Big Data for Security - DNS Analytics
•Download as PPTX, PDF•
1 like•128 views
The document provides an overview of a project using big data analytics to detect security threats from DNS data. It describes collecting massive amounts of DNS logs, analyzing them to detect malware and attacks, and developing solutions to transfer the technology to HPE security products and services. Key points include analyzing over 16 billion DNS packets per day, detecting threats from compromised or botnet-controlled DNS servers, and developing DNS malware analytics as a cloud-based security solution.
Report
Share
Report
Share
Recommended
Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...
This document discusses cloud computing and related security issues. It provides background on cloud computing models and services. It discusses how cloud computing impacts enterprise security lifecycle management and control. Current trends of increasing cloud services adoption and consumerization of enterprise IT are described. Requirements for cloud computing like identity management, assurance, compliance and privacy are outlined. Initiatives to develop best practices for cloud security are also mentioned. Potential future research directions around trusted infrastructure, security analytics, economics of cloud stewardship and privacy management are proposed.
Ultralight Data Movement for IoT with SDC Edge
Edge computing and the Internet of Things bring great promise, but often just getting data from the edge requires moving mountains. Let's learn how to make edge data ingestion and analytics easier using StreamSets Data Collector edge, an ultralight, platform independent and small-footprint Open Source solution written in Go for streaming data from resource-constrained sensors and personal devices (like medical equipment or smartphones) to Apache Kafka, Amazon Kinesis and many others. This talk includes an overview of the SDC Edge main features, supported protocols and available processors for data transformation, insights on how it solves some challenges of traditional approaches to data ingestion, pipeline design basics, a walk-through some practical applications (Android devices and Raspberry Pi) and its integration with other technologies such as Streamsets Data Collector, Apache Kafka, Apache Hadoop, InfluxDB and Grafana. The goal here is to make attendees ready to quickly become IoT data intake and SDC Edge Ninjas.
Speaker
Guglielmo Iozzia, Big Data Delivery Manager, Optum (United Health)
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Recently, deep learning has delivered ground-breaking advances in many industries by delivering human-like understanding for difficult cognition problems. We will share our empirical experiences of applying deep learning to some real-world security challenges, together with leant lessons and suggestions.
1. Examples
We are going to explain our innovative User & Entity Behavior Analytics (UEBA) solution which includes 2 deep learning examples: 1. user and entity behavior anomaly detection using Convolutional Neural Network (CNN), 2. stateful user risk scoring using Long Short Term Memory (LSTM), in order to detect slow-gestating and multi-stage targeted attacks. We are also going to share several real-life use cases of successfully detecting compromised users and malicious insiders in big enterprises.
2. Infrastructure
The production data processing and analytics workflow is developed using Spark, Spark Streaming and TensorFlow. We will share the experience of managing and tuning distributed TensorFlow and Spark on a middle/small size cluster in both SAS and on-premises deployments. This includes how to manage and split resources between Spark and TensorFlow, how to split and tune workloads between parameter servers and worker servers in TensorFlow, etc.
3. Challenges and Guidance
At the end, we are going to discuss the special challenges of applying deep learning (or general ML) into security than most other consumer industries, e.g., lack of large volume of high-quality labeled data, interpretation of models, fast detection, high cost of inaccurate detections.
Human intelligence – including knowledge of both enterprise business context and security heuristics – is a very precious resource to help cover these gaps. Thus any effective security ML solution has to have well integrated human and machine intelligence.
To achieve this partnership, there are several suggestions based on our current experiences, e.g., mix of complex and simple models, reinforcement learning based on human feed, pairing probabilistic ML results with deterministic forensic data.
Operating a secure big data platform in a multi-cloud environment
The Health Cyberinfrastructure Division at the San Diego Supercomputer Center (SDSC) at the University of California, San Diego has been deploying and managing a number of big data platforms ranging from the traditional data warehouse to the more recent big data platforms leveraging Hadoop in a secure cloud platform, Sherlock Cloud, for nearly a decade. We understand the necessity to remain agile and visionary in this arena to grow with the ever-changing technological and customer requirements while simultaneously ensuring a compliant environment to secure data.
As such, during our presentation, we will speak to our more recent deployment, namely a multi-cloud, Hadoop-based data management platform and the mechanisms employed to marry best-of-breed big data technology solutions and cloud platforms to support large-scale data management and analytics within the highly secure and compliant (U.S. HIPAA-compliant) boundaries of our hybrid cloud that spans an on-premises cloud running at UC San Diego and another operating in AWS Cloud. We will further identify the challenges and lessons learned from deploying, and securely operating, a big data platform offering capabilities that include disaster recovery and business continuity across a hybrid cloud setup.
Speaker
Sandeep Chandra, Division Director, San Diego Supercomputer Center
Big Data for Security - DNS Analytics
Overview of R&D Big Data for Security project, DNS Analytics to detect known / unknown cyber threats at scale, within organisations
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
For firms in the financial industry, especially within regulated organizations such as credit card processors and banks, PCI DSS compliance has become a business and operational necessity. Although the blueprint of a PCI-compliant architecture varies from organization to organization, the mixture of modern Hadoop-based data lakes and legacy systems are a common theme.
In this talk, we will discuss recent updates to PCI DSS and how significant portions of PCI DSS compliance controls can be achieved using open source Hadoop security stack and technologies for the Hadoop ecosystem. We will provide a broad overview of implementing key aspects of PCI DSS standards at WorldPay such as encryption management, data protection with anonymization, separation of duties, and deployment considerations regarding securing the Hadoop clusters at the network layer from a practitioner’s perspective. The talk will provide patterns and practices map current Hadoop security capabilities to security controls that a PCI-compliant environment requires.
Speaker
David Walker, Enterprise Data Platform Programme Director, Worldpay
Srikanth Venkat, Senior Director Product Management, Hortonworks
Shaping a Digital Vision
Undertaking a digital journey starts with clearly articulating the success factors for the entire digital journey, and our experience from the field has shown it to be an Achilles heel for most CXOs, across Fortune 500 organizations. Our findings were corroborated when a Mckinsey study reported that only 15% of the organizations are able to calculate the ROI of a digital initiative.
In this talk we will deliberate on demonstrated examples from multi-billion dollar businesses around proven methodologies to measure the value of a digital enterprise. The panel will share experiences as well as provide actionable advice for immediate next steps around the following:
Successful metrics for measuring the value for Digital / IoT / AI/ Machine learning engagements
How can 'Digital Traction Metrics' help with actionable insights even before the Financial Metrics have been reported
What are the best in-class organizational constructs and futuristic employee engagement methods to facilitate the digital revolution
Panelists for this session include:
• Christian Bilien - Head of Global Data at Societe Generale
• Pierre Alexandre Pautrat – Head of Big Data at BPCE/Nattixis
• Ronny Fehling – VP , Airbus
• Juergen Urbanski – Silicon Valley Data Science
• Abhas Ricky - EMEA Lead, Innovation & Strategy, Hortonworks
Breaking the Silos: Storage for Analytics & AI
Data analytics, Spark, Hadoop and AI have become fundamental tools to drive digital transformation. A critical challenge is moving from isolated experiments to an organizational or enterprise production infrastructure. In this talk, we break apart the modern data analytics workflow to focus on the data challenges across different phases of the analytics and AI life cycle. By presenting a unified approach to data storage for AI and Analytics, organizations can reduce costs, modernize their data strategy and build a sustainable enterprise data lake. By anticipating how Hadoop, Spark, Tensorflow, Caffe and traditional analytics like SAS, HPC can share data, IT departments and data science practitioners can not only co-exist, but speed time to insight. We will present the tangible benefits of a Reference Architecture using real-world installations that span proprietary and open-source frameworks. Using intelligent software-defined shared storage, users are able to eliminate silos, reduce multiple data copies, and improve time to insight.PALLAVI GALGALI, Offering Manager,IBM and DOUGLAS O'FLAHERTY, Portfolio Product Manager, IBM
Recommended
Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...
This document discusses cloud computing and related security issues. It provides background on cloud computing models and services. It discusses how cloud computing impacts enterprise security lifecycle management and control. Current trends of increasing cloud services adoption and consumerization of enterprise IT are described. Requirements for cloud computing like identity management, assurance, compliance and privacy are outlined. Initiatives to develop best practices for cloud security are also mentioned. Potential future research directions around trusted infrastructure, security analytics, economics of cloud stewardship and privacy management are proposed.
Ultralight Data Movement for IoT with SDC Edge
Edge computing and the Internet of Things bring great promise, but often just getting data from the edge requires moving mountains. Let's learn how to make edge data ingestion and analytics easier using StreamSets Data Collector edge, an ultralight, platform independent and small-footprint Open Source solution written in Go for streaming data from resource-constrained sensors and personal devices (like medical equipment or smartphones) to Apache Kafka, Amazon Kinesis and many others. This talk includes an overview of the SDC Edge main features, supported protocols and available processors for data transformation, insights on how it solves some challenges of traditional approaches to data ingestion, pipeline design basics, a walk-through some practical applications (Android devices and Raspberry Pi) and its integration with other technologies such as Streamsets Data Collector, Apache Kafka, Apache Hadoop, InfluxDB and Grafana. The goal here is to make attendees ready to quickly become IoT data intake and SDC Edge Ninjas.
Speaker
Guglielmo Iozzia, Big Data Delivery Manager, Optum (United Health)
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Recently, deep learning has delivered ground-breaking advances in many industries by delivering human-like understanding for difficult cognition problems. We will share our empirical experiences of applying deep learning to some real-world security challenges, together with leant lessons and suggestions.
1. Examples
We are going to explain our innovative User & Entity Behavior Analytics (UEBA) solution which includes 2 deep learning examples: 1. user and entity behavior anomaly detection using Convolutional Neural Network (CNN), 2. stateful user risk scoring using Long Short Term Memory (LSTM), in order to detect slow-gestating and multi-stage targeted attacks. We are also going to share several real-life use cases of successfully detecting compromised users and malicious insiders in big enterprises.
2. Infrastructure
The production data processing and analytics workflow is developed using Spark, Spark Streaming and TensorFlow. We will share the experience of managing and tuning distributed TensorFlow and Spark on a middle/small size cluster in both SAS and on-premises deployments. This includes how to manage and split resources between Spark and TensorFlow, how to split and tune workloads between parameter servers and worker servers in TensorFlow, etc.
