Peter Wood, profile picture
Uploaded byPeter Wood
PPTX, PDF1,336 views

Advanced threat protection and big data

Peter Wood, CEO of First Base Technologies, gave a presentation on how big data and advanced analytics can help with cybersecurity challenges. He discussed how the threat landscape has become more complex with stealth malware and targeted attacks. Traditional defenses like signatures and firewalls may be insufficient. Big data can help through improved SIEM tools with real-time updates, behavior models, and correlation to detect advanced threats. However, big data analytics requires significant investment and specialized skills that are only available to large organizations currently. Cloud-based solutions may help other organizations also gain security benefits from big data.

Embed presentation

Downloaded 54 times
Peter Wood Chief Executive Officer First•Base Technologies Advanced Threat Protection and Big Data An Ethical Hacker’s View
Slide 2 © First Base Technologies 2013 Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base in 1989 (one of the first ethical hacking firms) CEO First Base Technologies LLP Social engineer & penetration tester Conference speaker and security ‗expert‘ Member of ISACA Security Advisory Group Vice Chair of BCS Information Risk Management and Audit Group UK Chair, Corporate Executive Programme FBCS, CITP, CISSP, MIEEE, M.Inst.ISP Registered BCS Security Consultant Member of ACM, ISACA, ISSA, Mensa
Slide 3 © First Base Technologies 2013 Agenda • Big Data elevator pitch • Advanced Threats – really? • Why Big Data for security? • How can Big Data help? • Can we do it now? • Summing up
Slide 4 © First Base Technologies 2013 Big Data elevator pitch
Slide 5 © First Base Technologies 2013 Big Data is quite large Every day, we create 2.5 quintillion bytes of data — so much that 90% of the data in the world today has been created in the last two years alone. This data comes from everywhere: sensors used to gather climate information, posts to social media sites, digital pictures and videos, purchase transaction records, and cell phone GPS signals to name a few. http://www-01.ibm.com/software/data/bigdata/ 2.5 quintillion = 2.5 exabytes = 2.5x1018 bytes IDC projects that the digital universe will reach 40 zettabytes by 2020, resulting in a 50-fold growth from the beginning of 2010 http://uk.emc.com/about/news/press/2012/20121211-01.htm 40 zettabytes = 40x1021 bytes = 57 times all the grains of sand on all the beaches on earth
Slide 6 © First Base Technologies 2013 Big Data can be useful • Creating transparency by making relevant data more accessible • Enabling experimentation to discover needs, expose variability and improve performance - use data to analyse variability in performance and understand the root causes • Segmenting populations to customise actions and tailor products and services to meet specific needs • Replacing/supporting human decision-making with automated algorithms in order to minimise risk • Innovating new business models, products and services McKinsey Global Institute: “Big data: The next frontier for innovation, competition, and productivity”, May 2011
Slide 7 © First Base Technologies 2013 Where are we with Big Data in general? • Mainstream adoption? Early days • Skills and risks underestimated • IT professionals say: - Over-hyped - Has a lot of potential - Vendors may not deliver on promises
Slide 8 © First Base Technologies 2013 Advanced Threats – really?
Slide 9 © First Base Technologies 2013 Advanced Threats • Massive increase in advanced malware bypassing traditional security defenses • Volumes vary substantially among different industries • Email-based attacks are growing, with link- and attachment-based malware presenting significant risks • Cybercriminals are increasingly employing limited-use domains in their spear phishing emails • Malicious email attachments growing more diverse, evading traditional security defenses FireEye Advanced Threat Report – 1H 2012
Weekly count from FireEye Web MPS appliances across global customer base These levels reflect the number of Web-based malware attacks that originated outside the target organization, successfully evaded traditional filters, and were blocked or infected target systems
The Post Breach Boom, Ponemon Institute, February 2013 Survey of 3,529 IT and IT security practitioners in US, Canada, UK, Australia, Brazil, Japan, Singapore and UAE
The Post Breach Boom, Ponemon Institute, February 2013 Survey of 3,529 IT and IT security practitioners in US, Canada, UK, Australia, Brazil, Japan, Singapore and UAE
The Post Breach Boom Ponemon Institute, February 2013
The Post Breach Boom Ponemon Institute, February 2013
Slide 15 © First Base Technologies 2013 Why Big Data for security?
Slide 16 © First Base Technologies 2013 The tipping point • Complex threat landscape • Avalanche of new technology and challenges • Skills shortages? • Financial pressures, especially for headcount • Large organisations can‘t rely on ―traditional‖ defences: - Preventative controls - Siloed security solutions - Hardening - Processes and procedures
Slide 17 © First Base Technologies 2013 The tipping point inputs Complex threat landscape: • Stealth malware • Targeted attacks • Social engineering New technologies and challenges: • Social networking • Cloud • BYOD / consumerisation • Virtualisation
Slide 18 © First Base Technologies 2013 What do we do today? Traditional defences: • Signature-based anti-virus • Signature-based IDS/IDP • Firewalls and perimeter devices Traditional approach: • Data collection for compliance • Check-list mindset • Tactical thinking
Slide 19 © First Base Technologies 2013 SANS says … SANS Annual Log and Event Management Survey, May 2012
Slide 20 © First Base Technologies 2013 How can Big Data help?
Slide 21 © First Base Technologies 2013 How can Big Data help? • SIEM on steroids? • Fraud detection • APT detection? • Integration of IT and physical security? • SIEM + IDS/IPS? • Predictive analysis
Slide 22 © First Base Technologies 2013 Big Data to Collect • Logs • Network traffic • IT assets • Senstitive / valuable information • Vulnerabilities • Threat intelligence • Application behaviour • User behaviour
Slide 23 © First Base Technologies 2013 Big Data Analytics • Real-time updates • Behaviour models • Correlation • Heuristic capability • Interoperability • … advising the analysts? • … active defence?
Slide 24 © First Base Technologies 2013 Can we do it now?
Slide 25 © First Base Technologies 2013 Big Data = Big Investment, but … • Today: Big Data for Big Organisations with Big Budgets News from RSA Conference 2013: • HP say about 3% of companies are doing this today • Analysts expect 40% adoption by 2016 • Cloud-based Big Data may enhance existing SIEM • … and overcome the skills gap • Enhancing SIEM with threat intelligence • Augmenting SIEM with IT asset information More Improvements To SIEM Than Big Data – DarkReading.com, 22/02/2013
Slide 26 © First Base Technologies 2013 Big Data Last Year Gartner said: Sourcefire's FireAMP technology and the technology from Prevx (acquired by Webroot in 2010) are examples of security providers that determine malicious intent by analysing vast amounts of observed executable behaviors and metadata Vendors such as NetWitness (acquired by RSA), Global DataGuard, Narus (acquired by Boeing), Solera and Fidelus Technologies, and network behavior analysis solutions, such as Lancope, collect large amounts of network packets and/or flows to support the analysis for anomalous activities In addition, some SIEM vendors, such as Q1 Labs (acquired by IBM) and HP ArcSight, can directly consume and analyze NetFlow data Information Security Is Becoming a Big Data Analytics Problem – Gartner, 23/03/2012
Slide 27 © First Base Technologies 2013 Big Data Tomorrow RSA says: Within the next two years, we predict big data analytics will disrupt the status quo in most information security product segments, including SIEM; network monitoring; user authentication and authorization; identity management; fraud detection; and governance, risk & compliance. Big Data Holds Big Promise For Security – RSA Security Brief, January 2013
Slide 28 © First Base Technologies 2013 Big Data Skills • Big Data is more about the processing techniques and outputs than the size of the data set itself, so specific skills are required to use Big Data effectively • There is a general shortage of specialist skills for Big Data analysis, in particular when it comes to using some of the less mature technologies
Slide 29 © First Base Technologies 2013 Summary • All organisations need to invest in research and study of the emerging Big Data Security Analytics landscape • Big Data has the potential to defend against advanced threats, but requires a Big Re-think of approach • Relevant skills are key to successful deployment, only the largest organisations can invest in this now • Offerings exist for the other 97% that can enhance existing technologies using cloud-based solutions
Slide 30 © First Base Technologies 2013 Peter Wood Chief Executive Officer First Base Technologies LLP peterw@firstbase.co.uk http://firstbase.co.uk http://white-hats.co.uk http://peterwood.com Twitter: peterwoodx Need more information?

