SlideShare a Scribd company logo

Big data ... for security

Download as PPTX, PDF
James Salter
James Salter

Invited talk presented at the Alan Turing Institute Scoping Workshop: Data Protection and Security at Scale, British Library, London, UK, 3 December 2015

Data & Analytics
1 of 13
Big data … for security James Salter Hewlett Packard Labs December 3, 2015
This is what we are dealing with... 2 6 Next generation data centres 300K+ Employees and contractors A massive IT operation 41K+ servers 440K+ PCs deployed 15K+ switches 1,500+ enterprise routers 140+ Windows Domain Controllers Infrastructure 11.5M+ Internet mails per day sent/received 150K+ mobile devices39M IP Addresses 1.2M devices 450K mailboxes managed Connectivity 2.5B security events logged per day 2K+ managed firewalls 970K+ devices scanned for vulnerabilities 450K end points protected with anti-virus Security
Security events data HPE IT operates ArcSight internally Deployment 25% larger than any other non-governmental installation by volume 1 10 100 1000 10000 100000 1000000 1 2 3 4 5 6 Eventspersecond(logarithmicscale) DNS traffic per HPE data centre: – 120,000 events/second – ~64B events/day globally Routers VPN AntiVirus Active Directory Web Proxy DNS
64 billion DNS events/day whitelist/blacklist 99% 4 640 million greylisted events
Collection is just part of the story Analytics is where the power comes from 5 Correlation Machine learning Graph analytics Anomaly detection Advanced persistent threats Data exfiltration User behaviour analysis/insider threat Endpoint visibility
Abuse case Botnet command and control Bot DNS server akaajkajkajd.cn? xisyudnwuxu.ru? dfknwerpbnp.biz? mneyqslgyb.info? cspcicicipisjjew.hu? C2 Server (mneyqslgyb.info) Attacker can’t maintain C2 server at IP address for very long. So it registers a random domain name temporarily. Bot tries a bunch of random names until it finds one that resolves.
AssetAsset Abuse case DNS tunneling (via subdomains) Bot DNS server (Compromised) DNS server (example.com) 93cc3daf.example.com4fac3215.example.coma86f4221.example.comddee9152.example.com8bd5ff12.example.comd4bb92a1.example.comef409132.example.com1bfa3207.example.com298c5b3a.example.com
Solution architecture: Overview 8 DNS server(s) DNS packet capture Whitelist network tap DNS queries and responses Blacklist Event logging Correlation and alerting Real-time processing Near-time, historical analysis DNS events: queries and replies
In use at HPE Hewlett Packard Enterprise Cyber Defense Center, Palo Alto 9
From Labs … to HPE … to Customers 10 Screenshot from HPE DNS Malware Analytics – HPE DNS Malware Analytics – Cloud-based managed or self-service analytics with on-premises capture modules
The next challenges 11 ? days ? 5 minutes 24 hours Increase the correlation time window Data exfiltration “hidden in the noise” Exfil time
The next challenges 12 Security Events DNS Outgoing ISP Packets 2.5 64 660 BillionsofEventsPerDay 0 700 350 Complete packet capture for all outgoing ISP connections
Thank you james.salter@hpe.com 13

Recommended

Security for The Machine: By Design
Security for The Machine: By DesignSecurity for The Machine: By Design
Security for The Machine: By Design
James Salter
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
Chris Sistrunk
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
guest85a34f
 
Intelligent Wireless Sensor Network based Monitoring for Process Automation
Intelligent Wireless Sensor Network based Monitoring for Process AutomationIntelligent Wireless Sensor Network based Monitoring for Process Automation
Intelligent Wireless Sensor Network based Monitoring for Process AutomationDharmik Rana
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
DBOps
DBOpsDBOps
DBOps
strikr .
 
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoTechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
Intergen
 
Motion based security alarm
Motion based security alarmMotion based security alarm
Motion based security alarm
Akshay Surve
 

Recommended

Security for The Machine: By Design
Security for The Machine: By DesignSecurity for The Machine: By Design
Security for The Machine: By Design
James Salter
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
Chris Sistrunk
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
guest85a34f
 
Intelligent Wireless Sensor Network based Monitoring for Process Automation
Intelligent Wireless Sensor Network based Monitoring for Process AutomationIntelligent Wireless Sensor Network based Monitoring for Process Automation
Intelligent Wireless Sensor Network based Monitoring for Process AutomationDharmik Rana
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
DBOps
DBOpsDBOps
DBOps
strikr .
 
