The document discusses how security professionals can get more value from big data by taking a staged approach to implementing security analytics. It recommends starting with building a scalable infrastructure to collect and analyze security data, deploying basic analytic tools to automate tasks, and then progressively incorporating more advanced analytic techniques. This foundations-first approach helps optimize efficiency and reduce security risks before attempting highly complex predictive analytics.
This deck is from Interpol Conference 2017, these slides shows the holistic view of machine learning in cyber security for better organization readiness
Cognitive automation with machine learning in cyber securityRishi Kant
These slides deck is from # HITBGSEC Singapore 2018, It consists of integration of cognitive automation and machine learning in different cyber security processes
A technical seminar delivered on Machine learning in cybersecurity. Machine learning is trending and desired subject this presentation demonstrates how machine learning can be used to protect IT infrastructure
With the increasingly connected world revolving around the revolution of internet and new technologies like mobiles, smartphones, and tablets, and with the wide usage of wireless technologies, the information security risks have increased. Both individuals and organizations are under regular attacks for commercial or non-commercial gains. The objectives of such attacks may be to take revenge, malign the reputation of a competitor organization, understand the strategies and sensitive information about the competitor, simply have fun of exploiting the vulnerabilities. Hence, the need to protect information assets and ensure information security receives adequate attention.
In this session, I will discuss how AI and Machine Learning can be applied in detecting, predicting and preventing cyber security/information security vulnerabilities and what are the benefits of using Machine Learning and AI. We also touch upon some of the tools available to perform the same.
This deck is from Interpol Conference 2017, these slides shows the holistic view of machine learning in cyber security for better organization readiness
Cognitive automation with machine learning in cyber securityRishi Kant
These slides deck is from # HITBGSEC Singapore 2018, It consists of integration of cognitive automation and machine learning in different cyber security processes
A technical seminar delivered on Machine learning in cybersecurity. Machine learning is trending and desired subject this presentation demonstrates how machine learning can be used to protect IT infrastructure
With the increasingly connected world revolving around the revolution of internet and new technologies like mobiles, smartphones, and tablets, and with the wide usage of wireless technologies, the information security risks have increased. Both individuals and organizations are under regular attacks for commercial or non-commercial gains. The objectives of such attacks may be to take revenge, malign the reputation of a competitor organization, understand the strategies and sensitive information about the competitor, simply have fun of exploiting the vulnerabilities. Hence, the need to protect information assets and ensure information security receives adequate attention.
In this session, I will discuss how AI and Machine Learning can be applied in detecting, predicting and preventing cyber security/information security vulnerabilities and what are the benefits of using Machine Learning and AI. We also touch upon some of the tools available to perform the same.
Every single security company is talking about how they are using machine learning—as a security company you have to claim artificial intelligence to be even part of the conversation. However, this approach can be dangerous when we blindly rely on algorithms to do the right thing. Rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and, in turn, discovering wrong insights.
In this session, we will discuss:
• Limitations of machine learning and issues of explainability
• Where deep learning should never be applied
• Examples of how the blind application of algorithms can lead to wrong results
Credit Card Fraud Detection Using ML In DatabricksDatabricks
In the Credit Card Companies, illegitimate credit card usage is a serious problem which results in a need to accurately detect fraudulent transactions vs non-fraudulent transactions. All organizations can be hugely impacted by fraud and fraudulent activities, especially those in financial services. The threat can originate from internal or external, but the effects can be devastating – including loss of consumer confidence, incarceration for those involved, even up to downfall of a corporation. Despite regular fraud prevention measures, these are constantly being put to the test in an attempt to beat the system.
Fraud detection is a task of predicting whether a card has been used by the cardholder. One of the methods to recognize fraud card usage is to leverage Machine Learning (ML) models. In order to more dynamically detect fraudulent transactions, one can train ML models on a set of dataset including credit card transaction information as well as card and demographic information of the owner of the account. This will be our goal of the project while leveraging Databricks.