More Related Content

PPTX
Security Analytics and Big Data: What You Need to Know
byMapR Technologies
 
PPTX
Scrubbing Your Active Directory Squeaky Clean
byNetIQ
 
PDF
I Own Your Building (Management System)
byZero Science Lab
 
PDF
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
byDell EMC World
 
PPTX
Security initiatives here and down under
byRoger Hagedorn
 
PDF
Adapting for the Internet of Things
byTripwire
 
PPTX
Helen Patton - Cross-Industry Collaboration
bycentralohioissa
 
PPTX
Building A Cloud-Ready Security Program
byNetIQ
 
Security Analytics and Big Data: What You Need to Know
byMapR Technologies
 
Scrubbing Your Active Directory Squeaky Clean
byNetIQ
 
I Own Your Building (Management System)
byZero Science Lab
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
byDell EMC World
 
Security initiatives here and down under
byRoger Hagedorn
 
Adapting for the Internet of Things
byTripwire
 
Helen Patton - Cross-Industry Collaboration
bycentralohioissa
 
Building A Cloud-Ready Security Program
byNetIQ
 

What's hot

PDF
MT 117 Key Innovations in Cybersecurity
byDell EMC World
 
PDF
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
byEnterprise Management Associates
 
PDF
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
bySTASH | Datacentric Security
 
PPTX
The 2018 Threatscape
byPeter Wood
 
PDF
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
byThinAir
 
PPTX
Mind the gap
byRoger Hagedorn
 
PPTX
Your cyber security webinar
byEmpired
 
PDF
IoT and the implications on business IT architecture and security
byDeniseFerniza
 
PDF
PhD and Post PhD Network Security Visualization Research
byKulsoom Abdullah
 
PDF
Countering Cybersecurity Risk in Today's IoT World
byBrad Nicholas
 
PDF
MT85 Challenges at the Edge: Dell Edge Gateways
byDell EMC World
 
PDF
It staff augmentation before and after covid 19
byKaty Slemon
 
PDF
Why Executives Underinvest In Cybersecurity
byHackerOne
 
PDF
Digital Transformation and Security for the Modern Business Part 1 – Finance
byXenith Document Systems Ltd
 
PDF
National Cyber Security Policy 2013 (NCSP)
byGopal Choudhary
 
PPT
Cultivating security in the small nonprofit
byRoger Hagedorn
 
PPTX
Information Security For Small Business
byJulius Clark, CISSP, CISA
 
PPSX
William Diederich - Security Certifications: Are They Worth the Investment? A...
bycentralohioissa
 
MT 117 Key Innovations in Cybersecurity
byDell EMC World
 
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
byEnterprise Management Associates
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
bySTASH | Datacentric Security
 
The 2018 Threatscape
byPeter Wood
 
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
byThinAir
 
Mind the gap
byRoger Hagedorn
 
Your cyber security webinar
byEmpired
 
IoT and the implications on business IT architecture and security
byDeniseFerniza
 
PhD and Post PhD Network Security Visualization Research
byKulsoom Abdullah
 
Countering Cybersecurity Risk in Today's IoT World
byBrad Nicholas
 
MT85 Challenges at the Edge: Dell Edge Gateways
byDell EMC World
 
It staff augmentation before and after covid 19
byKaty Slemon
 
Why Executives Underinvest In Cybersecurity
byHackerOne
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
byXenith Document Systems Ltd
 
National Cyber Security Policy 2013 (NCSP)
byGopal Choudhary
 
Cultivating security in the small nonprofit
byRoger Hagedorn
 
Information Security For Small Business
byJulius Clark, CISSP, CISA
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
bycentralohioissa
 