3. Challenges and Guidance
At the end, we are going to discuss the special challenges of applying deep learning (or general ML) into security than most other consumer industries, e.g., lack of large volume of high-quality labeled data, interpretation of models, fast detection, high cost of inaccurate detections.
Human intelligence – including knowledge of both enterprise business context and security heuristics – is a very precious resource to help cover these gaps. Thus any effective security ML solution has to have well integrated human and machine intelligence.
To achieve this partnership, there are several suggestions based on our current experiences, e.g., mix of complex and simple models, reinforcement learning based on human feed, pairing probabilistic ML results with deterministic forensic data.
Operating a secure big data platform in a multi-cloud environment
The Health Cyberinfrastructure Division at the San Diego Supercomputer Center (SDSC) at the University of California, San Diego has been deploying and managing a number of big data platforms ranging from the traditional data warehouse to the more recent big data platforms leveraging Hadoop in a secure cloud platform, Sherlock Cloud, for nearly a decade. We understand the necessity to remain agile and visionary in this arena to grow with the ever-changing technological and customer requirements while simultaneously ensuring a compliant environment to secure data.
As such, during our presentation, we will speak to our more recent deployment, namely a multi-cloud, Hadoop-based data management platform and the mechanisms employed to marry best-of-breed big data technology solutions and cloud platforms to support large-scale data management and analytics within the highly secure and compliant (U.S. HIPAA-compliant) boundaries of our hybrid cloud that spans an on-premises cloud running at UC San Diego and another operating in AWS Cloud. We will further identify the challenges and lessons learned from deploying, and securely operating, a big data platform offering capabilities that include disaster recovery and business continuity across a hybrid cloud setup.
Speaker
Sandeep Chandra, Division Director, San Diego Supercomputer Center
Big Data for Security - DNS Analytics
Overview of R&D Big Data for Security project, DNS Analytics to detect known / unknown cyber threats at scale, within organisations
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
For firms in the financial industry, especially within regulated organizations such as credit card processors and banks, PCI DSS compliance has become a business and operational necessity. Although the blueprint of a PCI-compliant architecture varies from organization to organization, the mixture of modern Hadoop-based data lakes and legacy systems are a common theme.
In this talk, we will discuss recent updates to PCI DSS and how significant portions of PCI DSS compliance controls can be achieved using open source Hadoop security stack and technologies for the Hadoop ecosystem. We will provide a broad overview of implementing key aspects of PCI DSS standards at WorldPay such as encryption management, data protection with anonymization, separation of duties, and deployment considerations regarding securing the Hadoop clusters at the network layer from a practitioner’s perspective. The talk will provide patterns and practices map current Hadoop security capabilities to security controls that a PCI-compliant environment requires.
Speaker
David Walker, Enterprise Data Platform Programme Director, Worldpay
Srikanth Venkat, Senior Director Product Management, Hortonworks
Shaping a Digital Vision
Undertaking a digital journey starts with clearly articulating the success factors for the entire digital journey, and our experience from the field has shown it to be an Achilles heel for most CXOs, across Fortune 500 organizations. Our findings were corroborated when a Mckinsey study reported that only 15% of the organizations are able to calculate the ROI of a digital initiative.
In this talk we will deliberate on demonstrated examples from multi-billion dollar businesses around proven methodologies to measure the value of a digital enterprise. The panel will share experiences as well as provide actionable advice for immediate next steps around the following:
Successful metrics for measuring the value for Digital / IoT / AI/ Machine learning engagements
How can 'Digital Traction Metrics' help with actionable insights even before the Financial Metrics have been reported
What are the best in-class organizational constructs and futuristic employee engagement methods to facilitate the digital revolution
Panelists for this session include:
• Christian Bilien - Head of Global Data at Societe Generale
• Pierre Alexandre Pautrat – Head of Big Data at BPCE/Nattixis
• Ronny Fehling – VP , Airbus
• Juergen Urbanski – Silicon Valley Data Science
• Abhas Ricky - EMEA Lead, Innovation & Strategy, Hortonworks
Breaking the Silos: Storage for Analytics & AI
Data analytics, Spark, Hadoop and AI have become fundamental tools to drive digital transformation. A critical challenge is moving from isolated experiments to an organizational or enterprise production infrastructure. In this talk, we break apart the modern data analytics workflow to focus on the data challenges across different phases of the analytics and AI life cycle. By presenting a unified approach to data storage for AI and Analytics, organizations can reduce costs, modernize their data strategy and build a sustainable enterprise data lake. By anticipating how Hadoop, Spark, Tensorflow, Caffe and traditional analytics like SAS, HPC can share data, IT departments and data science practitioners can not only co-exist, but speed time to insight. We will present the tangible benefits of a Reference Architecture using real-world installations that span proprietary and open-source frameworks. Using intelligent software-defined shared storage, users are able to eliminate silos, reduce multiple data copies, and improve time to insight.PALLAVI GALGALI, Offering Manager,IBM and DOUGLAS O'FLAHERTY, Portfolio Product Manager, IBM
Big Data (security Issue)
This document outlines security issues associated with big data in cloud computing. It begins with introductions to big data, cloud computing, and Hadoop. It describes how big data is related to cloud computing and discusses advantages and applications of big data. The document then discusses security issues at the network, authentication, and data levels. It proposes several approaches to address these security issues, such as file encryption, network encryption, and access control. Finally, it discusses conclusions and opportunities for future work.
Continuous Data Ingestion pipeline for the Enterprise
Continuous Data ingestion platform built on NIFI and Spark that integrates variety of data sources including real-time events, data from external sources , structured and unstructured data with in-flight governance providing a real-time pipeline moving data from source to consumption in minutes. The next-gen data pipeline has helped eliminate the legacy batch latency and improve data quality and governance by designing custom NIFI processors and embedded Spark code. To meet the stringent regulatory requirements the data pipeline is being augmented with features to do in-flight ETL , DQ checks that enables a continuous workflow enhancing the Raw / unclassified data to Enriched / classified data available for consumption by users and production processes.
How big data and AI saved the day: critical IP almost walked out the door
Cybersecurity threats have evolved beyond what traditional SIEMs and firewalls can detect. We present case studies highlighting how:
•An advanced manufacturer was able to identify new insider threats, enabling them to protect their IP
•A media company’s security operations center was able to verify they weren’t the source of a high-profile media leak.
The common thread across these real-world case studies is how businesses can expand their threat analysis using security analytics powered by artificial intelligence in a big data environment.
Cybersecurity threats increasingly require the aggregation and analysis of multiple data sources. Siloed tools and technologies serve their purpose, but can’t be applied to look across the ever-growing variety and volume of traffic. Big data technologies are a proven solution to aggregating and analysing data across enormous volumes and varieties of data in a scalable way. However, as security professionals well know, more data doesn’t mean more leads or detection. In fact, all too often more data means slower threat hunting and more missed incidents. The solution is to leverage advanced analytical methods like machine learning.
Machine learning is a powerful mathematical approach that can learn patterns in data to identify relevant areas to focus. By applying these methods, we can automatically learn baseline activity and detect deviations across all data sources to flag high-risk entities that behave differently from their peers or past activity. ROY WILDS, Principal Data Scientist, Interset
Threat Detection and Response at Scale with Dominique Brezinski
Security monitoring and threat response has diverse processing demands on large volumes of log and telemetry data. Processing requirements span from low-latency stream processing to interactive queries over months of data. To make things more challenging, we must keep the data accessible for a retention window measured in years. Having tackled this problem before in a massive-scale environment using Apache Spark, when it came time to do it again, there were a few things I knew worked and a few wrongs I wanted to right.
We approached Databricks with a set of challenges to collaborate on: provide a stable and optimized platform for Unified Analytics that allows our team to focus on value delivery using streaming, SQL, graph, and ML; leverage decoupled storage and compute while delivering high performance over a broad set of workloads; use S3 notifications instead of list operations; remove Hive Metastore from the write path; and approach indexed response times for our more common search cases, without hard-to-scale index maintenance, over our entire retention window. This is about the fruit of that collaboration.
Security Framework for Multitenant Architecture
In the healthcare sector, data security, governance, and quality are crucial for maintaining patient privacy and ensuring the highest standards of care. At Florida Blue, the leading health insurer of Florida serving over five million members, there is a multifaceted network of care providers, business users, sales agents, and other divisions relying on the same datasets to derive critical information for multiple applications across the enterprise. However, maintaining consistent data governance and security for protected health information and other extended data attributes has always been a complex challenge that did not easily accommodate the wide range of needs for Florida Blue’s many business units. Using Apache Ranger, we developed a federated Identity & Access Management (IAM) approach that allows each tenant to have their own IAM mechanism. All user groups and roles are propagated across the federation in order to determine users’ data entitlement and access authorization; this applies to all stages of the system, from the broadest tenant levels down to specific data rows and columns. We also enabled audit attributes to ensure data quality by documenting data sources, reasons for data collection, date and time of data collection, and more. In this discussion, we will outline our implementation approach, review the results, and highlight our “lessons learned.”
IT_RFO10-14-ITS_AppendixA_20100513
This document presents a high-level data warehouse, business intelligence, and reporting strategy for CDCR. It defines key terms, lists references and sources of information, and scopes the project. The strategy will define a lifecycle for a DW implementation, leverage industry best practices, and align with CDCR's existing systems and strategic needs over three phases. It seeks to improve data quality, governance, and performance metrics for decision making.
3 guiding priciples to improve data security
This document discusses the need for organizations to adopt a holistic approach to data security and compliance. It outlines three guiding principles: 1) Understand and define where sensitive data resides across the enterprise. 2) Secure and protect enterprise databases and monitor and audit data access. 3) Continuously monitor systems to demonstrate compliance to auditors. The document argues that a systematic, proactive approach is needed to address the growing threats to data security from sophisticated hackers, increased regulations, and the explosion of data sources and types in today's complex IT environments.
Multi-tenant Hadoop - the challenge of maintaining high SLAS
In shared configuration, the same Hadoop environment supports many applications. Each has
specific requirements and criticality (SLA). Yet they all rely on an assembly of shared application
bricks.
At the same time, the life cycle of a cluster is not static in time. It evolves horizontally, with the
arrival of new applications, but also vertically, as the applications grow in load or evolve in
terms of functionality.
With this in mind, a multi-tenant production cluster presents several challenges including and
not limited to:
- Maintain a high level of SLA for a set of use cases with heterogeneous needs
- Plan and implement the architecture evolution of a cluster in production to ensure the
maintenance of SLA throughout the integration of new use cases on it
EDF will present how it manages this heterogeneity of SLA inherent of any Big Data cluster. EDF
is focusing on how it is renovating its cluster, its organization, its processes and its approach in
order to deliver a platform with strong SLA throughout its life cycle.