Fraud Analytics with Machine Learning and Big Data Engineering for TelecomSudarson Roy Pratihar
Presentation of a successful project executed on telecom fraud analytics @ 3rd International conference for businees analytics and intelligence, Indian Institute of Management Bangalore
Operationalize deep learning models for fraud detection with Azure Machine Le...Francesca Lazzeri, PhD
Recent advancements in computing technologies along with the increasing popularity of ecommerce platforms have radically amplified the risk of online fraud for financial services companies and their customers. Failing to properly recognize and prevent fraud results in billions of dollars of loss per year for the financial industry. This trend has urged companies to look into many popular artificial intelligence (AI) techniques, including deep learning for fraud detection. Deep learning can uncover patterns in tremendously large datasets and independently learn new concepts from raw data without extensive manual feature engineering. For this reason, deep learning has shown superior performance in domains such as object recognition and image classification.
Although, neural networks have been used for fraud detection for decades, recent advancements in computing technologies along with large volumes of data available today have dramatically improved the effectiveness of these techniques. Using a sample dataset that contains transactions made by credit cards in September 2013 by European cardholders, Francesca Lazzeri and Jaya Mathew explain how to build, deploy, and operationalize a deep learning model to identify and prevent fraud, using Azure Machine Learning Workbench to show the main steps in the operationalization process (from data ingestion to consumption) and the Keras deep learning library with Microsoft Cognitive Toolkit CNTK as the backend.
Cognitive Security: How Artificial Intelligence is Your New Best FriendSparkCognition
For more information, visit http://sparkcognition.com
For all that you hear about artificial intelligence and machine learning, how can it help you keep your networks safer and more secure?
In this new era of computing, we will explore how artificial intelligence is being used to super charge human intelligence in threat detection, evidence gathering and remediation.
In this webinar we will discuss how this new, cutting edge cognitive security is being utilized to:
Increase speed, accuracy, and data processing capabilities to unparalleled levels
Reduce false alarms
Provide sub-second malware detection
Retain knowledge in a self-learning environment
Provide signature free security and zero-day threat detection
In January IBM Security Systems has announced a new solution wherein it combines the security intelligence capabilities of QRadar SIEM and Big Data + analytics to
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
Slides from Tony Martin-Vegue's presentation at the ISACA Fall Conference: October 15th, 2014
"How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling"
Abstract:
CISO’s and risk analysts alike often get caught up in checking boxes on a list of control objectives in order to satisfy compliance and regulatory requirements. However, companies that only view risk through a narrow, regulatory or compliance-focused lens have the potential to overlook a myriad of threats that could impact business continuity, customer privacy and security and financial solvency. The last several high-profile data breaches prove that compliance does not equal security.
There are many ways to assess risk in a meaningful, efficient way that drives business value. Many top companies are moving away from control-based and vulnerability-based risk assessments and are instead putting themselves in the shoes of an attacker. In order to keep up with the rapidly evolving world of cyber criminals and crime rings, organizations are learning to utilize threat intelligence to ascertain the methods, goals, and objectives of threat agents that are targeting their firm or similar firms in their sector. This helps an organization produce focused risk assessments that take a business-centric approach.
This is a beginner to intermediate-level presentation designed to provide an introduction to threat modeling, a primer on threat modeling techniques, ways to integrate threat modeling into risk management frameworks (such as FAIR and NIST), and how to build a library of threat agents specific to one’s firm. Attendees will learn hands-on techniques to perform threat modeling that they will be able to immediately integrate into their risk assessment processes.
Smart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NCMary Jane Clark
Slides from my coaching presentation to a large governmental regulatory agency as their consultant on the value of "predictive data analytics" to leverage IT resources and make significant gains in organizational efficiency and customer service.
All of material inside is un-licence, kindly use it for educational only but please do not to commercialize it.
Based on 'ilman nafi'an, hopefully this file beneficially for you.
Thank you.
Every single security company is talking about how they are using machine learning—as a security company you have to claim artificial intelligence to be even part of the conversation. However, this approach can be dangerous when we blindly rely on algorithms to do the right thing. Rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and, in turn, discovering wrong insights.
In this session, we will discuss:
• Limitations of machine learning and issues of explainability
• Where deep learning should never be applied
• Examples of how the blind application of algorithms can lead to wrong results
Credit Card Fraud Detection Using ML In DatabricksDatabricks
In the Credit Card Companies, illegitimate credit card usage is a serious problem which results in a need to accurately detect fraudulent transactions vs non-fraudulent transactions. All organizations can be hugely impacted by fraud and fraudulent activities, especially those in financial services. The threat can originate from internal or external, but the effects can be devastating – including loss of consumer confidence, incarceration for those involved, even up to downfall of a corporation. Despite regular fraud prevention measures, these are constantly being put to the test in an attempt to beat the system.