Similar to Advanced threat protection and big data

PPTX
Big Data and Security - Where are we now? (2015)
byPeter Wood
 
PDF
Data Analytics for Security Intelligence
byData Driven Innovation
 
PPTX
The REAL Impact of Big Data on Privacy
byClaudiu Popa
 
PPTX
Big data security the perfect storm
byUlf Mattsson
 
PDF
Ictam big data
byTerry Bunio
 
PDF
Spo2 t17
bySelectedPresentations
 
PPTX
Introduction to big data
byHari Priya
 
PPTX
Big Data is on a Collision Course With Your Network - Are You Ready?
byLiveAction Next Generation Network Management Software
 
PPTX
Big data PPT prepared by Hritika Raj (Shivalik college of engg.)
byHritika Raj
 
PDF
El contexto de la integración masiva de datos
bySoftware Guru
 
PPTX
Big data
byRishi Kashyap
 
PDF
Is big data just a buzzword -Big data simply explained
byVivek Srivastava
 
PDF
Big Data Analytics to Enhance Security
byData Science Thailand
 
PDF
Big data analytics with Apache Hadoop
bySuman Saurabh
 
PPTX
Big data
byRiya
 
PDF
Idc big data whitepaper_final
byOsman Circi
 
PPTX
Big Data Analytics
byNapier University
 
PDF
Industry Overview: Big Data Fuels Intelligence-Driven Security
byEMC
 
PDF
Big Data Analytics
bySreedhar Chowdam
 
PPTX
Real callenges in big data security
bybalasahebcomp
 
Big Data and Security - Where are we now? (2015)
byPeter Wood
 
Data Analytics for Security Intelligence
byData Driven Innovation
 
The REAL Impact of Big Data on Privacy
byClaudiu Popa
 
Big data security the perfect storm
byUlf Mattsson
 
Ictam big data
byTerry Bunio
 
Spo2 t17
bySelectedPresentations
 
Introduction to big data
byHari Priya
 
Big Data is on a Collision Course With Your Network - Are You Ready?
byLiveAction Next Generation Network Management Software
 
Big data PPT prepared by Hritika Raj (Shivalik college of engg.)
byHritika Raj
 
El contexto de la integración masiva de datos
bySoftware Guru
 
Big data
byRishi Kashyap
 
Is big data just a buzzword -Big data simply explained
byVivek Srivastava
 
Big Data Analytics to Enhance Security
byData Science Thailand
 
Big data analytics with Apache Hadoop
bySuman Saurabh
 
Big data
byRiya
 
Idc big data whitepaper_final
byOsman Circi
 
Big Data Analytics
byNapier University
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
byEMC
 