Speaker
Edouard Rousseaux, Tech Lead, EDF
Lessons learned from over 25 Data Virtualization implementations
Watch full webinar here: https://bit.ly/327fzQ0
If you have been part of the Denodo community for a while, you likely have heard of SimplicityBI (now part of the BDO family). This expert firm located in Canada has done over 25 implementations of Denodo across North America in over 10 different industries.
Security and Audit for Big Data
The value of the fast growing class of big data technologies is the ability to handle high velocity and volumes of data. However, a lack of robust security and auditing capabilities are holding organizations back from fully using the potential of these systems. Learn how you can use Big Data technologies to help you meet this compliance and data protection challenge head on so you can return to innovating for competitive advantage.
Using InfoSphere Guardium and BigInsights, we'll show you how you can meet your Hadoop security, compliance and audit requirements.
Secure Your Data with Virtual Data Fabric (ASEAN)
Watch full webinar here: https://bit.ly/3kT6HEN
Security, data privacy, and data protection represent concerns for organizations that must comply with policies and regulations that can vary across regions, data assets, and personas.
Data Virtualization offers a single logical point of access, avoiding point-to-point connections from consuming applications to the information sources. As a single point of data access for applications, it is the ideal place to enforce access security restrictions that can be defined in terms of the canonical model with a very fine granularity.
Denodo has been successfully deployed in many organizations worldwide with strict security requirements. Those organizations benefit from Denodo's capabilities to customize security policies in the data abstraction layer, centralize security when data is spread across multiple systems residing both on-premises and in the cloud, or control and audit data access across different regions.
Watch this on-demand session to:
- Build enterprise-wide data access role model
- Apply Dynamic Masking on your data on the fly
- Use sophisticated masking algorithms to manage your non-production data sets
Open Source Data Management for Industry 4.0
Continuously improving factory operations is of critical importance to manufacturers. Consider the facts: the total cost of poor quality amounts to a staggering 20% of sales (American Society of Quality), and unplanned downtime costs plants approximately $50 billion per year (Deloitte).
The most pressing questions are: which process variables effect quality and yield and which process variables predict equipment failure? Getting to those answers is providing forward thinking manufacturers a leg up over competitors.
The speakers address the data management challenges facing today's manufacturers, including proprietary systems and siloed data sources, as well as an inability to make sensor-based data usable.
Integrating enterprise data from ERP, MES, maintenance systems, and other sources with real-time operations data from sensors, PLCs, SCADA systems, and historians represents a major first step. But how to get started? What is the value of a data lake? How are AI/ML being applied to enable real time action?
Join us for this educational session, which includes a view into a roadmap for an open source industrial IoT data management platform.
Key Takeaways:
• Understand key use cases commonly undertaken by manufacturing enterprises
• Understand the value of using multivariate manufacturing data sources, as opposed to a single sensor on a piece of equipment
• Understand advances in big data management and streaming analytics that are paving the way to next-generation factory performance
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Cloud, Cost, Complexity, and threat Coverage are top of mind for every security leader. The Lakehouse architecture has emerged in recent years to help address these concerns with a single unified architecture for all your threat data, analytics and AI in the cloud. In this talk, we will show how Lakehouse is essential for effective Cybersecurity and popular security use-cases. We will also share how Databricks empowers the security data scientist and analyst of the future and how this technology allows cyber data sets to be used to solve business problems.
Practical advice to build a data driven company
1) The document provides practical advice for building a data-driven company, including making data easily accessible, ensuring business awareness of opportunities to use algorithms, and having data science projects with the lowest time to market.
2) It emphasizes focusing on usability over architecture when building a data lake, and having feature teams to deliver code ready for production through a message broker that allows for reuse of data flows.
3) The document advises businesses to be aware of algorithm opportunities, mixing business and data science teams for collaboration, and spending time together through activities like pair programming.
Hybrid Cloud Strategy for Big Data and Analytics
Digital transformations require a new hybrid cloud—one that’s open by design, and frees clients to choose and change environments, data and services as needed. This approach allows cloud apps and services to be rapidly composed using the best relevant data and insights available, while maintaining clear visibility, control and security—everywhere. How do you decide where to put data on a hybrid cloud and how to use it? What’s the best hybrid cloud strategy in terms of data and workload? How should you leverage a 50/50 rule or a 80/20 rule and user interaction to evaluate which data/workload to move to the cloud and which data/workload to keep on-premise? Hybrid cloud provides an open platform for innovation, including cognitive computing. Organizations are looking for taking shadow IT out of the shadows by providing a self-service way to the information and a hybrid cloud strategy is allowing that. Also, how to use hybrid cloud for better manage data sovereignty & compliance?
Big Data at Geisinger Health System: Big Wins in a Short Time
Geisinger Health System is well known in the healthcare community as a pioneer in data and analytics. We have had an Electronic Health Record (EHR) since 1996, and an Electronic Data Warehouse (EDW) since 2008. Much of daily and weekly operational reporting, as well as an abundance of ad hoc analytics, come from the EDW.
Approximately 18 months ago, the Data Management team implemented Hadoop in the Hortonworks Data Platform (HDP), and successes in implementation and development have proven to the organization that we should abandon the traditional EDW in favor of the Big Data (HDP) platform.
In less than 18 months, we stood up the platform, created a data ingestion pipeline, duplicated all source feeds from the EDW into HDP, and had several analytics developed with HDP and Tableau. Furthermore, we have exploited the new capabilities of the platform, where we use Natural Language Processing (NLP) to interrogate valuable (but previously hidden) clinical notes. The new platform has data that is modeled and governed, setting the stage to push Geisinger Health System from a pioneer to a leader in Big Data and Analytics.
This session will focus on Hortonworks Data Platform, covering data architecture, security, data process flow, and development. It is geared toward Data Architects, Data Scientists, and Operations/I.T. audiences.
Ciso round table on effective implementation of dlp & data security
The document discusses an effective implementation of data loss prevention (DLP) and data security. It covers key factors like the evolving threat landscape, business drivers for DLP, common challenges, and approaches to solve data security issues. An effective methodology is proposed, including identifying critical data and channels, deploying suitable policies, monitoring incidents, and establishing governance through continuous review and improvement. Critical success factors include business involvement, a phased implementation approach, and repeating the plan-do-check-act cycle periodically. The expected project outcomes are protection of critical channels, improved data tracking and awareness, and happier customers and auditors.
Verizon: Finance Data Lake implementation as a Self Service Discovery Big Dat...
Finance Data Lake objective is to create a centralized enterprise data repository for all Finance and Supply Chain data. It serves as the single source of truth. It enables a self-service discovery Analytics platform for business users to answer adhoc business questions and derive critical insights. The data lake is based on open source Hadoop big data platform and a very cost effective solution in breaking the ERP data silos and simplifying the data architecture in the enterprise.
POCs were conducted on in-house Hortonworks Hadoop data platform to validate the cluster performance for Production volumes. Based on business priorities, an initial roadmap was defined using 3 data sources including 2 SAP ERPs and Peoplesoft (OLTP systems). Development environment was established in AWS Cloud for agile delivery. The near real time data ingestion architecture for the data lake was defined using replication tools and custom SQOOP based micro-batching framework and data persisted in Apache Hive DB in ORC format. Data and user security is implemented using Apache Ranger and sensitive data stored at rest in encryption zones. Business data sets were developed in Hive scripts and scheduled using Oozie. Multiple reporting tools connectivity including SQL tools, Excel and Tableau were enabled for Self-service Analytics. Upon successful implementation of the initial phase, a full roadmap is established to extend the Finance data lake to over 25 data sources and enhance data ingestion to scale as well as enable OLAP tools on Hadoop.
Analyst Keynote: Delivering Faster Insights with a Logical Data Fabric in a H...
This document discusses the growing trend of organizations adopting hybrid cloud data architectures and strategies. Some key points:
- Many organizations are moving analytics workloads and data to the cloud while still maintaining some data and systems on-premises, resulting in hybrid environments.
- A logical data fabric with data virtualization at its core can help organizations address challenges of hybrid cloud architectures like integrating data across environments and platforms, automating tasks, and improving analytics performance.
- Capabilities like data discovery, analyzing both data at rest and in motion, and cataloging all data assets are important for a logical data fabric in hybrid cloud environments.
Journey to the Data Lake: How Progressive Paved a Faster, Smoother Path to In...
Progressive Insurance is well known for its innovative use of data to better serve its customers, and the important role that Hortonworks Data Platform has played in that transformation. However, as with most things worth doing, the path to the Data Lake was not without its challenges. In this session, I’ll share our top use cases for Hadoop – including telematics and display ads, how a skills shortage turned supporting these applications into a nightmare, and how – and why – we now use Syncsort DMX-h to accelerate enterprise adoption by making it quick and easy (or faster and easier) to populate the data lake – and keep it up to date – with data from across the enterprise. I’ll discuss the different approaches we tried, the benefits of using a tool vs. open source, and how we created our Hadoop Ingestor app using Syncsort DMX-h.
McAfee - Enterprise Security Manager (ESM) - SIEM
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- McAfee Security Operations Overview
- Security Operations Challenges
- ESM Overview
- ESM Components
- ESM Architecture
- ESM Architecture - Large Customer Sample
- ESM Integrations
- ESM Use Cases - Sample
- ESM Incident Scenario - Sample
- ESM - Security Operations
Please note all the information is based prior to Jan 2020.
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
APNIC Senior Network Analyst/Technical Trainer Warren Finch presents on packet analysis for network security at the MMIX Peering Forum and MMNOG 2020 in Yangon, Myanmar, from 13 to 17 January 2020.
More Related Content
What's hot
Big Data (security Issue)
This document outlines security issues associated with big data in cloud computing. It begins with introductions to big data, cloud computing, and Hadoop. It describes how big data is related to cloud computing and discusses advantages and applications of big data. The document then discusses security issues at the network, authentication, and data levels. It proposes several approaches to address these security issues, such as file encryption, network encryption, and access control. Finally, it discusses conclusions and opportunities for future work.
