNet
 
Future Proofing your Data Center Network
Future Proofing your Data Center NetworkFuture Proofing your Data Center Network
Future Proofing your Data Center Network
InnoTech
 
Large enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversizeLarge enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversize
Mona Arkhipova
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
jmical
 
Intro to SDN - Part IV
Intro to SDN - Part IVIntro to SDN - Part IV
Intro to SDN - Part IV
Tallac Networks
 
Iaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloud
Iaetsd Iaetsd
 
Deep-Dive into Big Data ETL with ODI12c and Oracle Big Data Connectors
Deep-Dive into Big Data ETL with ODI12c and Oracle Big Data ConnectorsDeep-Dive into Big Data ETL with ODI12c and Oracle Big Data Connectors
Deep-Dive into Big Data ETL with ODI12c and Oracle Big Data Connectors
Mark Rittman
 

More Related Content

What's hot

SplunkLive! London 2016 Splunk for IT Ops
SplunkLive! London 2016 Splunk for IT OpsSplunkLive! London 2016 Splunk for IT Ops
SplunkLive! London 2016 Splunk for IT Ops
Splunk
 
Cloud Security - A Visibility Challenge
Cloud Security - A Visibility ChallengeCloud Security - A Visibility Challenge
Cloud Security - A Visibility Challenge
Raffael Marty
 
Security Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 PredictionsSecurity Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 Predictions
Raffael Marty
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShell
Beau Bullock
 
DIY Technology for the Internet of Things
DIY Technology for the Internet of ThingsDIY Technology for the Internet of Things
DIY Technology for the Internet of Things
srmonk
 
Iot Workshop Columbus
Iot Workshop ColumbusIot Workshop Columbus
Iot Workshop Columbus
Mike Branstein
 
SplunkLive! Austin Customer Presentation - Xerox
SplunkLive! Austin Customer Presentation - XeroxSplunkLive! Austin Customer Presentation - Xerox
SplunkLive! Austin Customer Presentation - Xerox
Splunk
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
stricaud
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?
Beau Bullock
 
SplunkLive! Wien 2016 - Splunk für IT Operations
SplunkLive! Wien 2016 - Splunk für IT OperationsSplunkLive! Wien 2016 - Splunk für IT Operations
SplunkLive! Wien 2016 - Splunk für IT Operations
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 Edition
Beau Bullock
 
Splunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceSplunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service Intelligence
CleverDATA
 
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingDelivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Rivetz
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT TroubleshootingSplunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting
Splunk
 
DNA: an overview
DNA: an overviewDNA: an overview
DNA: an overview
Cisco DevNet
 
Future Proofing your Data Center Network
Future Proofing your Data Center NetworkFuture Proofing your Data Center Network
Future Proofing your Data Center Network
InnoTech
 
Large enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversizeLarge enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversize
Mona Arkhipova
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
jmical
 
Intro to SDN - Part IV
Intro to SDN - Part IVIntro to SDN - Part IV
Intro to SDN - Part IV
Tallac Networks
 

What's hot (20)

SplunkLive! London 2016 Splunk for IT Ops
SplunkLive! London 2016 Splunk for IT OpsSplunkLive! London 2016 Splunk for IT Ops
SplunkLive! London 2016 Splunk for IT Ops
 
Cloud Security - A Visibility Challenge
Cloud Security - A Visibility ChallengeCloud Security - A Visibility Challenge
Cloud Security - A Visibility Challenge
 
Security Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 PredictionsSecurity Visualization - State of 2010 and 2011 Predictions
Security Visualization - State of 2010 and 2011 Predictions
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShell
 
DIY Technology for the Internet of Things
DIY Technology for the Internet of ThingsDIY Technology for the Internet of Things
DIY Technology for the Internet of Things
 
Iot Workshop Columbus
Iot Workshop ColumbusIot Workshop Columbus
Iot Workshop Columbus
 
SplunkLive! Austin Customer Presentation - Xerox
SplunkLive! Austin Customer Presentation - XeroxSplunkLive! Austin Customer Presentation - Xerox
SplunkLive! Austin Customer Presentation - Xerox
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?
 