Fraud detection is a task of predicting whether a card has been used by the cardholder. One of the methods to recognize fraud card usage is to leverage Machine Learning (ML) models. In order to more dynamically detect fraudulent transactions, one can train ML models on a set of dataset including credit card transaction information as well as card and demographic information of the owner of the account. This will be our goal of the project while leveraging Databricks.
Fraud Analytics with Machine Learning and Big Data Engineering for TelecomSudarson Roy Pratihar
Presentation of a successful project executed on telecom fraud analytics @ 3rd International conference for businees analytics and intelligence, Indian Institute of Management Bangalore
Operationalize deep learning models for fraud detection with Azure Machine Le...Francesca Lazzeri, PhD
Recent advancements in computing technologies along with the increasing popularity of ecommerce platforms have radically amplified the risk of online fraud for financial services companies and their customers. Failing to properly recognize and prevent fraud results in billions of dollars of loss per year for the financial industry. This trend has urged companies to look into many popular artificial intelligence (AI) techniques, including deep learning for fraud detection. Deep learning can uncover patterns in tremendously large datasets and independently learn new concepts from raw data without extensive manual feature engineering. For this reason, deep learning has shown superior performance in domains such as object recognition and image classification.
Although, neural networks have been used for fraud detection for decades, recent advancements in computing technologies along with large volumes of data available today have dramatically improved the effectiveness of these techniques. Using a sample dataset that contains transactions made by credit cards in September 2013 by European cardholders, Francesca Lazzeri and Jaya Mathew explain how to build, deploy, and operationalize a deep learning model to identify and prevent fraud, using Azure Machine Learning Workbench to show the main steps in the operationalization process (from data ingestion to consumption) and the Keras deep learning library with Microsoft Cognitive Toolkit CNTK as the backend.
Cognitive Security: How Artificial Intelligence is Your New Best FriendSparkCognition
For more information, visit http://sparkcognition.com
For all that you hear about artificial intelligence and machine learning, how can it help you keep your networks safer and more secure?
In this new era of computing, we will explore how artificial intelligence is being used to super charge human intelligence in threat detection, evidence gathering and remediation.
In this webinar we will discuss how this new, cutting edge cognitive security is being utilized to:
Increase speed, accuracy, and data processing capabilities to unparalleled levels
Reduce false alarms
Provide sub-second malware detection
Retain knowledge in a self-learning environment
Provide signature free security and zero-day threat detection
In January IBM Security Systems has announced a new solution wherein it combines the security intelligence capabilities of QRadar SIEM and Big Data + analytics to
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
Slides from Tony Martin-Vegue's presentation at the ISACA Fall Conference: October 15th, 2014
"How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling"
Abstract:
CISO’s and risk analysts alike often get caught up in checking boxes on a list of control objectives in order to satisfy compliance and regulatory requirements. However, companies that only view risk through a narrow, regulatory or compliance-focused lens have the potential to overlook a myriad of threats that could impact business continuity, customer privacy and security and financial solvency. The last several high-profile data breaches prove that compliance does not equal security.
There are many ways to assess risk in a meaningful, efficient way that drives business value. Many top companies are moving away from control-based and vulnerability-based risk assessments and are instead putting themselves in the shoes of an attacker. In order to keep up with the rapidly evolving world of cyber criminals and crime rings, organizations are learning to utilize threat intelligence to ascertain the methods, goals, and objectives of threat agents that are targeting their firm or similar firms in their sector. This helps an organization produce focused risk assessments that take a business-centric approach.
This is a beginner to intermediate-level presentation designed to provide an introduction to threat modeling, a primer on threat modeling techniques, ways to integrate threat modeling into risk management frameworks (such as FAIR and NIST), and how to build a library of threat agents specific to one’s firm. Attendees will learn hands-on techniques to perform threat modeling that they will be able to immediately integrate into their risk assessment processes.
Smart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NCMary Jane Clark
Slides from my coaching presentation to a large governmental regulatory agency as their consultant on the value of "predictive data analytics" to leverage IT resources and make significant gains in organizational efficiency and customer service.
All of material inside is un-licence, kindly use it for educational only but please do not to commercialize it.
Based on 'ilman nafi'an, hopefully this file beneficially for you.
Thank you.