Continuous Data Ingestion pipeline for the Enterprise
Continuous Data ingestion platform built on NIFI and Spark that integrates variety of data sources including real-time events, data from external sources , structured and unstructured data with in-flight governance providing a real-time pipeline moving data from source to consumption in minutes. The next-gen data pipeline has helped eliminate the legacy batch latency and improve data quality and governance by designing custom NIFI processors and embedded Spark code. To meet the stringent regulatory requirements the data pipeline is being augmented with features to do in-flight ETL , DQ checks that enables a continuous workflow enhancing the Raw / unclassified data to Enriched / classified data available for consumption by users and production processes.
How big data and AI saved the day: critical IP almost walked out the door
Cybersecurity threats have evolved beyond what traditional SIEMs and firewalls can detect. We present case studies highlighting how:
•An advanced manufacturer was able to identify new insider threats, enabling them to protect their IP
•A media company’s security operations center was able to verify they weren’t the source of a high-profile media leak.
The common thread across these real-world case studies is how businesses can expand their threat analysis using security analytics powered by artificial intelligence in a big data environment.
Cybersecurity threats increasingly require the aggregation and analysis of multiple data sources. Siloed tools and technologies serve their purpose, but can’t be applied to look across the ever-growing variety and volume of traffic. Big data technologies are a proven solution to aggregating and analysing data across enormous volumes and varieties of data in a scalable way. However, as security professionals well know, more data doesn’t mean more leads or detection. In fact, all too often more data means slower threat hunting and more missed incidents. The solution is to leverage advanced analytical methods like machine learning.
Machine learning is a powerful mathematical approach that can learn patterns in data to identify relevant areas to focus. By applying these methods, we can automatically learn baseline activity and detect deviations across all data sources to flag high-risk entities that behave differently from their peers or past activity. ROY WILDS, Principal Data Scientist, Interset
Threat Detection and Response at Scale with Dominique Brezinski
Security monitoring and threat response has diverse processing demands on large volumes of log and telemetry data. Processing requirements span from low-latency stream processing to interactive queries over months of data. To make things more challenging, we must keep the data accessible for a retention window measured in years. Having tackled this problem before in a massive-scale environment using Apache Spark, when it came time to do it again, there were a few things I knew worked and a few wrongs I wanted to right.
We approached Databricks with a set of challenges to collaborate on: provide a stable and optimized platform for Unified Analytics that allows our team to focus on value delivery using streaming, SQL, graph, and ML; leverage decoupled storage and compute while delivering high performance over a broad set of workloads; use S3 notifications instead of list operations; remove Hive Metastore from the write path; and approach indexed response times for our more common search cases, without hard-to-scale index maintenance, over our entire retention window. This is about the fruit of that collaboration.
Security Framework for Multitenant Architecture
In the healthcare sector, data security, governance, and quality are crucial for maintaining patient privacy and ensuring the highest standards of care. At Florida Blue, the leading health insurer of Florida serving over five million members, there is a multifaceted network of care providers, business users, sales agents, and other divisions relying on the same datasets to derive critical information for multiple applications across the enterprise. However, maintaining consistent data governance and security for protected health information and other extended data attributes has always been a complex challenge that did not easily accommodate the wide range of needs for Florida Blue’s many business units. Using Apache Ranger, we developed a federated Identity & Access Management (IAM) approach that allows each tenant to have their own IAM mechanism. All user groups and roles are propagated across the federation in order to determine users’ data entitlement and access authorization; this applies to all stages of the system, from the broadest tenant levels down to specific data rows and columns. We also enabled audit attributes to ensure data quality by documenting data sources, reasons for data collection, date and time of data collection, and more. In this discussion, we will outline our implementation approach, review the results, and highlight our “lessons learned.”
IT_RFO10-14-ITS_AppendixA_20100513
This document presents a high-level data warehouse, business intelligence, and reporting strategy for CDCR. It defines key terms, lists references and sources of information, and scopes the project. The strategy will define a lifecycle for a DW implementation, leverage industry best practices, and align with CDCR's existing systems and strategic needs over three phases. It seeks to improve data quality, governance, and performance metrics for decision making.
3 guiding priciples to improve data security
This document discusses the need for organizations to adopt a holistic approach to data security and compliance. It outlines three guiding principles: 1) Understand and define where sensitive data resides across the enterprise. 2) Secure and protect enterprise databases and monitor and audit data access. 3) Continuously monitor systems to demonstrate compliance to auditors. The document argues that a systematic, proactive approach is needed to address the growing threats to data security from sophisticated hackers, increased regulations, and the explosion of data sources and types in today's complex IT environments.
Multi-tenant Hadoop - the challenge of maintaining high SLAS
In shared configuration, the same Hadoop environment supports many applications. Each has
specific requirements and criticality (SLA). Yet they all rely on an assembly of shared application
bricks.
At the same time, the life cycle of a cluster is not static in time. It evolves horizontally, with the
arrival of new applications, but also vertically, as the applications grow in load or evolve in
terms of functionality.
With this in mind, a multi-tenant production cluster presents several challenges including and
not limited to:
- Maintain a high level of SLA for a set of use cases with heterogeneous needs
- Plan and implement the architecture evolution of a cluster in production to ensure the
maintenance of SLA throughout the integration of new use cases on it
EDF will present how it manages this heterogeneity of SLA inherent of any Big Data cluster. EDF
is focusing on how it is renovating its cluster, its organization, its processes and its approach in
order to deliver a platform with strong SLA throughout its life cycle.
Speaker
Edouard Rousseaux, Tech Lead, EDF
Lessons learned from over 25 Data Virtualization implementations
Watch full webinar here: https://bit.ly/327fzQ0
If you have been part of the Denodo community for a while, you likely have heard of SimplicityBI (now part of the BDO family). This expert firm located in Canada has done over 25 implementations of Denodo across North America in over 10 different industries.
Security and Audit for Big Data
The value of the fast growing class of big data technologies is the ability to handle high velocity and volumes of data. However, a lack of robust security and auditing capabilities are holding organizations back from fully using the potential of these systems. Learn how you can use Big Data technologies to help you meet this compliance and data protection challenge head on so you can return to innovating for competitive advantage.
Using InfoSphere Guardium and BigInsights, we'll show you how you can meet your Hadoop security, compliance and audit requirements.
Secure Your Data with Virtual Data Fabric (ASEAN)
Watch full webinar here: https://bit.ly/3kT6HEN
Security, data privacy, and data protection represent concerns for organizations that must comply with policies and regulations that can vary across regions, data assets, and personas.
Data Virtualization offers a single logical point of access, avoiding point-to-point connections from consuming applications to the information sources. As a single point of data access for applications, it is the ideal place to enforce access security restrictions that can be defined in terms of the canonical model with a very fine granularity.
Denodo has been successfully deployed in many organizations worldwide with strict security requirements. Those organizations benefit from Denodo's capabilities to customize security policies in the data abstraction layer, centralize security when data is spread across multiple systems residing both on-premises and in the cloud, or control and audit data access across different regions.
Watch this on-demand session to:
- Build enterprise-wide data access role model
- Apply Dynamic Masking on your data on the fly
- Use sophisticated masking algorithms to manage your non-production data sets
Open Source Data Management for Industry 4.0
Continuously improving factory operations is of critical importance to manufacturers. Consider the facts: the total cost of poor quality amounts to a staggering 20% of sales (American Society of Quality), and unplanned downtime costs plants approximately $50 billion per year (Deloitte).
The most pressing questions are: which process variables effect quality and yield and which process variables predict equipment failure? Getting to those answers is providing forward thinking manufacturers a leg up over competitors.
The speakers address the data management challenges facing today's manufacturers, including proprietary systems and siloed data sources, as well as an inability to make sensor-based data usable.
Integrating enterprise data from ERP, MES, maintenance systems, and other sources with real-time operations data from sensors, PLCs, SCADA systems, and historians represents a major first step. But how to get started? What is the value of a data lake? How are AI/ML being applied to enable real time action?
Join us for this educational session, which includes a view into a roadmap for an open source industrial IoT data management platform.
Key Takeaways:
• Understand key use cases commonly undertaken by manufacturing enterprises
• Understand the value of using multivariate manufacturing data sources, as opposed to a single sensor on a piece of equipment
• Understand advances in big data management and streaming analytics that are paving the way to next-generation factory performance
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Cloud, Cost, Complexity, and threat Coverage are top of mind for every security leader. The Lakehouse architecture has emerged in recent years to help address these concerns with a single unified architecture for all your threat data, analytics and AI in the cloud. In this talk, we will show how Lakehouse is essential for effective Cybersecurity and popular security use-cases. We will also share how Databricks empowers the security data scientist and analyst of the future and how this technology allows cyber data sets to be used to solve business problems.
Practical advice to build a data driven company
1) The document provides practical advice for building a data-driven company, including making data easily accessible, ensuring business awareness of opportunities to use algorithms, and having data science projects with the lowest time to market.
2) It emphasizes focusing on usability over architecture when building a data lake, and having feature teams to deliver code ready for production through a message broker that allows for reuse of data flows.
3) The document advises businesses to be aware of algorithm opportunities, mixing business and data science teams for collaboration, and spending time together through activities like pair programming.
Hybrid Cloud Strategy for Big Data and Analytics
Digital transformations require a new hybrid cloud—one that’s open by design, and frees clients to choose and change environments, data and services as needed. This approach allows cloud apps and services to be rapidly composed using the best relevant data and insights available, while maintaining clear visibility, control and security—everywhere. How do you decide where to put data on a hybrid cloud and how to use it? What’s the best hybrid cloud strategy in terms of data and workload? How should you leverage a 50/50 rule or a 80/20 rule and user interaction to evaluate which data/workload to move to the cloud and which data/workload to keep on-premise? Hybrid cloud provides an open platform for innovation, including cognitive computing. Organizations are looking for taking shadow IT out of the shadows by providing a self-service way to the information and a hybrid cloud strategy is allowing that. Also, how to use hybrid cloud for better manage data sovereignty & compliance?
Big Data at Geisinger Health System: Big Wins in a Short Time
Geisinger Health System is well known in the healthcare community as a pioneer in data and analytics. We have had an Electronic Health Record (EHR) since 1996, and an Electronic Data Warehouse (EDW) since 2008. Much of daily and weekly operational reporting, as well as an abundance of ad hoc analytics, come from the EDW.
Approximately 18 months ago, the Data Management team implemented Hadoop in the Hortonworks Data Platform (HDP), and successes in implementation and development have proven to the organization that we should abandon the traditional EDW in favor of the Big Data (HDP) platform.