SplunkLive! Wien 2016 - Splunk für IT Operations
SplunkLive! Wien 2016 - Splunk für IT OperationsSplunkLive! Wien 2016 - Splunk für IT Operations
SplunkLive! Wien 2016 - Splunk für IT Operations
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 Edition
 
Splunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceSplunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service Intelligence
 
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingDelivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted Computing
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT TroubleshootingSplunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting
 
DNA: an overview
DNA: an overviewDNA: an overview
DNA: an overview
 
Future Proofing your Data Center Network
Future Proofing your Data Center NetworkFuture Proofing your Data Center Network
Future Proofing your Data Center Network
 
Large enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversizeLarge enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversize
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
 
Intro to SDN - Part IV
Intro to SDN - Part IVIntro to SDN - Part IV
Intro to SDN - Part IV
 

Viewers also liked

Iaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloud
Iaetsd Iaetsd
 
Deep-Dive into Big Data ETL with ODI12c and Oracle Big Data Connectors
Deep-Dive into Big Data ETL with ODI12c and Oracle Big Data ConnectorsDeep-Dive into Big Data ETL with ODI12c and Oracle Big Data Connectors
Deep-Dive into Big Data ETL with ODI12c and Oracle Big Data Connectors
Mark Rittman
 
Big data, security, and the cloud
Big data, security, and the cloudBig data, security, and the cloud
Big data, security, and the cloud
Pano Xinos
 
ETL big data with apache hadoop
ETL big data with apache hadoopETL big data with apache hadoop
ETL big data with apache hadoop
Maulik Thaker
 
Cloud Computing - Security (BIG Data)
Cloud Computing - Security (BIG Data)Cloud Computing - Security (BIG Data)
Cloud Computing - Security (BIG Data)
Vasanth Ganesan
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
Raffael Marty
 
Identity Based Secure Distributed Storage Scheme
Identity Based Secure Distributed Storage SchemeIdentity Based Secure Distributed Storage Scheme
Identity Based Secure Distributed Storage Scheme
Venkatesh Devam ☁
 
Testing Big Data: Automated ETL Testing of Hadoop
Testing Big Data: Automated ETL Testing of HadoopTesting Big Data: Automated ETL Testing of Hadoop
Testing Big Data: Automated ETL Testing of Hadoop
Bill Hayduk
 
Computer networking
Computer networking Computer networking
Computer networking
Sukrant Chandna
 
Network Security
Network SecurityNetwork Security
Network Security
Raymond Jose
 
Data storage security in cloud computing
Data storage security in cloud computingData storage security in cloud computing
Data storage security in cloud computing
Sonali Jain
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 

Viewers also liked (15)

Iaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloud
 
Deep-Dive into Big Data ETL with ODI12c and Oracle Big Data Connectors
Deep-Dive into Big Data ETL with ODI12c and Oracle Big Data ConnectorsDeep-Dive into Big Data ETL with ODI12c and Oracle Big Data Connectors
Deep-Dive into Big Data ETL with ODI12c and Oracle Big Data Connectors
 
Big data, security, and the cloud
Big data, security, and the cloudBig data, security, and the cloud
Big data, security, and the cloud
 
ETL big data with apache hadoop
ETL big data with apache hadoopETL big data with apache hadoop
ETL big data with apache hadoop
 
Cloud Computing - Security (BIG Data)
Cloud Computing - Security (BIG Data)Cloud Computing - Security (BIG Data)
Cloud Computing - Security (BIG Data)
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
 
Identity Based Secure Distributed Storage Scheme
Identity Based Secure Distributed Storage SchemeIdentity Based Secure Distributed Storage Scheme
Identity Based Secure Distributed Storage Scheme
 
Testing Big Data: Automated ETL Testing of Hadoop
Testing Big Data: Automated ETL Testing of HadoopTesting Big Data: Automated ETL Testing of Hadoop
Testing Big Data: Automated ETL Testing of Hadoop
 
Computer networking
Computer networking Computer networking
Computer networking
 
Network Security
Network SecurityNetwork Security
Network Security
 
Data storage security in cloud computing
Data storage security in cloud computingData storage security in cloud computing
Data storage security in cloud computing
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Similar to Big Data Approaches to Cloud Security

Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
Novell
 
PXL Data Engineering Workshop By Selligent
PXL Data Engineering Workshop By Selligent PXL Data Engineering Workshop By Selligent
PXL Data Engineering Workshop By Selligent
Jonny Daenen
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
John Adams
 
Smart Object Architecture
Smart Object ArchitectureSmart Object Architecture
Smart Object Architecture
Hannes Tschofenig
 
Setting Up InfluxDB for IoT by David G Simmons
Setting Up InfluxDB for IoT by David G SimmonsSetting Up InfluxDB for IoT by David G Simmons
Setting Up InfluxDB for IoT by David G Simmons
InfluxData
 