Janet Cheatham Bell's offering of African Americans in history who are seldom noticed. People like Meta Warrick Fuller, Lena Walker, William Grant Still, John Brown, the Society of Friends.
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
This industry overview describes how Big Data will be a driver for change across the security industry, reshaping security approaches, solutions, and spending. It presents six guidelines to help organizations plan for the Big Data-driven transformation of their security toolsets and operations as part of an intelligence-driven security program.
3 guiding priciples to improve data securityKeith Braswell
The information explosion, the proliferation of endpoint devices, growing user volumes, and new computing models like cloud, social business, and big data have created new security vulnerabilities. To secure sensitive data and address compliance requirements, organizations need to adopt a more proactive and systematic approach. Read this white paper to learn three simple guiding principles to help your organization achieve better security and compliance without impacting production systems or straining already-tight budgets.
This white paper provides guidance for how to adopt an Intelligence-Driven Security strategy that delivers three essential capabilities: visibility, analysis, and action.
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
A quick summary of the current state of big data technology and data science approaches used in cyber / network defender security analytics including summary use cases, a walk through of a reference architecture and breakdown of the required skills. Focus is on the knowledge needed to run a proof of concept and establish a programme for early benefits. Will then also include a view on the future of extending the platforms and capabilities of security analytics to cover performance metrics and data-driven security management approaches.
This Special Report from the Security for Business Innovation Council identifies four technology trends -- cloud computing, social media, big data, and mobile devices -- as game-changers for 2013 and offers concrete guidance on how security teams can meet these requirements.
Global Data Management: Governance, Security and Usefulness in a Hybrid WorldNeil Raden
With Global Data Management methodology and tools, all of your data can be accessed and used no matter where it is or where it is from: on-premises, private cloud, public cloud(s), hybrid cloud, open source, third-party data and any combination of the these, with security, privacy and governance applied as if they were a single entity. Ingenious software products and the economics of computing make it economical to do this. Not free, but feasible.
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
To implement data-centric security, while simultaneously empowering your business to compete and win in today’s nano-second world, you need to understand your data flows and your business needs from your data. Begin by answering some important questions:
•
What does your organization need from your data in order to extract the maximum business value and gain a competitive advantage?
•
What opportunities might be leveraged by improving the security posture of the data?
•
What risks exist based upon your current security posture? What would the impact of a data breach be on the organization? Be specific!
•
Have you clearly defined which data (both structured and unstructured) residing across your extended enterprise is most important to your business? Where is it?
•
What people, processes and technology are currently employed to protect your business sensitive information?
•
Who in your organization requires access to data and for what specific purposes?
•
What time constraints exist upon the organization that might affect the technical infrastructure?
•
What must you do to comply with the myriad government and industry regulations relevant to your business?
Finally, ask yourself what a successful data-centric protection program should look like in your organization. What’s most appropriate for your organization?
The answers to these and other related questions would provide you with a clearer picture of your enterprise’s “data attack surface,” which in turn will provide you with a well-documented risk profile. By answering these questions and thinking holistically about where your data is, how it’s being used and by whom, you’ll be well positioned to design and implement a robust, business-enabling data-centric protection plan that is tailored to the unique requirements of your organization.
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
CyCon 3.0 presentation- February 15, 2020
Successful digital transformations don’t begin with technology, they begin with people. As organizations adopt DevOps and cloud and realize the increased release velocity, ensuring the security of software and systems at the same velocity is a necessity but doing so isn’t easy. In this talk you will learn about common security challenges in DevOps and cloud and the skills cybersecurity professionals need to solve these challenges.
Similar to Getting Real About Security Management and “Big Data” (20)
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
CloudBoost is a cloud-enabling solution from EMC
Facilitates secure, automatic, efficient data transfer to private and public clouds for Long-Term Retention (LTR) of backups. Seamlessly extends existing data protection solutions to elastic, resilient, scale-out cloud storage
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
With EMC XtremIO all-flash array, improve
1) your competitive agility with real-time analytics & development
2) your infrastructure agility with elastic provisioning for performance & capacity
3) your TCO with 50% lower capex and opex and double the storage lifecycle.
• Citrix & EMC XtremIO: Better Together
• XtremIO Design Fundamentals for VDI
• Citrix XenDesktop & XtremIO
-- Image Management & Storage
-- Demonstrations
-- XtremIO XenDesktop Integration
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
Explore findings from the EMC Forum IT Study and learn how cloud computing, social, mobile, and big data megatrends are shaping IT as a business driver globally.