In less than 18 months, we stood up the platform, created a data ingestion pipeline, duplicated all source feeds from the EDW into HDP, and had several analytics developed with HDP and Tableau. Furthermore, we have exploited the new capabilities of the platform, where we use Natural Language Processing (NLP) to interrogate valuable (but previously hidden) clinical notes. The new platform has data that is modeled and governed, setting the stage to push Geisinger Health System from a pioneer to a leader in Big Data and Analytics.
This session will focus on Hortonworks Data Platform, covering data architecture, security, data process flow, and development. It is geared toward Data Architects, Data Scientists, and Operations/I.T. audiences.
Ciso round table on effective implementation of dlp & data security
The document discusses an effective implementation of data loss prevention (DLP) and data security. It covers key factors like the evolving threat landscape, business drivers for DLP, common challenges, and approaches to solve data security issues. An effective methodology is proposed, including identifying critical data and channels, deploying suitable policies, monitoring incidents, and establishing governance through continuous review and improvement. Critical success factors include business involvement, a phased implementation approach, and repeating the plan-do-check-act cycle periodically. The expected project outcomes are protection of critical channels, improved data tracking and awareness, and happier customers and auditors.
Verizon: Finance Data Lake implementation as a Self Service Discovery Big Dat...
Finance Data Lake objective is to create a centralized enterprise data repository for all Finance and Supply Chain data. It serves as the single source of truth. It enables a self-service discovery Analytics platform for business users to answer adhoc business questions and derive critical insights. The data lake is based on open source Hadoop big data platform and a very cost effective solution in breaking the ERP data silos and simplifying the data architecture in the enterprise.
POCs were conducted on in-house Hortonworks Hadoop data platform to validate the cluster performance for Production volumes. Based on business priorities, an initial roadmap was defined using 3 data sources including 2 SAP ERPs and Peoplesoft (OLTP systems). Development environment was established in AWS Cloud for agile delivery. The near real time data ingestion architecture for the data lake was defined using replication tools and custom SQOOP based micro-batching framework and data persisted in Apache Hive DB in ORC format. Data and user security is implemented using Apache Ranger and sensitive data stored at rest in encryption zones. Business data sets were developed in Hive scripts and scheduled using Oozie. Multiple reporting tools connectivity including SQL tools, Excel and Tableau were enabled for Self-service Analytics. Upon successful implementation of the initial phase, a full roadmap is established to extend the Finance data lake to over 25 data sources and enhance data ingestion to scale as well as enable OLAP tools on Hadoop.
Analyst Keynote: Delivering Faster Insights with a Logical Data Fabric in a H...
This document discusses the growing trend of organizations adopting hybrid cloud data architectures and strategies. Some key points:
- Many organizations are moving analytics workloads and data to the cloud while still maintaining some data and systems on-premises, resulting in hybrid environments.
- A logical data fabric with data virtualization at its core can help organizations address challenges of hybrid cloud architectures like integrating data across environments and platforms, automating tasks, and improving analytics performance.
- Capabilities like data discovery, analyzing both data at rest and in motion, and cataloging all data assets are important for a logical data fabric in hybrid cloud environments.
Journey to the Data Lake: How Progressive Paved a Faster, Smoother Path to In...
Progressive Insurance is well known for its innovative use of data to better serve its customers, and the important role that Hortonworks Data Platform has played in that transformation. However, as with most things worth doing, the path to the Data Lake was not without its challenges. In this session, I’ll share our top use cases for Hadoop – including telematics and display ads, how a skills shortage turned supporting these applications into a nightmare, and how – and why – we now use Syncsort DMX-h to accelerate enterprise adoption by making it quick and easy (or faster and easier) to populate the data lake – and keep it up to date – with data from across the enterprise. I’ll discuss the different approaches we tried, the benefits of using a tool vs. open source, and how we created our Hadoop Ingestor app using Syncsort DMX-h.
What's hot (20)
Continuous Data Ingestion pipeline for the Enterprise
Continuous Data Ingestion pipeline for the Enterprise
How big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the door
Threat Detection and Response at Scale with Dominique Brezinski
Threat Detection and Response at Scale with Dominique Brezinski
Multi-tenant Hadoop - the challenge of maintaining high SLAS
Multi-tenant Hadoop - the challenge of maintaining high SLAS
Lessons learned from over 25 Data Virtualization implementations
Lessons learned from over 25 Data Virtualization implementations
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Big Data at Geisinger Health System: Big Wins in a Short Time
Big Data at Geisinger Health System: Big Wins in a Short Time
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Verizon: Finance Data Lake implementation as a Self Service Discovery Big Dat...
Verizon: Finance Data Lake implementation as a Self Service Discovery Big Dat...
Analyst Keynote: Delivering Faster Insights with a Logical Data Fabric in a H...
Analyst Keynote: Delivering Faster Insights with a Logical Data Fabric in a H...
Journey to the Data Lake: How Progressive Paved a Faster, Smoother Path to In...
Journey to the Data Lake: How Progressive Paved a Faster, Smoother Path to In...
Similar to Big Data for Security - DNS Analytics
McAfee - Enterprise Security Manager (ESM) - SIEM
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- McAfee Security Operations Overview
- Security Operations Challenges
- ESM Overview
- ESM Components
- ESM Architecture
- ESM Architecture - Large Customer Sample
- ESM Integrations
- ESM Use Cases - Sample
- ESM Incident Scenario - Sample
- ESM - Security Operations
Please note all the information is based prior to Jan 2020.
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
APNIC Senior Network Analyst/Technical Trainer Warren Finch presents on packet analysis for network security at the MMIX Peering Forum and MMNOG 2020 in Yangon, Myanmar, from 13 to 17 January 2020.
Novetta Cyber Analytics
Despite billions spent on enterprise cyber security, breaches from advanced attacks, costing millions, are occurring on a daily basis.
Our Solution: Complete Near Real-time Network Security Visibility and Awareness: If security analysts could see everything occurring on their network in real-time, breaches would occur but there would never be catastrophic damage – breach reaction would be almost instantaneous. Novetta Cyber Analytics is a linchpin enterprise security solution that enables security analysts, for the first time, to see a complete, near real-time, uncorrupted picture of their entire network. Security analysts then ask and receive answers to subtle questions – at the speed of thought – to enable detection, triage and response to breaches as they occur.
The Benefits: Increase events-responded-to an estimated 30X over.
Substantially reduce or eliminate damage from breaches.
Create a dramatically more effective and efficient security team.
Maximize current security infrastructure investment.
Be far more confident that your network is actually secure.
OUR DIFFERENTIATORS:
Understands the truth of what is happening on your network.
Detects advanced attacks that have breached perimeter defenses.
Develops a complete, near real-time understanding of suspicious behaviour.
Develops a battleground understanding of your entire security situation.
Augments current security solutions.
Proven speed, scale and effectiveness on the largest, most attacked networks on earth.
Big Data for Security - DNS Analytics
The document discusses HP's DNS Malware Analytics solution, which analyzes DNS network traffic to detect malware and security threats. It began as a research project at HP Labs and has grown into a commercial product. The solution captures DNS packets, analyzes them for blacklisted domains and abnormal patterns using security analytics, and provides alerts and visualizations to help security teams detect threats early. It has been piloted with HP IT and customers and is now offered as a software-as-a-service cloud solution to help security operations centers.
ESM 101 (ESM v6.9.1c)
ArcSight ESM is a comprehensive security event monitoring and analytics software. This document provides an overview of ESM concepts and features. It describes the roles of administrators, authors, operators, analysts, and business users within a security operations center. Administrators oversee system installation and health. Authors develop use cases and content to address security goals. Operators monitor events and initial investigations. Analysts perform specialized investigations and recommend responses. Business users review reports and metrics. The document provides an introduction to key ESM concepts to understand its functions and how various users interact with different tools.
Preparing for the Cybersecurity Renaissance
We are in the midst of a fundamental shift in the way in which organizations protect themselves from the modern adversary.
Traditional rules based cybersecurity applications of the past are not able to protect organizations in the new mobile, social, and hyper-connected world they now operate within. However, the convergence of big data technology, analytic advancements, and a variety of other factors have sparked a cybersecurity renaissance that will forever change the way in which organizations protect themselves.
Join Rocky DeStefano, Cloudera's Cybersecurity subject matter expert, as he explores how modern organizations are protecting themselves from more frequent, sophisticated attacks.
During this webinar you will learn about:
The current challenges cybersecurity professionals are facing today
How big data technologies are extending the capabilities of cybersecurity applications
Cloudera customers that are future proofing their cybersecurity posture with Cloudera’s next generation data and analytics management system
Keeping Up with the Adversary: Creating a Threat-Based Cyber Team
With advanced cyber-actors evolving quickly and becoming more stealthy, it has become imperative to question the status quo of our existing cyber-operations. This session will outline how a case study and incident response led to changes in focus and philosophy and how that changed the structure of Defensive Cyber Operations.
(Source: RSA Conference USA 2017)
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Want to detect threats in your organization? Stop reading every feed and curate your threat intel and content so they actually work for your security architecture. By managing meaningful threat intelligence so the external intel maps to internal threat models and curating your content sensibly, you can create a high-functioning SOC that both detects and defends against cyberattacks.
(Source: RSA Conference USA 2018)
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Datasets, by Yuji Sekiya.
Presented at the APNIC 40 APOPS 1 session, Tue 8 Sep 2015.
ESM_101_6.9.0.pdf
This document provides an overview and introduction to HP ArcSight ESM software. It describes ESM's capabilities for security event monitoring, network intelligence, correlation, anomaly detection, and automated remediation. It also outlines the key components of ESM including the CORR-Engine for high-speed event storage and retrieval, and introduces the various tools and user roles within ESM. The document is intended to provide readers with a basic understanding of how ESM works and how its different functions are used throughout the lifecycle of analyzing and responding to security events.
Next-Gen DDoS Detection
DDoS detection needs to get scalable and mitigation-neutral so you can devise a protection strategy that is agile and long-lasting. This presentation delves into how big data analytics is useful for DDoS detection. You can see the live version at: http://www.kentik.com/webinars
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Studio Fiorenzi Security & Forensics
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Audits, Cyber Forensics and incident response with Velociraptor and Ansible AWXRISELab: Enabling Intelligent Real-Time Decisions keynote by Ion Stoica
A long-standing grand challenge in computing is to enable machines to act autonomously and intelligently: to rapidly and repeatedly take appropriate actions based on information in the world around them. To address this challenge, at UC Berkeley we are starting a new five year effort that focuses on the development of data-intensive systems that provide Real-Time Intelligence with Secure Execution (RISE). Following in the footsteps of AMPLab, RISELab is an interdisciplinary effort bringing together researchers across AI, robotics, security, and data systems. In this talk I’ll present our research vision and then discuss some of the applications that will be enabled by RISE technologies.