Big Data Analytics
bySreedhar Chowdam
 
Real callenges in big data security
bybalasahebcomp
 

More from Peter Wood

PPTX
Hacking is easy: understanding your vulnerabilities
byPeter Wood
 
PPTX
The future of cloud security
byPeter Wood
 
PDF
Introduction to Cyber Resilience
byPeter Wood
 
PPTX
Network security, seriously?
byPeter Wood
 
PPTX
Lessons from a Red Team Exercise
byPeter Wood
 
PPTX
Red teaming in the cloud
byPeter Wood
 
PPTX
All your files now belong to us
byPeter Wood
 
PPTX
Network Security - Real and Present Dangers
byPeter Wood
 
PPTX
Advanced Threat Protection: Lessons from a Red Team Exercise
byPeter Wood
 
PPTX
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
byPeter Wood
 
PPTX
Attacking the cloud with social engineering
byPeter Wood
 
PPTX
Cloud, social networking and BYOD collide!
byPeter Wood
 
PPTX
Unpatched Systems: An Ethical Hacker's View
byPeter Wood
 
PPTX
Prime Targets in Network Infrastructure
byPeter Wood
 
PPT
Security Intelligence: Advanced Persistent Threats
byPeter Wood
 
PPT
Emerging Threats and Attack Surfaces
byPeter Wood
 
PPT
Out of the Blue: Responding to New Zero-Day Threats
byPeter Wood
 
PPT
Social Networking - An Ethical Hacker's View
byPeter Wood
 
PPT
Top Five Internal Security Vulnerabilities
byPeter Wood
 
PPT
The Consumerisation of Corporate IT
byPeter Wood
 
Hacking is easy: understanding your vulnerabilities
byPeter Wood
 
The future of cloud security
byPeter Wood
 
Introduction to Cyber Resilience
byPeter Wood
 
Network security, seriously?
byPeter Wood
 
Lessons from a Red Team Exercise
byPeter Wood
 
Red teaming in the cloud
byPeter Wood
 
All your files now belong to us
byPeter Wood
 
Network Security - Real and Present Dangers
byPeter Wood
 
Advanced Threat Protection: Lessons from a Red Team Exercise
byPeter Wood
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
byPeter Wood
 