Reference architecture with MIRANTIS OPENSTACK PLATFORM.The changes that are going on in IT with disruptions from technology, business and culture and so IT to solve the issues has to change from moving from traditional models to broker provider model.
Force Cyber Criminals to Shop Elsewhere
Learn the value of having an Identity Management and Governance solution and how retailers today are benefiting by strengthening their defenses and bolstering their Identity Management capabilities.
Container-based technology has experienced a recent revival and is becoming adopted at an explosive rate. For those that are new to the conversation, containers offer a way to virtualize an operating system. This virtualization isolates processes, providing limited visibility and resource utilization to each, such that the processes appear to be running on separate machines. In short, allowing more applications to run on a single machine. Here is a brief timeline of key moments in container history.
This white paper provides an overview of EMC's data protection solutions for the data lake - an active repository to manage varied and complex Big Data workloads
This infographic highlights key stats and messages from the analyst report from J.Gold Associates that addresses the growing economic impact of mobile cybercrime and fraud.
This white paper describes how an intelligence-driven governance, risk management, and compliance (GRC) model can create an efficient, collaborative enterprise GRC strategy across IT, Finance, Operations, and Legal areas.
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
This white paper discusses the results of a CIO UK survey on a“Trust Paradox,” defined as employees and business partners being both the weakest link in an organization’s security as well as trusted agents in achieving the company’s goals.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Instructions for Submissions thorugh G- Classroom.pptx
Getting Real About Security Management and “Big Data”
1. GETTTING REAL ABOUT SECURITY
MANAGEMENT AND "BIG DATA"
A Roadmap for "Big Data" in Security Analytics
It’s an exciting yet daunting time to be a security professional. Security threats are
ESSENTIALS becoming more aggressive and voracious. Governments and industry bodies are
This paper examines: getting more prescriptive around compliance. Combined with exponentially more
complex IT environments, security management is increasingly challenging. Moreover,
• Escalating complexity of the
new “Big Data” technologies purport bringing advanced analytic techniques like
security management
predictive analysis and advanced statistical techniques close to the security
environment, from threats to IT
professional.
environments to compliance
mandates Given the state of today’s security systems, most organizations are a long way from
using these types of advanced technologies for security management. Security
• How to get more meaning from
professionals need to get more value from the data already collected and analyzed.
data already collected, by
They also need a better understanding of both current issues and impending
“eliminating the hay from the
challenges related to data. Starting with a foundational set of data management and
haystack” rather than “looking for
analytic capabilities enables organizations to effectively build and scale security
the needles”
management as the enterprise evolves to meet Big Data challenges.
• The combination of infrastructure,
analytic tools, and threat TODAY'S SECURITY LANDSCAPE LEAVES NO
intelligence needed to drive
business value from Big Data
ROOM FOR AD HOC SECURITY
When dealing with “Big Data,” the volume and types of data about IT and the business
are too great to process in an ad hoc manner. Moreover, it has become increasingly
difficult to secure meaningful information from the data being collected.
Despite significant investment in information security, attackers appear to be getting
the upper hand. According to the Verizon Data Breach Investigations report (2012), 91
percent of breaches led to data compromise within “days” or less, whereas 79 percent
of breaches took “weeks” or more to discover.
There are a number of factors that explain this:
• Attackers are becoming more organized and better funded. But while attacks have
become dynamic, defenses have remained static. Today’s attacks are designed to
exploit the weaknesses of our user-centric, hyper-connected infrastructures.
• IT-enabled organizations continue to grow more complex. Organizations now
demand much more open and agile systems, creating incredible new opportunities
for collaboration, communication, and innovation. This also results in new
vulnerabilities that cyber criminals, “hacktivist” groups, and nation states have
learned to exploit.
• Compliance is even more far reaching. Regulators and legislators are getting more
prescriptive. Companies, particularly those with multiple lines of business or
international operations, have an increasingly hard time keeping track of current
controls that are in place, controls that are needed, and how to ensure controls
are being managed properly.
2. The combined effect of these factors in IT environments makes security management
much more complex, with many more interdependencies and a wider scope of
responsibility. As more business processes become digitized, security teams have both
the opportunity and the challenge to collect and manage more data. Investments are
increasingly made in log management, vulnerability management, identity
management, and configuration management tools. However, breaches continue to
happen, causing more disruption and expense than ever.