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoTechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
Intergen
 
Motion based security alarm
Motion based security alarmMotion based security alarm
Motion based security alarm
Akshay Surve
 
Chapter 1 pdf
Chapter 1 pdfChapter 1 pdf
Chapter 1 pdf
ChAnushaECE
 
Software Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and ControlSoftware Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and Control
Bastian Fischer
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
Digital Bond
 
ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheet
ExtraHop Networks
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
Chris Sistrunk
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_SolutionSteve Lim
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Anton Goncharov
 
ExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Product Overview Datasheet
ExtraHop Product Overview Datasheet
ExtraHop Networks
 
Internet of things v1.2
Internet of things v1.2Internet of things v1.2
Internet of things v1.2
Nicky Eichmann
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
Chris Sistrunk
 
Federal Agencies top 10 Use Cases
Federal Agencies top 10 Use CasesFederal Agencies top 10 Use Cases
Federal Agencies top 10 Use Cases
Michael Malone
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
promediakw
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
OWASP Russia
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
Larry Vandenaweele
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
EnergySec
 
Meeting 3 network administrator tools
Meeting 3 network administrator toolsMeeting 3 network administrator tools
Meeting 3 network administrator tools
Syaiful Ahdan
 
Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision
Elasticsearch
 
Virtual Firewall Management
Virtual Firewall ManagementVirtual Firewall Management
Virtual Firewall Management
Ragavan Seetharaman
 
Big data Europe: concept, platform and pilots
Big data Europe: concept, platform and pilotsBig data Europe: concept, platform and pilots
Big data Europe: concept, platform and pilots
BigData_Europe
 
A Big Data Concept
A Big Data ConceptA Big Data Concept
A Big Data ConceptDharmesh Tank
 

More Related Content

What's hot

Chapter 1 pdf
Chapter 1 pdfChapter 1 pdf
Chapter 1 pdf
ChAnushaECE
 
Software Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and ControlSoftware Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and Control
Bastian Fischer
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
Digital Bond
 
ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheet
ExtraHop Networks
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
Chris Sistrunk
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_SolutionSteve Lim
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Anton Goncharov
 
ExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Product Overview Datasheet
ExtraHop Product Overview Datasheet
ExtraHop Networks
 
Internet of things v1.2
Internet of things v1.2Internet of things v1.2
Internet of things v1.2
Nicky Eichmann
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
Chris Sistrunk
 
Federal Agencies top 10 Use Cases
Federal Agencies top 10 Use CasesFederal Agencies top 10 Use Cases
Federal Agencies top 10 Use Cases
Michael Malone
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
promediakw
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
OWASP Russia
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
Larry Vandenaweele
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
EnergySec
 
Meeting 3 network administrator tools
Meeting 3 network administrator toolsMeeting 3 network administrator tools
Meeting 3 network administrator tools
Syaiful Ahdan
 
Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision
Elasticsearch
 
Virtual Firewall Management
Virtual Firewall ManagementVirtual Firewall Management
Virtual Firewall Management
Ragavan Seetharaman
 

What's hot (20)

Chapter 1 pdf
Chapter 1 pdfChapter 1 pdf
Chapter 1 pdf
 
Software Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and ControlSoftware Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and Control
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheet
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
 
ExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Product Overview Datasheet
ExtraHop Product Overview Datasheet
 
Internet of things v1.2
Internet of things v1.2Internet of things v1.2
Internet of things v1.2
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
 
Federal Agencies top 10 Use Cases
Federal Agencies top 10 Use CasesFederal Agencies top 10 Use Cases
Federal Agencies top 10 Use Cases
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
 
Meeting 3 network administrator tools
Meeting 3 network administrator toolsMeeting 3 network administrator tools
Meeting 3 network administrator tools
 
Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision
 
Virtual Firewall Management
Virtual Firewall ManagementVirtual Firewall Management
Virtual Firewall Management
 

Viewers also liked

Big data Europe: concept, platform and pilots
Big data Europe: concept, platform and pilotsBig data Europe: concept, platform and pilots
Big data Europe: concept, platform and pilots
BigData_Europe
 