Slide share device to iot solution – a blueprint
Slide share device to iot solution – a blueprintSlide share device to iot solution – a blueprint
Slide share device to iot solution – a blueprint
Guy Vinograd ☁
 
Iot vupico-damien-contreras-2018-05-17-light-v3
Iot vupico-damien-contreras-2018-05-17-light-v3Iot vupico-damien-contreras-2018-05-17-light-v3
Iot vupico-damien-contreras-2018-05-17-light-v3
Damien Contreras
 
CQRS and Event Sourcing for IoT applications
CQRS and Event Sourcing for IoT applicationsCQRS and Event Sourcing for IoT applications
CQRS and Event Sourcing for IoT applications
Michael Blackstock
 
How Will Going Virtual Impact Your Search Performance?
How Will Going Virtual Impact Your Search Performance?How Will Going Virtual Impact Your Search Performance?
How Will Going Virtual Impact Your Search Performance?
IdeaEng
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
 
End to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdfEnd to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdf
Alvaro Viebrantz
 
L'Internet des objets (IDO)
L'Internet des objets (IDO)L'Internet des objets (IDO)
L'Internet des objets (IDO)
Cisco Canada
 
Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool
sangam biradar
 
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkCoding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE framework
James Wickett
 
Building a Database for the End of the World
Building a Database for the End of the WorldBuilding a Database for the End of the World
Building a Database for the End of the World
jhugg
 
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
smallerror
 
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
xlight
 
Fixing twitter
Fixing twitterFixing twitter
Fixing twitter
Roger Xia
 
Fixing_Twitter
Fixing_TwitterFixing_Twitter
Fixing_Twitter
liujianrong
 

Similar to Big Data Approaches to Cloud Security (20)

Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
PXL Data Engineering Workshop By Selligent
PXL Data Engineering Workshop By Selligent PXL Data Engineering Workshop By Selligent
PXL Data Engineering Workshop By Selligent
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
 
Smart Object Architecture
Smart Object ArchitectureSmart Object Architecture
Smart Object Architecture
 
Setting Up InfluxDB for IoT by David G Simmons
Setting Up InfluxDB for IoT by David G SimmonsSetting Up InfluxDB for IoT by David G Simmons
Setting Up InfluxDB for IoT by David G Simmons
 
Slide share device to iot solution – a blueprint
Slide share device to iot solution – a blueprintSlide share device to iot solution – a blueprint
Slide share device to iot solution – a blueprint
 
Iot vupico-damien-contreras-2018-05-17-light-v3
Iot vupico-damien-contreras-2018-05-17-light-v3Iot vupico-damien-contreras-2018-05-17-light-v3
Iot vupico-damien-contreras-2018-05-17-light-v3
 
CQRS and Event Sourcing for IoT applications
CQRS and Event Sourcing for IoT applicationsCQRS and Event Sourcing for IoT applications
CQRS and Event Sourcing for IoT applications
 
How Will Going Virtual Impact Your Search Performance?
How Will Going Virtual Impact Your Search Performance?How Will Going Virtual Impact Your Search Performance?
How Will Going Virtual Impact Your Search Performance?
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
 
End to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdfEnd to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdf
 
L'Internet des objets (IDO)
L'Internet des objets (IDO)L'Internet des objets (IDO)
L'Internet des objets (IDO)
 
Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool
 
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkCoding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE framework
 
Building a Database for the End of the World
Building a Database for the End of the WorldBuilding a Database for the End of the World
Building a Database for the End of the World
 
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
 
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
Fixing Twitter Improving The Performance And Scalability Of The Worlds Most ...
 
Fixing twitter
Fixing twitterFixing twitter
Fixing twitter
 
Fixing_Twitter
Fixing_TwitterFixing_Twitter
Fixing_Twitter
 

More from Paul Morse

Microsoft 365 Enterprise Value Options
Microsoft 365 Enterprise Value OptionsMicrosoft 365 Enterprise Value Options
Microsoft 365 Enterprise Value Options
Paul Morse
 
Billion Node Cloud
Billion Node CloudBillion Node Cloud
Billion Node Cloud
Paul Morse
 
Local Media MicroServer
Local Media MicroServerLocal Media MicroServer
Local Media MicroServer
Paul Morse
 
Hadoop Desktop Cluster
Hadoop Desktop ClusterHadoop Desktop Cluster
Hadoop Desktop Cluster
Paul Morse
 
Solar Powered MicroServers - Green Computing
Solar Powered MicroServers - Green ComputingSolar Powered MicroServers - Green Computing
Solar Powered MicroServers - Green Computing
Paul Morse
 
