Organizations are utilizing Sqrrl Enterprise to securely integrate vast amounts of multi-structured data (e.g., tens of petabytes) onto a single Big Data platform and then are building real-time applications using this data and Sqrrl Enterprise’s analytical interfaces. The secure integration is enabled by Accumulo’s innovative cell-level security capabilities and Sqrrl Enterprise’s security extensions, such as encryption.
If you follow the trade press, one theme you hear over and over again is that organizations are drowning in alerts. It’s true that we need technological solutions to prioritize and escalate the most important alerts to our analysts, but the humans have a critical part to play in this process as well. The quicker they are able to make decisions about the alerts they review, the better they are able to keep up. An incident responders’ most common task is alert triage, the process of investigation and escalation that ultimately results in the creation of security incidents. As crucial as this process is, there has been remarkably little written about how to do it correctly and efficiently. In this presentation, learn incident response best practices from Sqrrl security expert, David Bianco.
Today's threats demand a more active role in detecting and isolating sophisticated attacks. This must-see presentation provides practical guidance on modernizing your SOC and building out an effective threat hunting program. Ed Amoroso and David Bianco discuss best practices for developing and staffing a modern SOC, including the essential shifts in how to think about threat detection.
Watch the presentation with audio here: http://info.sqrrl.com/webinar-modernizing-your-security-operations
Evolution in cybersecurity is the norm. As computer threats evolve, so have defenses. The debilitating effect of viruses borne by email gave rise to the what is now a vast anti-virus infrastructure. The rise of network-based attacks created the incrementalism of constant updates to IDS and IPS. The inability to make sense of millions of IDS alerts gave rise to SIEM solutions.
Threat Hunting Platforms (Collaboration with SANS Institute)Sqrrl
Traditional security measures like firewalls, IDS, endpoint protection, and SIEMs are only part of the network security puzzle. Threat hunting is a proactive approach to uncovering threats that lie hidden in your network or system, that can evade more traditional security tools. Go in-depth with Sqrrl and SANS Institute to learn how hunting platforms work.
Watch the recording with audio here: http://info.sqrrl.com/sans-sqrrl-threat-hunting-webcast
Blog Post: http://raffy.ch/blog. - Video: https://youtu.be/nk5uz0VZrxM
In this video we talk about the world of security data or log data. In the first section, we dive into a bit of a history lesson around log management, SIEM, and big data in security. We then shift to the present to discuss some of the challenges that we face today with managing all of that data and also discuss some of the trends in the security analytics space. In the third section, we focus on the future. What does tomorrow hold in the SIEM / security data space? What are some of the key features we will see and how does this matter to the user of these approaches.
If you want to find out more about what we're working on, keep an eye on our blog post, we're always publishing something interesting!
https://www.crowdstrike.com/blog/category/engineering-and-technology/
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
This joint webinar, in collaboration with IBM, offers a look at the industry leading Threat Hunting App for IBM QRadar. By combining the threat detection capabilities of QRadar and Sqrrl, security analysts are armed with advanced analytics and visualization to hunt for unknown threats and more efficiently investigate known incidents.
Watch the training with audio here: http://info.sqrrl.com/sqrrl-ibm-threat-hunting-for-qradar-users
If you follow the trade press, one theme you hear over and over again is that organizations are drowning in alerts. It’s true that we need technological solutions to prioritize and escalate the most important alerts to our analysts, but the humans have a critical part to play in this process as well. The quicker they are able to make decisions about the alerts they review, the better they are able to keep up. An incident responders’ most common task is alert triage, the process of investigation and escalation that ultimately results in the creation of security incidents. As crucial as this process is, there has been remarkably little written about how to do it correctly and efficiently. In this presentation, learn incident response best practices from Sqrrl security expert, David Bianco.
Today's threats demand a more active role in detecting and isolating sophisticated attacks. This must-see presentation provides practical guidance on modernizing your SOC and building out an effective threat hunting program. Ed Amoroso and David Bianco discuss best practices for developing and staffing a modern SOC, including the essential shifts in how to think about threat detection.
Watch the presentation with audio here: http://info.sqrrl.com/webinar-modernizing-your-security-operations
Evolution in cybersecurity is the norm. As computer threats evolve, so have defenses. The debilitating effect of viruses borne by email gave rise to the what is now a vast anti-virus infrastructure. The rise of network-based attacks created the incrementalism of constant updates to IDS and IPS. The inability to make sense of millions of IDS alerts gave rise to SIEM solutions.