Big Data in Cyber Security
Big Data in Cyber SecurityBig Data in Cyber Security
Big Data in Cyber Security
Napier University
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
Kapil Mehrotra
 
Computer&Internet Safety Digital Story
Computer&Internet Safety Digital StoryComputer&Internet Safety Digital Story
Computer&Internet Safety Digital StorySandra Sammarco
 
Being Smart In Cyber Space
Being Smart In Cyber SpaceBeing Smart In Cyber Space
Being Smart In Cyber Space
kirahlee
 
Malware
MalwareMalware
Malware
galaxy201
 
Digital Etiquette vhardy
Digital Etiquette vhardyDigital Etiquette vhardy
Digital Etiquette vhardy
Vanessa Hardy
 
Stay safe online
Stay safe onlineStay safe online
Stay safe online
Ljubica Ruzinska
 
Cyber Crime: Stay Safe Online
Cyber Crime: Stay Safe OnlineCyber Crime: Stay Safe Online
Cyber Crime: Stay Safe Online
Salshaza Putera
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Eftychia Chalvatzi
 
MS PPM Summit Chicago_Nov 2015
MS PPM Summit Chicago_Nov 2015MS PPM Summit Chicago_Nov 2015
MS PPM Summit Chicago_Nov 2015Ludvic Baquie
 
Hack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network DefendersHack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Life Cycle Engineering
 
SECQME Watch Over Me Deck 2014
SECQME Watch Over Me Deck 2014SECQME Watch Over Me Deck 2014
SECQME Watch Over Me Deck 2014
Khoo Shiang
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
Sophos Benelux
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010
Vicky Shah
 
Big data in healthcare
Big data in healthcareBig data in healthcare
Big data in healthcare
BYTE Project
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
Sina Manavi
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
Santhosh Kumar
 

Viewers also liked (20)

Big data Europe: concept, platform and pilots
Big data Europe: concept, platform and pilotsBig data Europe: concept, platform and pilots
Big data Europe: concept, platform and pilots
 
A Big Data Concept
A Big Data ConceptA Big Data Concept
A Big Data Concept
 
Big Data in Cyber Security
Big Data in Cyber SecurityBig Data in Cyber Security
Big Data in Cyber Security
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
 
Computer&Internet Safety Digital Story
Computer&Internet Safety Digital StoryComputer&Internet Safety Digital Story
Computer&Internet Safety Digital Story
 
Being Smart In Cyber Space
Being Smart In Cyber SpaceBeing Smart In Cyber Space
Being Smart In Cyber Space
 
Malware
MalwareMalware
Malware
 
Digital Etiquette vhardy
Digital Etiquette vhardyDigital Etiquette vhardy
Digital Etiquette vhardy
 
Stay safe online
Stay safe onlineStay safe online
Stay safe online
 
Cyber Crime: Stay Safe Online
Cyber Crime: Stay Safe OnlineCyber Crime: Stay Safe Online
Cyber Crime: Stay Safe Online
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...
 
MS PPM Summit Chicago_Nov 2015
MS PPM Summit Chicago_Nov 2015MS PPM Summit Chicago_Nov 2015
MS PPM Summit Chicago_Nov 2015
 
Mobile phone Data Hacking
Mobile phone Data HackingMobile phone Data Hacking
Mobile phone Data Hacking
 
Hack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network DefendersHack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
 
SECQME Watch Over Me Deck 2014
SECQME Watch Over Me Deck 2014SECQME Watch Over Me Deck 2014
SECQME Watch Over Me Deck 2014
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010
 
Big data in healthcare
Big data in healthcareBig data in healthcare
Big data in healthcare
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
 

Similar to Big data ... for security

Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
edwardstudyemai
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco
Splunk
 
Plugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowPlugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowNetFlow Analyzer
 
Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutionsCisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
NetworkCollaborators
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
Universitas Bina Darma Palembang
 
D3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceD3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients Performance
Imperva Incapsula
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks
 
Incident Response: SIEM
Incident Response: SIEMIncident Response: SIEM
Incident Response: SIEM
Napier University
 
SIEM
SIEMSIEM
SIEM
Napier University
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
Force 3
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Georg Knon
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
The Actifile Platform From Data discovery to data encryption in 1 click .pdf
The Actifile Platform From Data discovery to data encryption in 1 click .pdfThe Actifile Platform From Data discovery to data encryption in 1 click .pdf
The Actifile Platform From Data discovery to data encryption in 1 click .pdf
Guy Bavly
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
Novetta
 