THE THREE FOUNDATIONAL CONCEPTS OF BIG
DATA IN SECURITY MANAGEMENT
A true “Big Data” strategy for security management must encompass all of
three aspects – the infrastructure, the analytic tools and intelligence – to
properly address the issues at hand.
Figure 1. The pillars of Big Data in security management
To extract value from data being gathered, drive efficiency into threat management
activities, and use compliance activities to drive decision making, security teams need
a to take “Big Data” approach to security management. This means having:
3. • An agile “scale out” infrastructure to respond to the changing IT environment and
evolving threats. Security management needs to support new business initiatives
that impact IT, from new applications to new delivery models like mobility,
virtualization, cloud computing, and outsourcing. The security management
infrastructure must be able to collect and manage security data on an enterprise
scale, scale to what today’s enterprises demand, both physically and economically.
This means “scaling out” rather than “scaling up”, since centralizing all this data
will be practically impossible. Also, the infrastructure needs to extend easily to
adapt to new environments and readily evolve to support the analysis of evolving
threats.
• Analytics and visualization tools that support security analyst specialties. Security
professionals require specialized analytic tools to support their work. Some
analysts require tools to facilitate basic event identification with some supporting
detail. Managers may require only high-level visualization and trending of key
metrics. Malware analysts need reconstructed suspect files and tools to automate
testing of those files. Network forensics analysts need full reconstruction of all log
and network information about a session to determine precisely what happened.
• Threat intelligence to apply data analytic techniques to the information collected.
Organizations require a view of the current external threat environment in order to
correlate with information gathered from within the organization itself. This
correlation is key for analysts to gain a clear understanding of current threat
indicators and what to look for.
“Big Data” does not equate simply to “lots of data.” It demands significantly
more intelligent analytics to spot security threats early on, with the
infrastructure to collect and process data at scale.
4. “BIG DATA” DRIVES EFFICIENT, PRODUCTIVE
SECURITY
Successful security management for “Big Data” requires a system that can
extract and present key data for analysis in the quickest and most effective
manner.
Figure 2. Requirements for a security management Big Data system
Security organizations today need to take a “Big Data” approach, including
understanding adversaries, determining what data they need to support decisions, and
building and operationalizing a model to support these activities. When referencing
“Big Data” in this context, this is about building a foundation for useful analytics,
rather than running headlong into an advanced data science project. Successful “Big
Data” systems for security organizations need to:
• Eliminate tedious manual tasks in routine response or assessment activities. The
system needs to reduce the number of manual, repetitive tasks associated with
investigating an issue – like toggling between consoles and executing the same
search in five different tools. While these tasks will not be eliminated overnight,
the system should consistently reduce the number of steps per incidents
• Use business context to point analysts toward highest impact issues. Security
teams need to be able to map the systems they monitor and manage back to the
critical applications and business processes they support. They need to understand
the dependencies between these systems and third parties, like service providers,
and understand the current state of their environment from a vulnerability and
compliance standpoint.
• Present only the most relevant data to analysts. Security professionals often refer
to “reducing false positives.” In reality, issues are usually more nuanced than false
versus true. Rather, the system needs to eliminate “noise,” and provide pointers
for analysts to hone in on the most high-impact issues. The system also needs to
provide supporting data in a way that highlights what are likely the biggest
problems and why.
5. • Augment human knowledge. The system can help the analyst spend time
analyzing the most critical items. This includes providing built-in techniques for
identifying the most high priority issues, as well as current threat intelligence that
uses those techniques to identify the latest tools, techniques, and procedures in
use by the attacker community.
• See ‘over the horizon.’ Defense against modern threats is a race against time. The
system needs to provide early warning –and eventually predictive model -
marrying external threat intelligence with internal situational awareness to move
the security team from passive defense to active defense and prevention.
SECURITY ANALYTICS: A STAGED APPROACH FOR “BIG DATA”
While advanced techniques like predictive analytics and statistical inference
will likely prove important techniques in the future, it is important for
security teams to begin by focusing on the basics, taking a staged approach.
• Start by implementing a security data infrastructure that can grow with you. This
involves implementing an architecture that can not only collect detailed
information about logs, network sessions, vulnerabilities, configurations, and
identities, but also human intelligence about what systems do and how they work.