Threat Hunting Platforms (Collaboration with SANS Institute)Sqrrl
Traditional security measures like firewalls, IDS, endpoint protection, and SIEMs are only part of the network security puzzle. Threat hunting is a proactive approach to uncovering threats that lie hidden in your network or system, that can evade more traditional security tools. Go in-depth with Sqrrl and SANS Institute to learn how hunting platforms work.
Watch the recording with audio here: http://info.sqrrl.com/sans-sqrrl-threat-hunting-webcast
Blog Post: http://raffy.ch/blog. - Video: https://youtu.be/nk5uz0VZrxM
In this video we talk about the world of security data or log data. In the first section, we dive into a bit of a history lesson around log management, SIEM, and big data in security. We then shift to the present to discuss some of the challenges that we face today with managing all of that data and also discuss some of the trends in the security analytics space. In the third section, we focus on the future. What does tomorrow hold in the SIEM / security data space? What are some of the key features we will see and how does this matter to the user of these approaches.
If you want to find out more about what we're working on, keep an eye on our blog post, we're always publishing something interesting!
https://www.crowdstrike.com/blog/category/engineering-and-technology/
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
This joint webinar, in collaboration with IBM, offers a look at the industry leading Threat Hunting App for IBM QRadar. By combining the threat detection capabilities of QRadar and Sqrrl, security analysts are armed with advanced analytics and visualization to hunt for unknown threats and more efficiently investigate known incidents.
Watch the training with audio here: http://info.sqrrl.com/sqrrl-ibm-threat-hunting-for-qradar-users
End-to-End Security Analytics with the Elastic StackElasticsearch
Interested in staying ahead of the adversary in a shifting security landscape? Learn how to create a centralized security analytics platform with the speed and scale you need for ad hoc analysis during threat detection and hunting exercises.
Keynote: Elastic Security evolution and visionElasticsearch
SecOps teams are taking on more responsibility than ever as online activity increases from a newly remote workforce, accelerating the need for digital transformation. Learn how Elastic Security has evolved to help SecOps teams take a broader, more inclusive approach to security and set their organisations up for success. Plus, hear the vision for what’s next.
Countering Threats with the Elastic Stack at CERDEC/ARLElasticsearch
See how the CERDEC/ARL leverages the Elastic Stack to gain critical insights into activities and trends among the networks they cover and enables research into new methods of protecting our nation’s defenses.
Jisheng Wang at AI Frontiers: Deep Learning in SecurityAI Frontiers
Deep learning is the next wave of AI-based attack detection. We will share our customer-driven experiences and learnings from building a comprehensive User and Entity Behavior Analytics (UEBA) solution using Apache Spark and Google Tensorflow to detect multi-stage advanced attacks. We will also discuss the challenges and guidelines for successfully deploying deep learning in broader security.
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
Link to the video of the presentation: https://www.youtube.com/watch?v=WG1k-Xh1TqM
Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.
Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights.
In this talk, I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.
User and Entity Behavior Analytics using the Sqrrl Behavior GraphSqrrl
UEBA leverages advanced statistical techniques and machine learning to surface subtle behaviors that are indicative of attacker presence. In this presentation, Sqrrl's Director of Data Science, Chris McCubbin, and Sqrrl's Director of Products, Joe Travaglini, provide an overview of how machine learning and UEBA can be used to detect cyber threats using Sqrrl's Behavior Graph.
Watch the presentation with audio here: http://info.sqrrl.com/april-2016-ueba-webinar-on-demand
Simplicity in Hybrid IT Environments – A Security Oxymoron?Tripwire
Most businesses operate on cloud-based and on-premises servers. This hybrid environment allows for easy access to important data but often creates complexity in properly managing and securing your assets. Now consider IoT devices on your network, and this hybrid environment becomes nearly impossible to maintain.
Scott Crawford, Research Director at 451 Research, and David Meltzer, Chief Technology Officer at Tripwire, discuss how to simplify modern network complexities with essential security controls.