Attacking the cloud with social engineering
byPeter Wood
 
Cloud, social networking and BYOD collide!
byPeter Wood
 
Unpatched Systems: An Ethical Hacker's View
byPeter Wood
 
Prime Targets in Network Infrastructure
byPeter Wood
 
Security Intelligence: Advanced Persistent Threats
byPeter Wood
 
Emerging Threats and Attack Surfaces
byPeter Wood
 
Out of the Blue: Responding to New Zero-Day Threats
byPeter Wood
 
Social Networking - An Ethical Hacker's View
byPeter Wood
 
Top Five Internal Security Vulnerabilities
byPeter Wood
 
The Consumerisation of Corporate IT
byPeter Wood
 

Recently uploaded

PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 

Advanced threat protection and big data

  • 1.
    Peter Wood Chief ExecutiveOfficer First•Base Technologies Advanced Threat Protection and Big Data An Ethical Hacker’s View
  • 2.
    Slide 2 ©First Base Technologies 2013 Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base in 1989 (one of the first ethical hacking firms) CEO First Base Technologies LLP Social engineer & penetration tester Conference speaker and security ‗expert‘ Member of ISACA Security Advisory Group Vice Chair of BCS Information Risk Management and Audit Group UK Chair, Corporate Executive Programme FBCS, CITP, CISSP, MIEEE, M.Inst.ISP Registered BCS Security Consultant Member of ACM, ISACA, ISSA, Mensa
  • 3.
    Slide 3 ©First Base Technologies 2013 Agenda • Big Data elevator pitch • Advanced Threats – really? • Why Big Data for security? • How can Big Data help? • Can we do it now? • Summing up
  • 4.
    Slide 4 ©First Base Technologies 2013 Big Data elevator pitch
  • 5.
    Slide 5 ©First Base Technologies 2013 Big Data is quite large Every day, we create 2.5 quintillion bytes of data — so much that 90% of the data in the world today has been created in the last two years alone. This data comes from everywhere: sensors used to gather climate information, posts to social media sites, digital pictures and videos, purchase transaction records, and cell phone GPS signals to name a few. http://www-01.ibm.com/software/data/bigdata/ 2.5 quintillion = 2.5 exabytes = 2.5x1018 bytes IDC projects that the digital universe will reach 40 zettabytes by 2020, resulting in a 50-fold growth from the beginning of 2010 http://uk.emc.com/about/news/press/2012/20121211-01.htm 40 zettabytes = 40x1021 bytes = 57 times all the grains of sand on all the beaches on earth
  • 6.
    Slide 6 ©First Base Technologies 2013 Big Data can be useful • Creating transparency by making relevant data more accessible • Enabling experimentation to discover needs, expose variability and improve performance - use data to analyse variability in performance and understand the root causes • Segmenting populations to customise actions and tailor products and services to meet specific needs • Replacing/supporting human decision-making with automated algorithms in order to minimise risk • Innovating new business models, products and services McKinsey Global Institute: “Big data: The next frontier for innovation, competition, and productivity”, May 2011
  • 7.
    Slide 7 ©First Base Technologies 2013 Where are we with Big Data in general? • Mainstream adoption? Early days • Skills and risks underestimated • IT professionals say: - Over-hyped - Has a lot of potential - Vendors may not deliver on promises
  • 8.
    Slide 8 ©First Base Technologies 2013 Advanced Threats – really?
  • 9.
    Slide 9 ©First Base Technologies 2013 Advanced Threats • Massive increase in advanced malware bypassing traditional security defenses • Volumes vary substantially among different industries • Email-based attacks are growing, with link- and attachment-based malware presenting significant risks • Cybercriminals are increasingly employing limited-use domains in their spear phishing emails • Malicious email attachments growing more diverse, evading traditional security defenses FireEye Advanced Threat Report – 1H 2012
  • 10.
    Weekly count fromFireEye Web MPS appliances across global customer base These levels reflect the number of Web-based malware attacks that originated outside the target organization, successfully evaded traditional filters, and were blocked or infected target systems
  • 11.
    The Post BreachBoom, Ponemon Institute, February 2013 Survey of 3,529 IT and IT security practitioners in US, Canada, UK, Australia, Brazil, Japan, Singapore and UAE
  • 12.
    The Post BreachBoom, Ponemon Institute, February 2013 Survey of 3,529 IT and IT security practitioners in US, Canada, UK, Australia, Brazil, Japan, Singapore and UAE
  • 13.
    The Post BreachBoom Ponemon Institute, February 2013
  • 14.
    The Post BreachBoom Ponemon Institute, February 2013
  • 15.