Although you may start small, the system needs to be based on a robust,
distributed architecture to ensure scalability as your requirements evolve. The
system must support logical domains of trust including legal jurisdictions, as well
as data for business units or different projects. The system needs to be able to
manipulate and pivot on this data quickly and easily (e.g., show all logs, network
sessions and scan results from a given IP address and its communication to a
production financial system).
• Deploy basic analytic tools to automate repetitive human interactions. A nearer-
term goal is often to create a model that correlates information visually to reduce
the number of steps a human would need to take to gather all that information
into one view (e.g., show all the logs and network sessions involving systems that
support credit card transaction processing, and that are vulnerable to an attack
seen in other parts of the business).
• Create visualizations and outputs that support major security functions. Some
analysts will only need to see the most suspicious events with some supporting
detail. Malware analysts will need a prioritized list of suspect files and the reasons
why they are suspect. Network forensics analysts will need detailed results of
complex queries. Others will need to review scheduled compliance reports, or
general reports used to spot trends or areas for improvement in the system. The
system also needs to be open to enable another system to access data and use it
to take an action against an attacker, like quarantine them or step up monitoring
of what they are doing.
6. Figure 3. Steps for implementing Big Data in security management
• Add more additional intelligent analytic methods. Only at this point should more
complex analytics can be applied to the data in support of these roles. These
analytics might include a combination of analytic techniques, such as defined rules
to identify likely bad/known good behavior. It may also incorporate more
advanced behavioral profiling and baselining techniques that deploy more
advanced statistical techniques, like Bayesian Inference or predictive modeling.
These analytic techniques can be used together to create an “influence model” – a
model that combines different indicators to “score” issues the system has
identified to lead the analyst to the areas that require the most urgent attention.
• Improve the model on an ongoing basis. Once the system is up and running, it will
need to be fine-tuned on an ongoing basis to respond to evolving threat vectors
and changes to the organization. The system will need the ability to tweak rules
tweaked and adjust models to eliminate noise, consume additional data both from
inside and outside the organization, and incorporate self-learning functions to
improve the overall success of the system.
The system will need to evolve and expand to respond to changes in the IT
environment as new IT services and applications come online, creating a cycle of
constant evolution and improvement. At each point, the system will need to leverage
external intelligence as inputs to the model.
That means the system will need to have an automated way to consume external
feeds from threat intelligence sources; structured information including blacklists, rule
or queries; unstructured intelligence including pastebins, Twitter feeds or IRC chats;
and intelligence from internal message boards or notes from internal calls or meetings.
The system must also be able to facilitate collaboration around shared knowledge. The
system should share query results or unstructured intelligence either publicly, or in a
controlled fashion with mutually trusted communities of interest or on a “need-to-
know” basis.
7. FOUNDATIONAL INFRASTRUCTURE PAVES THE WAY FOR
MORE SOPHISTICATED TECHNIQUES
Security teams will greatly increase their likelihood of success in implementing “Big
Data” in security by focusing on first creating a scalable architecture and deploying
tools eliminating non-value added tasks. This will give “quick wins,” provide a solid
platform and free up staff to concentrate on deploying and managing more complex
analytic tools. Done properly this will:
• Increase the efficiency of security analysts. The number of “issues per shift”
analysts can deal with can be increased from a few to a dozen and beyond.
• Reduce attacker free time and thus the impact of threats on the business. Analysts
will be more automatically drawn to those issues which are most likely to cause
problems and shut them down before they affect the business adversely.
Without this foundation or a clear, concrete objective in mind, a Big Data initiative
could easily flounder and not bring any of the expected gains.
RSA SECURITY MANAGEMENT: A FIRM
FOUNDATION FOR INFRASTRUCTURE,
ANALYTICS, AND INTELLIGENCE
RSAs Security Management portfolio provides customers with:
• Comprehensive infrastructure visibility. RSA provides a proven infrastructure with
the ability to collect all types of security data, at scale and from all types of data
sources. This gives analysts a single place to view data about advanced threats
and user activity from data gathered directly from the network or from key
systems. RSA’s infrastructure also provides a unified architecture for real time
analytics as well as near time and historical query. This provides a comprehensive
approach to real-time alerting, investigative analysis, metrics and trending and
historical retention and archiving.