RISELab:Enabling Intelligent Real-Time Decisions
Spark Summit East Keynote by Ion Stoica
A long-standing grand challenge in computing is to enable machines to act autonomously and intelligently: to rapidly and repeatedly take appropriate actions based on information in the world around them. To address this challenge, at UC Berkeley we are starting a new five year effort that focuses on the development of data-intensive systems that provide Real-Time Intelligence with Secure Execution (RISE). Following in the footsteps of AMPLab, RISELab is an interdisciplinary effort bringing together researchers across AI, robotics, security, and data systems. In this talk I’ll present our research vision and then discuss some of the applications that will be enabled by RISE technologies.
Apache Spark for Cyber Security in an Enterprise Company
In order to understand and react to their security situation, many cybersecurity operations use Security information and event management (SIEM) software nowadays. Using a traditional SIEM in a large company such as HP Enterprise is a challenge due to the increasing volume and rate of data. We present the solution used to reduce data volume processed by the SIEM using Spark Streaming and the results obtained in processing one of the largest data feeds in HPE: Firewall logs. Testing of SIEM rules the traditional way is a time-consuming process. Usually, it is necessary to wait one day to get results and statistic for one-day production data. An alternative approach to build a SIEM using Spark and other big data technologies will be drafted and results of “fast forward” processing of production data snapshots will be presented. HPE is the target of sophisticated well-crafted attacks and deployed cyber Security tools are not able to detect all of them. A simple application, built using Spark MLlib and company-specific data for training, for detection of malicious trending domains will be described. Takeaways: Spark streaming can be used to pre-process cybersecurity data and reduce their amount for further processing. Spark MLlib can be used to add the additional detecting capability for specific use cases.
In this presentation, we will share how Hewlett Packard Enterprise has implemented Apache Spark to deal with three main cyber security use cases:
1) Using Spark to help Security information and event management (SIEM) process an increasing amount of data
2) Using Spark to test SIEMs rules by “fast forward” processing of production data snapshots.
3) Implementing machine learning to add an additional detection capability
Security Analytics for Data Discovery - Closing the SIEM Gap
This document discusses security analytics and hunting maturity. It defines hunting as a proactive approach to identifying incidents by actively looking for patterns, intelligence or hunches, rather than waiting for notifications. It describes the "SIEM gap" where SIEM tools are designed for known threats and lack the tools and flexibility for human analysis and hunting of unknown threats. It outlines techniques used in security analytics like event clustering, association analysis, and visualization to help analyze large datasets and discover unknown threats. The document argues security analytics provides the data access, analysis techniques and workflows to help close the SIEM gap and improve an organization's hunting maturity over time.
Penetration testing, What’s this?
Penetration testing involves assessing an organization's security processes and vulnerabilities by simulating real-world attacks. This is done through methodologies like OSSTMM and standards like CIS guides and ISO 2700x. The goals are to estimate security, gain unauthorized access to systems, and access certain information/data. Approaches include perimeter, wireless, and internal testing from user workstations or network segments. Real attacks aim to hack, while penetration testing is legal and aims to help organizations. Common tools used include Nmap, Metasploit, Cain & Abel, Aircrack, and browser/notepad. Examples demonstrated password cracking, SQL injection exploitation, and privilege escalation in Active Directory. Wireless, social engineering,
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Strata Hadoop World 2017 San Jose
Today’s enterprise architectures are often composed of a myriad of heterogeneous devices. Bring-your-own-device policies, vendor diversification, and the transition to the cloud all contribute to a sprawling infrastructure, the complexity and scale of which can only be addressed by using modern distributed data processing systems.
Kevin Mao outlines the system that Capital One has built to collect, clean, and analyze the security-related events occurring within its digital infrastructure. Raw data from each component is collected and preprocessed using Apache NiFi flows. This raw data is then written into an Apache Kafka cluster, which serves as the primary communications backbone of the platform. The raw data is parsed, cleaned, and enriched in real time via Apache Metron and Apache Storm and ingested into ElasticSearch, allowing operations teams to detect and monitor events as they occur. The refined data is also transformed into the Apache ORC data format and stored in Amazon S3, allowing data scientists to perform long-term, batch-based analysis.
Kevin discusses the challenges involved with architecting and implementing this system, such as data quality, performance tuning, and the impact of additional financial regulations relating to data governance, and shares the results of these efforts and the value that the data platform brings to Capital One.
Continuity Software 4.3 Detailed Gaps
The document discusses challenges with high availability and disaster recovery configurations including configuration drift between production and standby systems. It introduces RecoverGuard as a solution to automatically detect configuration issues and vulnerabilities across HA/DR systems to prevent data loss and downtime. Key features of RecoverGuard include automated scanning, over 3,000 configuration signatures, analytics across availability, data protection, recoverability, and a dashboard. Examples of issues found include partial data replication, inconsistent access to storage, and configuration differences between production and disaster recovery systems.
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review
CISC 662
1
Agenda
Review of the following technologies and current products:
SIEM
CASB
EDR (Enterprise Detection and Response)
NGFW (Next Generation Firewalls)
Threat Intelligence
Summary of Term
SANS Technology Institute - Candidate for Master of Science Degree
What is a SIEM?
SIEM - Security Information Event Management
Logging and Event Aggregation
Network (router,switch,firewall,etc)
System (Server,workstation,etc)
Application (Web, DB )
Correlation Engine
2+ related events = higher alarm (1+1=3)
3
At first glance SIEM's appliances and software look like an event aggregator. While a SIEM has the advantage of aggregating logs what puts them apart from the event aggregator market are the correlation engines.
The correlation engines allow the ability to uncover threats/attacks across multiple related events which by themselves would not be a cause for alarm.
SIEM
4
What is a SIEM?
5
Security information and event management (SIEM) is the technology that can tie all your systems together and give you a comprehensive view of IT security.
IT security is typically a patchwork of technologies – firewalls, intrusion prevention, endpoint protection, threat intelligence and the like – that work together to protect an organization’s network and data from hackers and other threats. Tying all those disparate systems together is another challenge, however, and that’s where SIEM can help.
SIEM systems manage and make sense of security logs from all kinds of devices and carry out a range of functions, including spotting threats, preventing breaches before they occur, detecting breaches, and providing forensic information to determine how a security incident occurred as well as its possible impact.
Using SIEM
How do SIEM Products help the following Security concerns?
Countermeasures to detect attempts to infect internal system
Identification of infected systems trying to exfiltrate information
Mitigation of the impact of infected systems
Detection of outbound sensitive information ( DLP)
6
These questions are a core part of a companies overall security architecture. If a SIEM isn't providing answers or solutions to these questions what is it doing?
If you aren't using your SIEM to solve issues like these it may just be an expensive log aggregator/collection system sitting in your network collecting dust.
SIEM Advantages
Correlation of data from multiple systems and from different events detecting security and operational conditions
Anomaly detection by using a baseline of events over time to find deviations from expected or normal behavior
Comprehensive view into an environment based on event types, protocols, log sources, etc
APT (advanced persistent threat) protection through detection of protocol and application anomalies
Prioritization based on risk of threat to assets, staff can triage the most vulnerable targets
Alerting and monitoring on events of interest to escalate pri ...
Similar to Big Data for Security - DNS Analytics (20)
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
Keeping Up with the Adversary: Creating a Threat-Based Cyber Team
Keeping Up with the Adversary: Creating a Threat-Based Cyber Team
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detection
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
RISELab: Enabling Intelligent Real-Time Decisions keynote by Ion Stoica
RISELab: Enabling Intelligent Real-Time Decisions keynote by Ion Stoica
Apache Spark for Cyber Security in an Enterprise Company
Apache Spark for Cyber Security in an Enterprise Company
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM Gap
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
More from Marco Casassa Mont
Big Data for Security - Threat Analytics
The document discusses HP's threat analytics and visualization solutions for analyzing big DNS security data. It describes the large volume and scale of DNS data, challenges in analyzing it with traditional tools, and HP's solution to capture, store, filter, analyze and visualize DNS events in real-time and historically. The solution includes pilots with HP to detect bad devices, domain names and threats through techniques like anomaly detection and connection graphing.
Security Analytics & Security Intelligence-as-a-Service
Overview of R&D work and projects in the areas of Security Analytics (predictive Analytics) and Security Intelligence-as-a-Service
Security intelligence using big data presentation (engineering seminar)
An overview of R&D work in the space of cyber security, focusing on technologies and case studies in the space of cyber security, big data for security, predictive analytics and usage of security intelligence for better situational awareness
Policy Management: An Overview
The document discusses policies and policy management. It defines a policy as a set of rules that guide decisions and actions. Policy management involves defining, enforcing, and monitoring compliance with policies. The document also describes Hewlett-Packard's research in policy management solutions for enterprise privacy, identity management, and information lifecycle management.
Big Data for Security
This document discusses using big data analysis of DNS data to improve cybersecurity operations. It describes how DNS data generates terabytes of logs daily that are difficult to analyze due to scale. The document proposes a solution to collect and filter DNS packets directly from network taps, analyze the data in real-time and historically using Hadoop and other tools to detect anomalies and threats, and use the insights to update blacklists and block malicious traffic. Diagrams show how the system would integrate with existing security tools and orchestrate analytical workflows.
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends, Challenges and Opportunities
More from Marco Casassa Mont (6)
Security Analytics & Security Intelligence-as-a-Service
Security Analytics & Security Intelligence-as-a-Service
Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...
Recently uploaded
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
学校原件一模一样【微信:741003700 】《(英国UCA毕业证书)创意艺术大学毕业证》【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
Build applications with generative AI on Google Cloud
We will explore Vertex AI - Model Garden powered experiences, we are going to learn more about the integration of these generative AI APIs. We are going to see in action what the Gemini family of generative models are for developers to build and deploy AI-driven applications. Vertex AI includes a suite of foundation models, these are referred to as the PaLM and Gemini family of generative ai models, and they come in different versions. We are going to cover how to use via API to: - execute prompts in text and chat - cover multimodal use cases with image prompts. - finetune and distill to improve knowledge domains - run function calls with foundation models to optimize them for specific tasks. At the end of the session, developers will understand how to innovate with generative AI and develop apps using the generative ai industry trends.