The Era of MicroServers
The Era of MicroServersThe Era of MicroServers
The Era of MicroServers
Paul Morse
 
Desktop Private Cloud
Desktop Private CloudDesktop Private Cloud
Desktop Private Cloud
Paul Morse
 
Decision Making with Cost, Value and Risk
Decision Making with Cost, Value and RiskDecision Making with Cost, Value and Risk
Decision Making with Cost, Value and Risk
Paul Morse
 

More from Paul Morse (8)

Microsoft 365 Enterprise Value Options
Microsoft 365 Enterprise Value OptionsMicrosoft 365 Enterprise Value Options
Microsoft 365 Enterprise Value Options
 
Billion Node Cloud
Billion Node CloudBillion Node Cloud
Billion Node Cloud
 
Local Media MicroServer
Local Media MicroServerLocal Media MicroServer
Local Media MicroServer
 
Hadoop Desktop Cluster
Hadoop Desktop ClusterHadoop Desktop Cluster
Hadoop Desktop Cluster
 
Solar Powered MicroServers - Green Computing
Solar Powered MicroServers - Green ComputingSolar Powered MicroServers - Green Computing
Solar Powered MicroServers - Green Computing
 
The Era of MicroServers
The Era of MicroServersThe Era of MicroServers
The Era of MicroServers
 
Desktop Private Cloud
Desktop Private CloudDesktop Private Cloud
Desktop Private Cloud
 
Decision Making with Cost, Value and Risk
Decision Making with Cost, Value and RiskDecision Making with Cost, Value and Risk
Decision Making with Cost, Value and Risk
 

Recently uploaded

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 

Recently uploaded (20)