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...DataWorks Summit
Recently, deep learning has delivered ground-breaking advances in many industries by delivering human-like understanding for difficult cognition problems. We will share our empirical experiences of applying deep learning to some real-world security challenges, together with leant lessons and suggestions.
1. Examples
We are going to explain our innovative User & Entity Behavior Analytics (UEBA) solution which includes 2 deep learning examples: 1. user and entity behavior anomaly detection using Convolutional Neural Network (CNN), 2. stateful user risk scoring using Long Short Term Memory (LSTM), in order to detect slow-gestating and multi-stage targeted attacks. We are also going to share several real-life use cases of successfully detecting compromised users and malicious insiders in big enterprises.
2. Infrastructure
The production data processing and analytics workflow is developed using Spark, Spark Streaming and TensorFlow. We will share the experience of managing and tuning distributed TensorFlow and Spark on a middle/small size cluster in both SAS and on-premises deployments. This includes how to manage and split resources between Spark and TensorFlow, how to split and tune workloads between parameter servers and worker servers in TensorFlow, etc.
3. Challenges and Guidance
At the end, we are going to discuss the special challenges of applying deep learning (or general ML) into security than most other consumer industries, e.g., lack of large volume of high-quality labeled data, interpretation of models, fast detection, high cost of inaccurate detections.
Human intelligence – including knowledge of both enterprise business context and security heuristics – is a very precious resource to help cover these gaps. Thus any effective security ML solution has to have well integrated human and machine intelligence.
To achieve this partnership, there are several suggestions based on our current experiences, e.g., mix of complex and simple models, reinforcement learning based on human feed, pairing probabilistic ML results with deterministic forensic data.
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFBElasticsearch
The HEDC provides a hosting service for more than 100 information systems supporting the USAF. See how they innovated to deliver logging and DoD compliance monitoring for the life-cycle of hosted information systems as an integrated service within the HEDC PaaS using Elastic Cloud Enterprise.
2016 Cybersecurity Analytics State of the UnionCloudera, Inc.
3 Things to Learn About:
-Ponemon Institute's 2016 big data cybersecurity analytics research report
-Quantifiable returns organizations are seeing with big data cybersecurity analytics
-Trends in the industry that are affecting cybersecurity strategies
In January IBM Security Systems has announced a new solution wherein it combines the security intelligence capabilities of QRadar SIEM and Big Data + analytics to
Herding Pets and Cattle: Extending Foundational Controls Into the CloudTripwire
In this presentation, we use the pets vs. cattle analogy to discuss migrating to the cloud, including some challenges you may encounter with security and compliance, and considerations when selecting foundational controls.
Automate threat detections and avoid false positivesElasticsearch
Eliminating blind spots means you now have enough context. But can you get important insights from that context when you need it? Learn how to detect threats — while avoiding the noise of false positives — with the detection engine in Elastic Security. You’ll see how to automate threat detection via correlations and machine learning, with real-world examples of each.
Will County Sheriff’s Office: Solving Crime with DataElasticsearch
Learn how the Elastic Stack helped the Will County Sheriff's Office build Network Monitoring and Security, Operational Analysis at the Will County Adult Detention Facility, and Crime Analysis for their area.
End-to-End Security Analytics with the Elastic StackElasticsearch
Interested in staying ahead of the adversary in a shifting security landscape? Learn how to create a centralized security analytics platform with the speed and scale you need for ad hoc analysis during threat detection and hunting exercises.
Keynote: Elastic Security evolution and visionElasticsearch
SecOps teams are taking on more responsibility than ever as online activity increases from a newly remote workforce, accelerating the need for digital transformation. Learn how Elastic Security has evolved to help SecOps teams take a broader, more inclusive approach to security and set their organisations up for success. Plus, hear the vision for what’s next.
Countering Threats with the Elastic Stack at CERDEC/ARLElasticsearch
See how the CERDEC/ARL leverages the Elastic Stack to gain critical insights into activities and trends among the networks they cover and enables research into new methods of protecting our nation’s defenses.
Jisheng Wang at AI Frontiers: Deep Learning in SecurityAI Frontiers
Deep learning is the next wave of AI-based attack detection. We will share our customer-driven experiences and learnings from building a comprehensive User and Entity Behavior Analytics (UEBA) solution using Apache Spark and Google Tensorflow to detect multi-stage advanced attacks. We will also discuss the challenges and guidelines for successfully deploying deep learning in broader security.