Accelerating Cloud Services and How to Match your Workload to the Right Intel...
Accelerating Cloud Services and How to Match your Workload to the Right Intel...Accelerating Cloud Services and How to Match your Workload to the Right Intel...
Accelerating Cloud Services and How to Match your Workload to the Right Intel...
Amazon Web Services
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
Robb Boyd
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 

Similar to Big data ... for security (20)

Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
resume IT security
resume IT securityresume IT security
resume IT security
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco
 
Plugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowPlugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlow
 
Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutionsCisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
D3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceD3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients Performance
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
Incident Response: SIEM
Incident Response: SIEMIncident Response: SIEM
Incident Response: SIEM
 
SIEM
SIEMSIEM
SIEM
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
The Actifile Platform From Data discovery to data encryption in 1 click .pdf
The Actifile Platform From Data discovery to data encryption in 1 click .pdfThe Actifile Platform From Data discovery to data encryption in 1 click .pdf
The Actifile Platform From Data discovery to data encryption in 1 click .pdf
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
 
Accelerating Cloud Services and How to Match your Workload to the Right Intel...
Accelerating Cloud Services and How to Match your Workload to the Right Intel...Accelerating Cloud Services and How to Match your Workload to the Right Intel...
Accelerating Cloud Services and How to Match your Workload to the Right Intel...
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
 
Information Security
Information SecurityInformation Security
Information Security
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 

More from James Salter

The Machine - a vision for the future of computing
The Machine - a vision for the future of computingThe Machine - a vision for the future of computing
The Machine - a vision for the future of computing
James Salter
 
Accumulo: A Quick Introduction
Accumulo: A Quick IntroductionAccumulo: A Quick Introduction
Accumulo: A Quick Introduction
James Salter
 
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
James Salter
 
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer NetworksINC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
James Salter
 
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
James Salter
 
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
James Salter
 
Agents and P2P Networks
Agents and P2P NetworksAgents and P2P Networks
Agents and P2P Networks
James Salter
 
Lecture - Network Technologies: Peer-to-Peer Networks
Lecture - Network Technologies: Peer-to-Peer NetworksLecture - Network Technologies: Peer-to-Peer Networks
Lecture - Network Technologies: Peer-to-Peer Networks
James Salter
 
Lecture: Software Agents and P2P
Lecture: Software Agents and P2PLecture: Software Agents and P2P
Lecture: Software Agents and P2P
James Salter
 
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in GridsINC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
James Salter
 

More from James Salter (10)

The Machine - a vision for the future of computing
The Machine - a vision for the future of computingThe Machine - a vision for the future of computing
The Machine - a vision for the future of computing
 
Accumulo: A Quick Introduction
Accumulo: A Quick IntroductionAccumulo: A Quick Introduction
Accumulo: A Quick Introduction
 
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
 
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer NetworksINC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
 
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
 
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
 
Agents and P2P Networks
Agents and P2P NetworksAgents and P2P Networks
Agents and P2P Networks
 
Lecture - Network Technologies: Peer-to-Peer Networks
Lecture - Network Technologies: Peer-to-Peer NetworksLecture - Network Technologies: Peer-to-Peer Networks
Lecture - Network Technologies: Peer-to-Peer Networks
 
Lecture: Software Agents and P2P
Lecture: Software Agents and P2PLecture: Software Agents and P2P
Lecture: Software Agents and P2P
 
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in GridsINC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
 

Recently uploaded

Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
correoyaya
 
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
axoqas
 
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
haila53
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
jerlynmaetalle
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
Oppotus
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
Opendatabay
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
vcaxypu
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
AbhimanyuSinha9
 
Business update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMIBusiness update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMI
AlejandraGmez176757
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
ukgaet
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
MaleehaSheikh2
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单
ewymefz
 
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
vcaxypu
 
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Subhajit Sahu
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
Tiktokethiodaily
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
James Polillo
 
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Subhajit Sahu
 
Investigate & Recover / StarCompliance.io / Crypto_Crimes
Investigate & Recover / StarCompliance.io / Crypto_CrimesInvestigate & Recover / StarCompliance.io / Crypto_Crimes
Investigate & Recover / StarCompliance.io / Crypto_Crimes
StarCompliance.io
 