    Slide 15 ©First Base Technologies 2013 Why Big Data for security?
  • 16.
    Slide 16 ©First Base Technologies 2013 The tipping point • Complex threat landscape • Avalanche of new technology and challenges • Skills shortages? • Financial pressures, especially for headcount • Large organisations can‘t rely on ―traditional‖ defences: - Preventative controls - Siloed security solutions - Hardening - Processes and procedures
  • 17.
    Slide 17 ©First Base Technologies 2013 The tipping point inputs Complex threat landscape: • Stealth malware • Targeted attacks • Social engineering New technologies and challenges: • Social networking • Cloud • BYOD / consumerisation • Virtualisation
  • 18.
    Slide 18 ©First Base Technologies 2013 What do we do today? Traditional defences: • Signature-based anti-virus • Signature-based IDS/IDP • Firewalls and perimeter devices Traditional approach: • Data collection for compliance • Check-list mindset • Tactical thinking
  • 19.
    Slide 19 ©First Base Technologies 2013 SANS says … SANS Annual Log and Event Management Survey, May 2012
  • 20.
    Slide 20 ©First Base Technologies 2013 How can Big Data help?
  • 21.
    Slide 21 ©First Base Technologies 2013 How can Big Data help? • SIEM on steroids? • Fraud detection • APT detection? • Integration of IT and physical security? • SIEM + IDS/IPS? • Predictive analysis
  • 22.
    Slide 22 ©First Base Technologies 2013 Big Data to Collect • Logs • Network traffic • IT assets • Senstitive / valuable information • Vulnerabilities • Threat intelligence • Application behaviour • User behaviour
  • 23.
    Slide 23 ©First Base Technologies 2013 Big Data Analytics • Real-time updates • Behaviour models • Correlation • Heuristic capability • Interoperability • … advising the analysts? • … active defence?
  • 24.
    Slide 24 ©First Base Technologies 2013 Can we do it now?
  • 25.
    Slide 25 ©First Base Technologies 2013 Big Data = Big Investment, but … • Today: Big Data for Big Organisations with Big Budgets News from RSA Conference 2013: • HP say about 3% of companies are doing this today • Analysts expect 40% adoption by 2016 • Cloud-based Big Data may enhance existing SIEM • … and overcome the skills gap • Enhancing SIEM with threat intelligence • Augmenting SIEM with IT asset information More Improvements To SIEM Than Big Data – DarkReading.com, 22/02/2013
  • 26.
    Slide 26 ©First Base Technologies 2013 Big Data Last Year Gartner said: Sourcefire's FireAMP technology and the technology from Prevx (acquired by Webroot in 2010) are examples of security providers that determine malicious intent by analysing vast amounts of observed executable behaviors and metadata Vendors such as NetWitness (acquired by RSA), Global DataGuard, Narus (acquired by Boeing), Solera and Fidelus Technologies, and network behavior analysis solutions, such as Lancope, collect large amounts of network packets and/or flows to support the analysis for anomalous activities In addition, some SIEM vendors, such as Q1 Labs (acquired by IBM) and HP ArcSight, can directly consume and analyze NetFlow data Information Security Is Becoming a Big Data Analytics Problem – Gartner, 23/03/2012
  • 27.
    Slide 27 ©First Base Technologies 2013 Big Data Tomorrow RSA says: Within the next two years, we predict big data analytics will disrupt the status quo in most information security product segments, including SIEM; network monitoring; user authentication and authorization; identity management; fraud detection; and governance, risk & compliance. Big Data Holds Big Promise For Security – RSA Security Brief, January 2013
  • 28.
    Slide 28 ©First Base Technologies 2013 Big Data Skills • Big Data is more about the processing techniques and outputs than the size of the data set itself, so specific skills are required to use Big Data effectively • There is a general shortage of specialist skills for Big Data analysis, in particular when it comes to using some of the less mature technologies
  • 29.
    Slide 29 ©First Base Technologies 2013 Summary • All organisations need to invest in research and study of the emerging Big Data Security Analytics landscape • Big Data has the potential to defend against advanced threats, but requires a Big Re-think of approach • Relevant skills are key to successful deployment, only the largest organisations can invest in this now • Offerings exist for the other 97% that can enhance existing technologies using cloud-based solutions
  • 30.
    Slide 30 ©First Base Technologies 2013 Peter Wood Chief Executive Officer First Base Technologies LLP peterw@firstbase.co.uk http://firstbase.co.uk http://white-hats.co.uk http://peterwood.com Twitter: peterwoodx Need more information?