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 

Big Data Approaches to Cloud Security

  • 1. BIG DATA APPROACHES TO CLOUD SECURITY Paul Morse – President, WebMall Ventures Cloud Security Alliance, Seattle Chapter 3/28/2013
  • 2. “BIG DATA IS NOT JUST ABOUT LOTS OF DATA, IT IS ABOUT HAVING THE ABILITY TO EXTRACT MEANING; TO SORT THROUGH THE MASSES OF DATA ELEMENTS TO DISCOVER THE HIDDEN PATTERN, THE UNEXPECTED CORRELATION,” Art Coviello, executive chairman of RSA ON THE SURFACE, BIG DATA SEEMS TO BE ALL ABOUT BUSINESS INTELLIGENCE AND ANALYTICS, BUT IT ALSO AFFECTS THE NITTY- GRITTY OF POWER AND COOLING, NETWORKING, STORAGE AND DATA CENTER EXPANSION.
  • 3. AGENDA • Observations • Cloud Architectures/Components • Machine-Generated Data • Sources of Data • Time Sequencing of Events • Searching for Behavior • Recent Hack Examples
  • 4. OBSERVATIONS • Big Data solutions are changing the game for security practitioners and execs • Provide the ability to look at discovery, detection and remediation across large portions of the organization in entirely new ways • Correlation between seemingly unrelated events in near real time is now relatively easy • Growing range of solution types – simple to highly complex • Roll your own to pre-packaged solutions • On-prem, Public Cloud-based and Hybrid • Simple Log search to Predictive Analysis with complex dashboards and reporting • Some solutions have extremely short “time to value” propositions • “Big Data Washing” like “Cloud Washing” is showing up • Prices vary – Free to mondo • It is NOT the holy grail for security but has many advantages over traditional SIEM products – real time, large amounts of data, broad event correlation, etc.
  • 5. SET THE STAGE • Many perspectives to Cloud Computing • Main focus for this talk is as a Public Cloud Provider • You are the “owner” of the facility – all of it. • Infrastructure-centric discussion • How do Big Data solutions improve Security?
  • 7.
  • 8.
  • 9. SCADA DATA SOURCES Backup Generators Door Wireless Devices Backup Batteries Sensors RFID PC’s Tablets Power Card Key Storage Distribution Systems Printers Phones? This is your attack surface Temp Water System Servers Sensors Lighting controls Routers/Switches I want all the data in one searchable repository and available in near real time
  • 10. SECURE? THINK AGAIN. • Internet Mapping Project • “harmless” Port ping and bot install • 660 million IPs with 71 billion ports tested • 460 Million Devices Responded • Resulted in 420 thousand bots • Stupid uid/pwd combos • Admin/admin, Admin/no pwd, root/root, root/no pwd • What’s on your network? http://internetcensus2012.bitbucket.org/paper.html
  • 11. CAUSE FOR PAUSE “ We hope other researchers will find the data we have collected useful and that this publication will help raise some awareness that, while everybody is talking about high class exploits and cyberwar, four simple stupid default telnet passwords can give you access to hundreds of thousands of consumer as well as tens of thousands of industrial devices all over the world.”
  • 12. MACHINE DATA • Isn’t it really all machine data?  • Machine-generated data (MGD) is the generic term for information which was automatically created from a computer process, application, or other machine without the intervention of a human. • Network Device Log files • Event logs • Application logs • RFID logs • Storage logs • HVAC Logs • Sensor data • Etc.
  • 13. MACHINE DATA EXAMPLES Apache [Fri Sep 09 10:42:29.902022 2011] [core:error] [pid 35708:tid 4328636416] [client 72.15.99.187] File does not exist: /usr/local/apache2/htdocs/favicon.ico Juniper Sep 10 07:06:45 host rpd[6451]: bgp_listen_accept: Connection attempt from unconfigured neighbor: 10.0.8.1+1350 Sep 10 07:07:53 host login: 2 LOGIN FAILURES FROM 172.24.16.21 Sep 10 07:08:25 host inetd[2785]: /usr/libexec/telnetd[7251]: exit status 0x100 Oracle/Siebel SQLParseAndExecute Statement 4 0 2003-05-13 14:07:38 select ROW_ID, NEXT_SESSION, MODIFICATION_NUM from dbo.S_SSA_ID IIS 192.168.114.201, -, 03/20/01, 7:55:20, W3SVC2, SALES1, 172.21.13.45, 4502, 163, 3223, 200, 0, GET, /DeptLogo.gif, -, 172.16.255.255, anonymous, 03/20/01, 23:58:11, MSFTPSVC, SALES1, 172.16.255.255, 60, 275, 0, 0, 0, PASS, /Intro.htm, -, Card Reader 10/23/04 06:16:32,Administrator,00000101,Anderman,Penny,00026,01000,10/22/2005 10/23/04 06:16:32,West Gate,00000100,Peterson,Bob,00954,01000,10/21/2005
  • 14. TIME SEQUENCE OF EVENTS Outbound Traffic Terminate Sess Delete logs Installer runs Upload Small File Command Fail Pass Login Attempt Server TOR LB Front end IP Address/Packet T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 T17 T18 T19
  • 15. TIME SEQUENCE OF EVENTS Terminate Sess Delete logs Update Upload Small File Command Fail Pass Login Attempt Device TOR LB Front end IP Address/Packet T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 T17 T18
  • 16. TIME SEQUENCE OF EVENTS Terminate Sess Delete logs Update Upload Small File Command Fail Pass Login Attempt Device IP Address/Packet T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 T17 T18 Door 5 Door 4 Door 3 Door 2 Door 1 T-30 T-15 T0 T15 T30 T45
  • 17. SOME AREAS TO CONSIDER • Ingesting various data formats • Many vendors claim it is easy, when it may not be • Transforms and connectors may be required (affect performance) • Device companies create add-ons, connectors, dashboards, transforms, queries, etc • Speed of indexing determines “real time” abilities • Do you need to index ALL machine data? • Vendor-specific Query languages • No standard, some commonality • Learning curve for seriously complex queries and operationalizing environment • Dashboards and Visualizations Vary • Large number of simultaneous queries is required • Workflow is critical – what happens when you find something? • Implementation architecture – lots of hardware? Bandwidth? Security? Users? • Data Governance – You found what?
  • 18.
  • 19. HACK EXAMPLES • DOJ in January • Defacement • What specific behavior happened and what did they do? • Log in Remotely • Completely replace Index.* • Solution – monitor index.* and set up a parsing stream and search for a code in the html. Call a workflow if the file changes or the code doesn’t match. • DDoS • Overwhelm Website • Solution – compare request rate of increase to a previous ‘norm”. If the disparity is great enough, call a workflow to check IP addresses of source(s). Depending on results, do nothing or script a filter or block.
  • 20. VENDORS AND GETTING STARTED • Hadoop with Flume • Getting Started • HP ArcSight • Easiest – Cloud Based • Loggly • Sumo Logic • Splunk Storm • Logrythm • Download and Install • SumoLogic • Loggly • LogScape • Logrythm • LogStash • LogScape • Sawmill • LogStash • Sawmill • Splunk • Splunk • Splunk Storm • Hadoop/Flume/Pig