Sample_Global Non-invasive Prenatal Testing (NIPT) Market, 2019-2030.pdf
Sample_Global Non-invasive Prenatal Testing (NIPT) Market, 2019-2030.pdfSample_Global Non-invasive Prenatal Testing (NIPT) Market, 2019-2030.pdf
Sample_Global Non-invasive Prenatal Testing (NIPT) Market, 2019-2030.pdf
Linda486226
 

Recently uploaded (20)

Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
 
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
 
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
 
Business update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMIBusiness update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMI
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单
 
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
 
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
 
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
 
Investigate & Recover / StarCompliance.io / Crypto_Crimes
Investigate & Recover / StarCompliance.io / Crypto_CrimesInvestigate & Recover / StarCompliance.io / Crypto_Crimes
Investigate & Recover / StarCompliance.io / Crypto_Crimes
 
Sample_Global Non-invasive Prenatal Testing (NIPT) Market, 2019-2030.pdf
Sample_Global Non-invasive Prenatal Testing (NIPT) Market, 2019-2030.pdfSample_Global Non-invasive Prenatal Testing (NIPT) Market, 2019-2030.pdf
Sample_Global Non-invasive Prenatal Testing (NIPT) Market, 2019-2030.pdf
 

Big data ... for security

  • 1. Big data … for security James Salter Hewlett Packard Labs December 3, 2015
  • 2. This is what we are dealing with... 2 6 Next generation data centres 300K+ Employees and contractors A massive IT operation 41K+ servers 440K+ PCs deployed 15K+ switches 1,500+ enterprise routers 140+ Windows Domain Controllers Infrastructure 11.5M+ Internet mails per day sent/received 150K+ mobile devices39M IP Addresses 1.2M devices 450K mailboxes managed Connectivity 2.5B security events logged per day 2K+ managed firewalls 970K+ devices scanned for vulnerabilities 450K end points protected with anti-virus Security
  • 3. Security events data HPE IT operates ArcSight internally Deployment 25% larger than any other non-governmental installation by volume 1 10 100 1000 10000 100000 1000000 1 2 3 4 5 6 Eventspersecond(logarithmicscale) DNS traffic per HPE data centre: – 120,000 events/second – ~64B events/day globally Routers VPN AntiVirus Active Directory Web Proxy DNS
  • 4. 64 billion DNS events/day whitelist/blacklist 99% 4 640 million greylisted events
  • 5. Collection is just part of the story Analytics is where the power comes from 5 Correlation Machine learning Graph analytics Anomaly detection Advanced persistent threats Data exfiltration User behaviour analysis/insider threat Endpoint visibility
  • 6. Abuse case Botnet command and control Bot DNS server akaajkajkajd.cn? xisyudnwuxu.ru? dfknwerpbnp.biz? mneyqslgyb.info? cspcicicipisjjew.hu? C2 Server (mneyqslgyb.info) Attacker can’t maintain C2 server at IP address for very long. So it registers a random domain name temporarily. Bot tries a bunch of random names until it finds one that resolves.
  • 7. AssetAsset Abuse case DNS tunneling (via subdomains) Bot DNS server (Compromised) DNS server (example.com) 93cc3daf.example.com4fac3215.example.coma86f4221.example.comddee9152.example.com8bd5ff12.example.comd4bb92a1.example.comef409132.example.com1bfa3207.example.com298c5b3a.example.com
  • 8. Solution architecture: Overview 8 DNS server(s) DNS packet capture Whitelist network tap DNS queries and responses Blacklist Event logging Correlation and alerting Real-time processing Near-time, historical analysis DNS events: queries and replies
  • 9. In use at HPE Hewlett Packard Enterprise Cyber Defense Center, Palo Alto 9
  • 10. From Labs … to HPE … to Customers 10 Screenshot from HPE DNS Malware Analytics – HPE DNS Malware Analytics – Cloud-based managed or self-service analytics with on-premises capture modules
  • 11. The next challenges 11 ? days ? 5 minutes 24 hours Increase the correlation time window Data exfiltration “hidden in the noise” Exfil time
  • 12. The next challenges 12 Security Events DNS Outgoing ISP Packets 2.5 64 660 BillionsofEventsPerDay 0 700 350 Complete packet capture for all outgoing ISP connections