Editor's Notes

  • #4 The deployment of Big Data for fraud detection, and in place of security incident and event management (SIEM) systems, is attractive to many organisations. The overheads of managing the output of traditional SIEM and logging systems are proving too much for most IT departments and Big Data is seen as a potential saviour. There are commercial replacements available for existing log management systems, or the technology can be deployed to provide a single data store for security event management and enrichment. Taking the idea a step further, the challenge of detecting and preventing advanced persistent threats may be answered by using Big Data style analysis. These techniques could play a key role in helping detect threats at an early stage, using more sophisticated pattern analysis, and combining and analysing multiple data sources. There is also the potential for anomaly identification using feature extraction. Today logs are often ignored unless an incident occurs. Big Data provides the opportunity to automatically consolidate and analyse logs from multiple sources rather than in isolation. This could provide insight that individual logs cannot, and potentially enhance intrusion detection systems (IDS) and intrusion prevention systems (IPS) through continual adjustment and effectively learning “good” and “bad” behaviours. Integrating information from physical security systems, such as building access controls and even CCTV, could also significantly enhance IDS and IPS to a point where insider attacks and social engineering are factored in to the detection process. This presents the possibility of significantly more advanced detection of fraud and criminal activities. We know that organisational silos often reduce the effectiveness of security systems, so businesses must be aware that the potential effectiveness of Big Data style analysis can also be diluted unless these issues are addressed. At the very least, Big Data could result in far more practical and successful SIEM, IDS and IPS implementations.
  • #7 In reality, Big Data is more about the processing techniques and outputs than the size of the data set itself, so specific skills are required to use Big Data effectively. There is a general shortage of specialist skills for Big Data analysis, in particular when it comes to using some of the less mature technologies. The growing use of Hadoop and related technologies is driving demand for staff with very specific skills. People with backgrounds in multivariate statistical analysis, data mining, predictive modelling, natural language processing, content analysis, text analysis and social network analysis are all in demand. These analysts and scientists work with structured and unstructured data to deliver new insights and intelligence to the business. Platform management professionals are also needed to implement Hadoop clusters, secure, manage and optimise them.Vendors such as Cloudera, MapR, Hortonworks and IBM offer training courses in Hadoop, offering organisations the opportunity to build their in-house skills to address Big Data challenges.