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
Link to the video of the presentation: https://www.youtube.com/watch?v=WG1k-Xh1TqM
Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.
Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights.
In this talk, I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.
User and Entity Behavior Analytics using the Sqrrl Behavior GraphSqrrl
UEBA leverages advanced statistical techniques and machine learning to surface subtle behaviors that are indicative of attacker presence. In this presentation, Sqrrl's Director of Data Science, Chris McCubbin, and Sqrrl's Director of Products, Joe Travaglini, provide an overview of how machine learning and UEBA can be used to detect cyber threats using Sqrrl's Behavior Graph.
Watch the presentation with audio here: http://info.sqrrl.com/april-2016-ueba-webinar-on-demand
Simplicity in Hybrid IT Environments – A Security Oxymoron?Tripwire
Most businesses operate on cloud-based and on-premises servers. This hybrid environment allows for easy access to important data but often creates complexity in properly managing and securing your assets. Now consider IoT devices on your network, and this hybrid environment becomes nearly impossible to maintain.
Scott Crawford, Research Director at 451 Research, and David Meltzer, Chief Technology Officer at Tripwire, discuss how to simplify modern network complexities with essential security controls.
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...DataWorks Summit
Recently, deep learning has delivered ground-breaking advances in many industries by delivering human-like understanding for difficult cognition problems. We will share our empirical experiences of applying deep learning to some real-world security challenges, together with leant lessons and suggestions.
1. Examples
We are going to explain our innovative User & Entity Behavior Analytics (UEBA) solution which includes 2 deep learning examples: 1. user and entity behavior anomaly detection using Convolutional Neural Network (CNN), 2. stateful user risk scoring using Long Short Term Memory (LSTM), in order to detect slow-gestating and multi-stage targeted attacks. We are also going to share several real-life use cases of successfully detecting compromised users and malicious insiders in big enterprises.
2. Infrastructure
The production data processing and analytics workflow is developed using Spark, Spark Streaming and TensorFlow. We will share the experience of managing and tuning distributed TensorFlow and Spark on a middle/small size cluster in both SAS and on-premises deployments. This includes how to manage and split resources between Spark and TensorFlow, how to split and tune workloads between parameter servers and worker servers in TensorFlow, etc.
3. Challenges and Guidance
At the end, we are going to discuss the special challenges of applying deep learning (or general ML) into security than most other consumer industries, e.g., lack of large volume of high-quality labeled data, interpretation of models, fast detection, high cost of inaccurate detections.
Human intelligence – including knowledge of both enterprise business context and security heuristics – is a very precious resource to help cover these gaps. Thus any effective security ML solution has to have well integrated human and machine intelligence.
To achieve this partnership, there are several suggestions based on our current experiences, e.g., mix of complex and simple models, reinforcement learning based on human feed, pairing probabilistic ML results with deterministic forensic data.
Monitoring and Securing a Geo-Dispersed Data Center at Hill AFBElasticsearch
The HEDC provides a hosting service for more than 100 information systems supporting the USAF. See how they innovated to deliver logging and DoD compliance monitoring for the life-cycle of hosted information systems as an integrated service within the HEDC PaaS using Elastic Cloud Enterprise.
2016 Cybersecurity Analytics State of the UnionCloudera, Inc.
3 Things to Learn About:
-Ponemon Institute's 2016 big data cybersecurity analytics research report
-Quantifiable returns organizations are seeing with big data cybersecurity analytics
-Trends in the industry that are affecting cybersecurity strategies
In January IBM Security Systems has announced a new solution wherein it combines the security intelligence capabilities of QRadar SIEM and Big Data + analytics to
Herding Pets and Cattle: Extending Foundational Controls Into the CloudTripwire
In this presentation, we use the pets vs. cattle analogy to discuss migrating to the cloud, including some challenges you may encounter with security and compliance, and considerations when selecting foundational controls.
Automate threat detections and avoid false positivesElasticsearch
Eliminating blind spots means you now have enough context. But can you get important insights from that context when you need it? Learn how to detect threats — while avoiding the noise of false positives — with the detection engine in Elastic Security. You’ll see how to automate threat detection via correlations and machine learning, with real-world examples of each.