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Navigating today's data landscape isn't just about managing workflows; it's about strategically propelling your business forward. Apache Airflow has stood out as the benchmark in this arena, driving data orchestration forward since its early days. As we dive into the complexities of our current data-rich environment, where the sheer volume of information and its timely, accurate processing are crucial for AI and ML applications, the role of Airflow has never been more critical.
In my journey as the Senior Engineering Director and a pivotal member of Apache Airflow's Project Management Committee (PMC), I've witnessed Airflow transform data handling, making agility and insight the norm in an ever-evolving digital space. At Astronomer, our collaboration with leading AI & ML teams worldwide has not only tested but also proven Airflow's mettle in delivering data reliably and efficiently—data that now powers not just insights but core business functions.
This session is a deep dive into the essence of Airflow's success. We'll trace its evolution from a budding project to the backbone of data orchestration it is today, constantly adapting to meet the next wave of data challenges, including those brought on by Generative AI. It's this forward-thinking adaptability that keeps Airflow at the forefront of innovation, ready for whatever comes next.
The ever-growing demands of AI and ML applications have ushered in an era where sophisticated data management isn't a luxury—it's a necessity. Airflow's innate flexibility and scalability are what makes it indispensable in managing the intricate workflows of today, especially those involving Large Language Models (LLMs).
This talk isn't just a rundown of Airflow's features; it's about harnessing these capabilities to turn your data workflows into a strategic asset. Together, we'll explore how Airflow remains at the cutting edge of data orchestration, ensuring your organization is not just keeping pace but setting the pace in a data-driven future.
Session in https://budapestdata.hu/2024/04/kaxil-naik-astronomer-io/ | https://dataml24.sessionize.com/session/667627
Experts live - Improving user adoption with AI
Bekijk de slides van onze sessie Enhancing Modern Workplace Efficiency op Experts Live 2024.
一比一原版(CU毕业证)卡尔顿大学毕业证如何办理
原件一模一样【微信:95270640】【卡尔顿大学毕业证CU学位证成绩单】【微信:95270640】(留信学历认证永久存档查询)采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信:95270640】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信:95270640】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份【微信:95270640】
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
→ 【关于价格问题(保证一手价格)
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
选择实体注册公司办理,更放心,更安全!我们的承诺:可来公司面谈,可签订合同,会陪同客户一起到教育部认证窗口递交认证材料,客户在教育部官方认证查询网站查询到认证通过结果后付款,不成功不收费!
办理卡尔顿大学毕业证本科学位证成绩单CU学位证【微信:95270640 】外观非常精致,由特殊纸质材料制成,上面印有校徽、校名、毕业生姓名、专业等信息。
办理卡尔顿大学毕业证CU学位证本科学位证成绩单【微信:95270640 】格式相对统一,各专业都有相应的模板。通常包括以下部分:
校徽:象征着学校的荣誉和传承。
校名:学校英文全称
授予学位:本部分将注明获得的具体学位名称。
毕业生姓名:这是最重要的信息之一,标志着该证书是由特定人员获得的。
颁发日期:这是毕业正式生效的时间,也代表着毕业生学业的结束。
其他信息:根据不同的专业和学位,可能会有一些特定的信息或章节。
办理卡尔顿大学毕业证本科学位证成绩单CU学位证【微信:95270640 】价值很高,需要妥善保管。一般来说,应放置在安全、干燥、防潮的地方,避免长时间暴露在阳光下。如需使用,最好使用复印件而不是原件,以免丢失。
综上所述,办理卡尔顿大学毕业证本科学位证成绩单CU学位证【微信:95270640 】是证明身份和学历的高价值文件。外观简单庄重,格式统一,包括重要的个人信息和发布日期。对持有人来说,妥善保管是非常重要的。
原版一比一弗林德斯大学毕业证(Flinders毕业证书)如何办理
原版制作【微信:41543339】【弗林德斯大学毕业证(Flinders毕业证书)】【微信:41543339】《成绩单、外壳、雅思、offer、真实留信官方学历认证(永久存档/真实可查)》采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【我们承诺采用的是学校原版纸张(纸质、底色、纹路)我们拥有全套进口原装设备,特殊工艺都是采用不同机器制作,仿真度基本可以达到100%,所有工艺效果都可提前给客户展示,不满意可以根据客户要求进行调整,直到满意为止!】
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信41543339】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信41543339】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
留信网服务项目:
1、留学生专业人才库服务(留信分析)
2、国(境)学习人员提供就业推荐信服务
3、留学人员区块链存储服务
【关于价格问题(保证一手价格)】
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
选择实体注册公司办理,更放心,更安全!我们的承诺:客户在留信官方认证查询网站查询到认证通过结果后付款,不成功不收费!
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
by
Timothy Spann
Principal Developer Advocate
https://budapestdata.hu/2024/en/
https://budapestml.hu/2024/en/
tim.spann@zilliz.com
https://www.linkedin.com/in/timothyspann/
https://x.com/paasdev
https://github.com/tspannhw
https://www.youtube.com/@flank-stack
milvus
vector database
gen ai
generative ai
deep learning
machine learning
apache nifi
apache pulsar
apache kafka
apache flink
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
"Join us for STATATHON, a dynamic 2-day event dedicated to exploring statistical knowledge and its real-world applications. From theory to practice, participants engage in intensive learning sessions, workshops, and challenges, fostering a deeper understanding of statistical methodologies and their significance in various fields."
Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...
This webinar will explore cutting-edge, less familiar but powerful experimentation methodologies which address well-known limitations of standard A/B Testing. Designed for data and product leaders, this session aims to inspire the embrace of innovative approaches and provide insights into the frontiers of experimentation!
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
毕业原版【微信:176555708】【(UCSF毕业证书)旧金山分校毕业证】【微信:176555708】成绩单、外壳、offer、留信学历认证(永久存档真实可查)采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【我们承诺采用的是学校原版纸张(纸质、底色、纹路),我们拥有全套进口原装设备,特殊工艺都是采用不同机器制作,仿真度基本可以达到100%,所有工艺效果都可提前给客户展示,不满意可以根据客户要求进行调整,直到满意为止!】
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信176555708】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信176555708】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
留信网服务项目:
1、留学生专业人才库服务(留信分析)
2、国(境)学习人员提供就业推荐信服务
3、留学人员区块链存储服务
→ 【关于价格问题(保证一手价格)】
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
选择实体注册公司办理,更放心,更安全!我们的承诺:客户在留信官方认证查询网站查询到认证通过结果后付款,不成功不收费!
原版制作(unimelb毕业证书)墨尔本大学毕业证Offer一模一样
学校原件一模一样【微信:741003700 】《(unimelb毕业证书)墨尔本大学毕业证》【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Harness the power of AI-backed reports, benchmarking and data analysis to predict trends and detect anomalies in your marketing efforts.
Peter Caputa, CEO at Databox, reveals how you can discover the strategies and tools to increase your growth rate (and margins!).
From metrics to track to data habits to pick up, enhance your reporting for powerful insights to improve your B2B tech company's marketing.
- - -
This is the webinar recording from the June 2024 HubSpot User Group (HUG) for B2B Technology USA.
Watch the video recording at https://youtu.be/5vjwGfPN9lw
Sign up for future HUG events at https://events.hubspot.com/b2b-technology-usa/
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
原版办【微信号:BYZS866】【英属哥伦比亚大学毕业证(UBC毕业证书)】【微信号:BYZS866】《成绩单、外壳、雅思、offer、真实留信官方学历认证(永久存档/真实可查)》采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【我们承诺采用的是学校原版纸张(纸质、底色、纹路)我们拥有全套进口原装设备,特殊工艺都是采用不同机器制作,仿真度基本可以达到100%,所有工艺效果都可提前给客户展示,不满意可以根据客户要求进行调整,直到满意为止!】
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信号BYZS866】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信号BYZS866】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
留信网服务项目:
1、留学生专业人才库服务(留信分析)
2、国(境)学习人员提供就业推荐信服务
3、留学人员区块链存储服务
【关于价格问题(保证一手价格)】
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
选择实体注册公司办理,更放心,更安全!我们的承诺:客户在留信官方认证查询网站查询到认证通过结果后付款,不成功不收费!
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
原版办理【微信号:BYZS866】【巴斯大学毕业证(Bath毕业证书)】【微信号:BYZS866】《成绩单、外壳、雅思、offer、真实留信官方学历认证(永久存档/真实可查)》采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【关于学历材料质量】
我们承诺采用的是学校原版纸张(原版纸质、底色、纹路、)我们工厂拥有全套进口原装设备,特殊工艺都是采用不同机器制作,仿真度基本可以达到100%,所有成品以及工艺效果都可提前给客户展示,不满意可以根据客户要求进行调整,直到满意为止!
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信号BYZS866】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信号BYZS866】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
留信网服务项目:
1、留学生专业人才库服务(留信分析)
2、国(境)学习人员提供就业推荐信服务
3、留学人员区块链存储服务
【关于价格问题(保证一手价格)】
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
选择实体注册公司办理,更放心,更安全!我们的承诺:客户在留信官方认证查询网站查询到认证通过结果后付款,不成功不收费!
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
The Modern Marketing Reckoner (MMR) is a comprehensive resource packed with POVs from 60+ industry leaders on how AI is transforming the 4 key pillars of marketing – product, place, price and promotions.
University of New South Wales degree offer diploma Transcript
澳洲UNSW毕业证书制作新南威尔士大学假文凭定制Q微168899991做UNSW留信网教留服认证海牙认证改UNSW成绩单GPA做UNSW假学位证假文凭高仿毕业证申请新南威尔士大学University of New South Wales degree offer diploma Transcript
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
一模一样【微信:A575476】【(harvard毕业证书)哈佛大学毕业证成绩单Offer】【微信:A575476】(留信学历认证永久存档查询)采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信:A575476】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信:A575476】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
→ 【关于价格问题(保证一手价格)
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
选择实体注册公司办理,更放心,更安全!我们的承诺:可来公司面谈,可签订合同,会陪同客户一起到教育部认证窗口递交认证材料,客户在教育部官方认证查询网站查询到认证通过结果后付款,不成功不收费!