Will County Sheriff’s Office: Solving Crime with DataElasticsearch
Learn how the Elastic Stack helped the Will County Sheriff's Office build Network Monitoring and Security, Operational Analysis at the Will County Adult Detention Facility, and Crime Analysis for their area.
El contexto de la integración masiva de datosSoftware Guru
http://sg.com.mx/sgce/2013/sessions/el-contexto-la-integraci%C3%B3n-masiva-datos
Los ejecutivos de las áreas de TI saben con certeza que la información de negocio más importante, se encuentra escondida en billones de eventos de seguridad. La habilidad de integrar datos para obtener una fotografía clara de la situación actual, es esencial en la manera que hoy día se detectan los ataques clandestinos. Basado en la colección, manejo y análisis; la seguridad de los datos puede ser un gran activo o un enorme dolor de cabeza.
Los desafíos de las llamadas soluciones “SIEM legacy” combinadas con metodologías de inteligencia en seguridad, pueden llevar su organización al siguiente nivel cuando ataques internos y externos se presentan, siempre en cumplimiento reportando, administrando y entregando un valor excepcional y rentabilidad. Conozca como responder ante las necesidades del Big Data mediante la integración de inteligencia global de amenazas (GTI).
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
This industry overview describes how Big Data will be a driver for change across the security industry, reshaping security approaches, solutions, and spending. It presents six guidelines to help organizations plan for the Big Data-driven transformation of their security toolsets and operations as part of an intelligence-driven security program.
DataWorks 2018: How Big Data and AI Saved the DayInterset
In this presentation titled "How Big Data and AI Saved the Day: Critical IP Almost Walked Out the Door," Interset Field Data Scientist Roy Wilds discussed real-world examples of how businesses can expand their threat analysis using security analytics powered by artificial intelligence in a big data environment. This was presented at DataWorks Summit 2018.
Splunk, Software Tools, Big Data, Logging, PCI, Information security, Cisco Systems, VMware ESX, Regulatory compliance, FISMA, Enterprise architecture, Data center, security software, SCADA, Windows,Unix,Scanners, Citrix, Microsoft Active Directory
A Study on Big Data Privacy Protection Models using Data Masking Methods IJECEIAES
In today’s predictive analytics world, data engineering play a vital role, data acquisition is carried out from various source systems and process as per the business applications and domain. Big Data integrates, governs, and secures big data with repeatable, reliable, and maintainable processes. Through volume, speed, and assortment of information characteristics try to reveal business esteem from enormous information. However, with information that is frequently deficient, conflicting, ungoverned, and unprotected, which is hazardous and enormous information being a risk instead of an advantage. What's more, with conventional methodologies that are manual and unpredictable, huge information ventures take too long to acknowledge business esteem. Reasonably and over and again conveying business esteem from enormous information requires another technique. In this connection, raw data has to be moved between onsite and offshore environment during this course of action, data privacy is a major concern and challenge. A Big Data Privacy platform can make it easier to detect, investigate, assess, and remediate threats from intruders. We tried to do complete study of Big Data Privacy using data masking methods on various data loads and different types. This work will help data quality analyst and big data developers while building the big data applications.
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
ISACA London Chapter webinar, Feb 16th 2021
Topic: “Protecting Data Privacy in Analytics and Machine Learning”
Abstract:
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about.
This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
RSA-Pivotal Security Big Data Reference ArchitectureEMC
This paper talks about how customers can use RSA and Pivotal to get better visibility into their environments, more context to help them prioritize issues, and actionable intelligence from a diverse set of sources
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
Similar to Sqrrl Enterprise: Big Data Security Analytics Use Case (20)
Leveraging Threat Intelligence to Guide Your HuntsSqrrl
This webinar training session covers everything from what threat intelligence is to specific examples of how to hunt with it; applying intel during a tactical hunt and what you should be looking out for when searching for adversaries on your enterprise network. Taught by Keith Gilbert, Keith is an experienced threat researcher with a background in Digital Forensics and Incident Response.
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
Machine Learning for Incident Detection: Getting StartedSqrrl
This presentation walks you through the uses of machine learning in incident detection and response, outlining some of the basic features of machine learning and specific tools you can use.
Watch the presentation with audio here: https://www.youtube.com/watch?v=4pArapSIu_w
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Threat Hunting for Command and Control ActivitySqrrl
Sqrrl's Security Technologist Josh Liburdi provides an overview of how to detect C2 through a combination of automated detection and hunting.
Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-for-command-and-control-activity
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
This presentation explains how security teams can leverage hunting and analytics to detect advanced threats faster, more reliably, and with common analyst skill sets. Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-and-ueba-webinar
In this training session, two leading security experts review how adversaries use DNS to achieve their mission, how to use DNS data as a starting point for launching an investigation, the data science behind automated detection of DNS-based malicious techniques and how DNS tunneling and DGA machine learning algorithms work.
Watch the presentation with audio here: http://info.sqrrl.com/leveraging-dns-for-proactive-investigations
Slides from the webinar led by Ely Kahn and Luis Maldonado discussing strategies to reduce Mean Time to Know in detecting cybersecurity attacks, threats, or data breaches.
Benchmarking The Apache Accumulo Distributed Key–Value StoreSqrrl
This paper presents results of benchmarking Apache Accumulo distributed table store using the continuous tests suite included in its open source distribution.
Adam Fuchs' presentation slides on what's next in the evolution of BigTable implementations (transactions, indexing, etc.) and what these advances could mean for the massive database that gave rise to Google.
The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. Years of breaches and attacks at Fortune 100 banks, retailers, and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. It’s hunting season!
October 2014 Webinar: Cybersecurity Threat DetectionSqrrl
Using Sqrrl Enterprise and the GraphX library included in Apache Spark, we will construct a dynamic graph of entities and relationships that will allow us to build baseline patterns of normalcy, flag anomalies on the fly, analyze the context of an event, and ultimately identify and protect against emergent cyber threats.
Labels in Sqrrl Enterprise provide great power and flexibility. In this webinar, founding Sqrrl engineer John Vines goes over the benefits and pitfalls of using visibility labels with pluggable authorizations systems, and we will go through scenarios of different systems on top of Sqrrl Enterprise.
This webinar discusses the dissolution of the "trusted zone" and shares insights on how you can build secure applications on Hadoop by adopting best practices in Data-Centric Security with Sqrrl Enterprise.
Sqrrl's Director of Product Marketing, Joe Travaglini, shares some lessons learned about how to approach a "Big Data problem" with his 10 steps to building a Big App, and how to mobilize data-driven thinking into your line of business.
Sqrrl February Webinar: Breaking Down Data SilosSqrrl
In this talk, Adam Fuchs, the CTO of Sqrrl and co-founder of the Accumulo project discusses some of the lessons learned for properly architecting, applying, and managing cell-level security labels in customer environments.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
Sqrrl Enterprise: Big Data Security Analytics Use Case
1. DATASHEET
SQRRL ENTERPRISE BIG DATA
SECURITY ANALYTICS USE CASE
Sqrrl Enterprise enables Big Data
Security Analytics.
Sqrrl Enterprise is the world’s most secure, scalable, and flexible NoSQL database for real-time Big
Data applications and is powered by Apache Accumulo and Hadoop. One type of application that
customers are building or integrating with Sqrrl Enterprise is Big Data Security Analytics applications.
Big Data Security Analytics have the potential to greatly improve an organization’s ability to detect
anomalous activity within their networks.
Introduction
Organizations are utilizing Sqrrl Enterprise to securely integrate vast amounts of multi-structured data
(e.g., tens of petabytes) onto a single Big Data platform and then are building real-time applications
using this data and Sqrrl Enterprise’s analytical interfaces. The secure integration is enabled by
Accumulo’s innovative cell-level security capabilities and Sqrrl Enterprise’s security extensions, such
as encryption. The real-time applications take advantage of Sqrrl Enterprise’s JSON, full-text search,
SqrrlQL, statistics, and graph search capabilities. In this general sense, customers are utilizing Sqrrl
Enterprise as a massively scalable, secure, and flexible NoSQL database for Big Data.
Big Data Security Analytics Overview
Some of Sqrrl’s customers in sectors such as financial services, telecommunications, and
government are applying this general “secure data lake” use case to cybersecurity. In response to the
continued rise of advanced threats and the need for greater visibility across networks, a new concept
is starting to take hold in the cybersecurity industry around Big Data Security Analytics. Sqrrl
Enterprise is uniquely positioned to help organizations build a Big Data Security Analytics capability.