Open Source Contributions to Postgres: The Basics POSETTE 2024
Postgres is the most advanced open-source database in the world and it's supported by a community, not a single company. So how does this work? How does code actually get into Postgres? I recently had a patch submitted and committed and I want to share what I learned in that process. I’ll give you an overview of Postgres versions and how the underlying project codebase functions. I’ll also show you the process for submitting a patch and getting that tested and committed.
原版一比一利兹贝克特大学毕业证(LeedsBeckett毕业证书)如何办理
原版制作【微信:41543339】【利兹贝克特大学毕业证(LeedsBeckett毕业证书)】【微信:41543339】《成绩单、外壳、雅思、offer、真实留信官方学历认证(永久存档/真实可查)》采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【我们承诺采用的是学校原版纸张(纸质、底色、纹路)我们拥有全套进口原装设备,特殊工艺都是采用不同机器制作,仿真度基本可以达到100%,所有工艺效果都可提前给客户展示,不满意可以根据客户要求进行调整,直到满意为止!】
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信41543339】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信41543339】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
留信网服务项目:
1、留学生专业人才库服务(留信分析)
2、国(境)学习人员提供就业推荐信服务
3、留学人员区块链存储服务
【关于价格问题(保证一手价格)】
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
选择实体注册公司办理,更放心,更安全!我们的承诺:客户在留信官方认证查询网站查询到认证通过结果后付款,不成功不收费!
Recently uploaded (20)
Build applications with generative AI on Google Cloud
Build applications with generative AI on Google Cloud
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...
Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
University of New South Wales degree offer diploma Transcript
University of New South Wales degree offer diploma Transcript
Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024
Big Data for Security - DNS Analytics
- 1. Big Data for Security Marco Casassa Mont Security and Manageability Lab Hewlett Packard Labs November 2015
- 2. Transfer HPE Security SW Solution: DNS Malware Analytics 2
- 3. The ArcSight Portfolio Intelligence Packages (Content) Connectors Logger ESM ArcMC Marketplace Analytics Intelligence Packages (Content) Connectors Logger ESM Management(ArcMC) Marketplace DNSMalware Analytics UserBehaviorAnalytics InteractiveDiscovery Analytics
- 4. HPE Labs - Big Data for Security Overview 4
- 5. Project overview – Helping organizations to detect new, unknown security threats by collecting, storing, analyzing, and visualizing massive amounts of security events – Use case: Domain Name Server (DNS): – Huge data logs (HPE IT pilot: 16-20B DNS packets/day) – Most malware uses DNS to communicate to command and control centers – Wide range of attacks from commoditized malware to advanced persistent threats (APTs) – Solution piloted with HPE IT worldwide and in 2 customers’ PoC – Ongoing technology transfer with HPE SW (product) and HPE Security Services (managed security service) 5 www.hpe.co m 16.110.135.51
- 6. 6 Adapted from Lockheed Martin’s Cyber Kill Chain Research Infiltration Exfiltration Our enterprise Discovery Capture Their ecosyste m
- 7. The security operations challenge Email Hotline/help desk call center Other IDS Triage Incident report Resolution Analyze Obtain contact information Provide technical assistance Coordinate Information and response Information request Vulnerability report Weeks -> ? Days Months CMU CERT/CC Incident Lifecycle
- 8. Security operations research Email Hotline/help desk call center Other IDS Triage Incident report Resolution Analyze Obtain contact information Provide technical assistance Coordinate Information and response Information request Vulnerability report Early detection (Big Data) Rapid response (software-defined networking)
- 9. What is DNS? Client / server Local DNS server DNS root “.” DNS.com DNS company.com Query: service.company.com? Check for zone Check cache REPLY: 58.25.88.90 DNS traffic generated by: - Users (e.g. by browsing web sites) - Applications, servers, etc.
- 10. The scale of DNS data HPE IT operates ArcSight internally. Once fully deployed, it will be 25% larger than any other non- governmental installation by volume. DNS traffic per HPE data center: – 120,000 events/second – ~64B events/day globally 1 10 100 1000 10000 100000 1000000 Routers VPN McAfee ePO Active Directory Web Proxy DNS Eventspersecond(logarithmicscale) 0 20000 40000 60000 80000 100000 120000 140000 Routers VPN McAfee ePO Active Directory Web Proxy DNS Eventspersecond(linearscale)
- 11. Abuse case Compromised server Victim Compromised DNS server www.hpe.com?1 12.34.56.782
- 12. Abuse case Botnet command and control Bot DNS server akaajkajkajd.cn? xisyudnwuxu.ru? dfknwerpbnp.biz? mneyqslgyb.info? cspcicicipisjjew.hu? C2 Server (mneyqslgyb.info) Attacker can’t maintain C2 server at IP address for very long. So it registers a random domain name temporarily. Bot tries a bunch of random names until it finds one that resolves.
- 13. AssetAsset Abuse case DNS tunneling (via subdomains) Bot DNS server (Compromised) DNS server (example.com) 93cc3daf.example.com4fac3215.example.coma86f4221.example.comddee9152.example.com8bd5ff12.example.comd4bb92a1.example.comef409132.example.com1bfa3207.example.com298c5b3a.example.com
- 14. Solution architecture: Overview 14 DNS server(s) HPL DNS packet capture Whitelist network tap DNS queries and responses ArcSight Logger ArcSight ESM Blacklist Threat insight: HPL Security Analytics and Visualization Solution Event logging Correlation and alerting Real-time processing Near-time, historical analysis DNS events: queries and replies
- 15. Event pre- processor Events Syslog Server Security analytical workflows Analytics scheduler Anomaly detection Threat indicators Visualization processing Web server 15 Security event logs Network systems HPL DNS Packet Capture Filtered DNS events ESM alerts Real-time analysis Historical analysis ESM Logger ESM GUI Alert manager HPELThreat Indicators&Anomaly DetectionLibrary HPE Labs Big Data Analytics Solution ArcSight Vertica Anomalies, threats, graphs
- 16. Demo … 16
- 17. More details about Security Analytics … 17
- 18. Security analytics 18 Extended analytical framework to provide: 1. Analytics-based on Blacklisted DNS Events 2. Analytics-based on Random Domain Names (DGA domains). Tipping Point/DVLabs Collaboration 3. Analytics based on Data Exfiltration Security analytical workflows Analytics scheduler Anomaly Detection Threat Indicators Visualizatio n processing Web serverAlert manager HPLthreat Indicators&anomaly Detectionlibrary Threat insight: HPL big data analytics solution HP Vertica
- 19. Analytics based on blacklisted events 19 1. Usage of TippingPoint RepDV 2. Client-based aggregations of high score, blacklisted domains 3. Detection of abnormal patterns: – Large percentage of queries (>50%) – Bad domain names queried for the first time – More than 5% towards same domain – …
- 20. Analytics based on random generated domains (DGA) 1. Various techniques to detect DGA domains, including forbidden bigrams and classification (TippingPoint) 2. Client-based aggregations to identify infected devices 3. Detection of abnormal patterns: 1. High number of NXDOMAINS with a few resolving ones 2. High number of domains with similar classifications (Zeus, Virut, Conficker-AB,…)
- 21. Analytics based on data exfiltration – Various techniques to detect domains used for DNS based Exfiltration and Tunneling – Client-based aggregations to identify infected devices – Detection of abnormal patterns: – Very long, odd looking, frequent domain names – Statistical analysis of domains to identify encoding
- 24. Problem Areas and Opportunities HPE CONFIDENTIAL 24 1. Detection of serious, targeted attacks (including APTs) posing major risks to organisations 2. Remediation/Mitigation of Threats in timely manner • Collecting, processing and analysing huge, heterogeneous data sets • Limitation of current collection and computational models • Limitation of current security analytics and detection approaches • Use massive NV memory and computing power • Grounded security use cases, jointly with HP IT and customers 3. Innovate in the space of “Security Analytics for The Machine” • Localization of resources • Dynamic, virtualised environments • Very fragmented IT approaches • Lack of impact analysis
- 25. Architectural Overview HPE CONFIDENTIAL 25 DNS Web proxy Network Traffic (SFlow …) IP-MAC- Hostname IT Infrastructure, Containers, The Machine Big Data Storage In-Memory Storage Threat Models Distributed Analytical Engines & Anomaly Detection Common Framework & APIs Tools & Visualizations Continuous/OnDemandData Collection&processing SDN NFV Instrumented Containers Traditional IT & SOC … Multiple Data Sources Next generation Analytical Engines & Threat Management Tools Remediation Engines & Workflows Remediation Mechanisms Programmable Data Collection User/DC/… Hybrid Storage Mgmt Analytic s Library Remediation Engines Remediation Workflows Impact Analysis
- 26. Data Sources & Agents Kafka Cluster Storm Cluster HDFS Cluster Other Logging/ Brokering Mechanisms Vertica Cluster Spark HBASE+HIVE Elastic Search SQL Tools Analytical Framework & Engine Analytics Advanced Threat Detection Workflow & Tracking Models Visualization Remediation Processing Pipeline & Infrastructure
- 27. Next Generation – HPE Labs’ Prototype Data Types DNS Web Proxy SFlow IP-MAC-Host DC/User Logs Firewall/VPN/… Data Abstraction Layer Attribute s Data processing Pipeline Event Buffering & Brokering (e.g. Kafka, …) Event Pre-processing & pre-Analytics (e.g. Storm, …) Analytic Engines Advanced Threat Detection: Workflow & Tracking Attribute s Attribute s Attribute s Attribute s Attribute s Library of Plug & Play Threat Analytic Modules Persistent Storage (e.g. Vertica, Hadoop, …) In Memory Storage (e.g. Regis, MongoDB, GraphX …) REST APIs REST APIs Library of Threat Models Visualization Data Exploration Web Services Threat Tracking Data and Evidence HPE CONFIDENTIAL 10
- 28. DMA Backup 28
- 29. Productisation 29 Screenshot from HPE DNS Malware Analytics – Cloud-based managed or self-service analytics with on-premises capture modules – Yearly subscription – Bolt-on upgrades – Events per second – Number of capture modules This is a rolling (up to 3-year) Roadmap and is subject to change without notice.
- 30. Service architecture DNS Capture Module DNS analytics Alerts (infected system) Web-based detail and visual Drill-down Level 1 Analyst Hunt Team • Filter out 99% of traffic* • Tag events (blacklist matching, DGA detection) • Statistics and diagnostics • Constantly analyze DNS data for security threats • Alerting • Data visualization and exploration • SaaS/Cloud DNS Capture Module Enterprise SOC DNS server/cluster Analytics cloud * HPE CDC SIEM UI