The Need For Big Data
Security Analytics Is
Rapidly Growing
“According to ESG Research,
44% of enterprises say that
security data collection and
analysis would be considered big
data within their organizations
today, while another 44% believe
that they will likely consider
security data collection and
analysis big data within the next
24 months.”
Source: Jon Olstik, Enterprise Strategy Group,
3/13 Market Landscape Report: Evolution of Big
Data Security Analytics
Figure 1. Big Data Security Analytics Architecture
2. ABOUT SQRRL
Big Data Analytics Use Case | Page 2
Sqrrl powers secure, massively scalable Big Apps and was founded in 2012 by creators of Apache Accumulo. With their roots in the U.S. Intelligence
Community, Sqrrl’s founders have deep experience working with and building applications for complex petabyte-scale datasets. Sqrrl is headquartered in
Cambridge, MA and is a venture-backed company with investors from Matrix Partners and Atlas Venture.
130 Prospect Street
Cambridge, MA 0213
www.sqrrl.com
@sqrrl_inc
p: (617) 902-0784
e: info@sqrrl.com
Big Data Security Analytics refers to collecting and analyzing massive cybersecurity-related datasets
in real-time to uncover hidden malicious patterns in the data. Big Data Security Analytics differ from
traditional Security Information and Event Management (SIEM) tools in several different ways:
• Volume: Most SIEM tools struggle to scale past tens of terabytes; Sqrrl Enterprise easily scales
to tens of petabytes;
• Variety: Most SIEM tools are limited to log and event data; Sqrrl Enterprise can easily ingest any
data source, including emails, web data, host data, IDS/IDP/firewall information, identity context
data, social activity, external threat intelligence, etc.;
• Value: Most SIEM tools are expensive in both software and hardware costs; Sqrrl Enterprise has
a significantly lower price point, because it is largely based on free, open source software and
runs on low-cost commodity hardware.
• Velocity: Most SIEM tools require time-consuming data modeling before the data is ready for
analysis; Sqrrl Enterprise’s flexible schemas allow users to perform search and analytics on a
variety of sources with minimal up-front data modeling.
Given these differences, the key benefits of using Sqrrl Enterprise for building a Big Data Security
Analytics capability are:
• Complete Visibility: Analyze across security and operational data of varying types;
• Massive Scalability: 10s of petabytes; access to both active and historical content;
• High Performance: Analyze large datasets in seconds, not hours;
• Standardized Interfaces: JSON, full-text search, SqrrlQL, statistics, and graph search;
• Data Security and Privacy: Cell-level security and encryption; access to only authorized
& needed data.
Sqrrl Enterprise is designed to complement instead of replace existing SIEM tools. Users will typically
ingest a variety of datasets (e.g., log files, event files, Netflow, identity context information,
vulnerability information, configuration management, external threat intelligence, etc.) into Sqrrl
Enterprise and interrogate the data in a variety of ways to discover new suspicious patterns of
behavior. Organizations may build new lightweight real-time applications to search for these patterns
or integrate existing apps with Sqrrl Enterprise. Once these patterns are discovered, security analysts
will train their SIEM tools to look for these patterns in real-time.
Big Data Security Analytics Examples
A Big Data Security Analytics capability enabled by Sqrrl Enterprise can help security organizations
perform deeper and more thorough analysis across a variety of cybersecurity scenarios. Some of
these scenarios could include the following:
• A network Intrusion Detection System fires on malware Command and Control traffic; research
the root cause on a specific system
• A spear fishing attack is detected on a system; find other targeted systems
• A correlation rule fires in a SIEM; full contextual awareness is required
• The cybersecurity industry releases a new indicator of compromise; assess impacted systems
• An employee is expected of an insider attack; track all activity of that employee
Better Security Models are
Needed for Big Data in
Healthcare and Life
Sciences
“Traditional Security Information
and Event Management (SIEM)
systems suffer from several
limitations. Security analytics
were supposed to be anchored by
SIEM) systems, a staple
technology at most large
enterprises. Unfortunately, many
SIEM platforms can no longer
keep up with mushrooming
requirements due to technology,
scalability, or usability flaws.”
Source: Jon Olstik, Enterprise Strategy Group,
March 2013 Market Landscape Report: The
Evolution of Big Data Security Analytics
Technology