Real-time Ingestion of telemetry into Hadoop to respond to Zero-Day Attacks Vipul Sawant, Pallav Jakhotiya.

Slides:



Advertisements
Similar presentations
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Advertisements

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
© 2014 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac.
© 2009 VMware Inc. All rights reserved Big Data’s Virtualization Journey Andrew Yu Sr. Director, Big Data R&D VMware.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Observation Pattern Theory Hypothesis What will happen? How can we make it happen? Predictive Analytics Prescriptive Analytics What happened? Why.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 19: Configuring Windows Firewall
Host Intrusion Prevention Systems & Beyond
Lecture 11 Intrusion Detection (cont)
Security Guidelines and Management
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University
Apache Spark and the future of big data applications Eric Baldeschwieler.
Protecting Customer Websites and Web Applications Web Application Security.
Cyber Basics and Big Data. 2 Semantic Extraction Sentiment Analysis Entity Extraction Link Analysis Temporal Analysis Geospatial Analysis Time Event Matrices.
A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Tyson Condie.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Processing and Analyzing Large log from Search Engine Meng Dou 13/9/2012.
Enforcing Concurrent Logon Policies with UserLock.
Big Data. What is Big Data? Big Data Analytics: 11 Case Histories and Success Stories
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
A Networked Machine Management System 16, 1999.
How Companies are Using Spark And where the Edge in Big Data will be Matei Zaharia.
What is SAM-Grid? Job Handling Data Handling Monitoring and Information.
Sky Advanced Threat Prevention
Anomaly Detection and Internal Network Security Jose Nazario, Ph.D. Arbor Networks.
A Technical Overview Bill Branan DuraCloud Technical Lead.
What we know or see What’s actually there Wikipedia : In information technology, big data is a collection of data sets so large and complex that it.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory
+ Logentries Is a Real-Time Log Analytics Service for Aggregating, Analyzing, and Alerting on Log Data from Microsoft Azure Apps and Systems MICROSOFT.
Bring Your Own Security (BYOS™): Deploy Applications in a Manageable Java Container with Waratek Locker on Microsoft Azure MICROSOFT AZURE ISV PROFILE:
Axis AI Solves Challenges of Complex Data Extraction and Document Classification through Advanced Natural Language Processing and Machine Learning MICROSOFT.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
AZURE DISTRIBUTED DATA Storage, HDInsight Hadoop, Azure Data Lake.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
This is a free Course Available on Hadoop-Skills.com.
Barracuda Networks. Safe Public Cloud Transitions Why Barracuda? The Challenge When organizations move workloads to the public cloud, data protection.
An Introduction To Big Data For The SQL Server DBA.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Microsoft Ignite /28/2017 6:07 PM
Some Great Open Source Intrusion Detection Systems (IDSs)
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Data mining in web applications
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Connected Infrastructure
Organizations Are Embracing New Opportunities
Big Data Enterprise Patterns
Connected Living Connected Living What to look for Architecture
Introduction to Distributed Platforms
Connected Maintenance Solution
Connected Maintenance Solution
Connected Living Connected Living What to look for Architecture
Connected Infrastructure
CHAPTER 3 Architectures for Distributed Systems
Eng Computation & Data Science.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Comodo Dome Data Protection
Presentation transcript:

Real-time Ingestion of telemetry into Hadoop to respond to Zero-Day Attacks Vipul Sawant, Pallav Jakhotiya

Telemetry

Sputnik First man-made satellite Launched by Soviet Union in 1957 Altitude 500 km above the earth Transmitted telemetry as “beeps”

FIREWALLENDPOINT SERVER GATEWAY Blocked /web attacks metadata Source server identity Web connection history In/outbound attachments Gateway security settings Blocked attacks Network connections Successful / failed logins Process behaviors Compliance status (PCI, HIPAA) Server security settings Blocked attacks Network connections Successful / failed logins Sensitive documents accessed Process behaviors Endpoint security settings Blocked connections Inbound/outbound traffic Protocol tunneling activity Data ingress/egress volumes Accesses to cloud apps Firewall software settings Logs/Telemetry in the security world

Engineering Challenges Variety Structured and Unstructured formats Volume Terabytes of data generated every day Velocity Millions of events generated per second Latency Act on the events in near real time

TechniqueThroughputRemarks Streaming100K-110K events/second Works well for real time computations Batch230K-250K events/secondLatency of 3-4 hours before data is available Hybrid600K-620K events/secondUses streaming for computations and a periodic batch for ingestion Analyzing Ingestion techniques Environment – 8 node shared test cluster running HDFS, Map Reduce, Storm, Kafka

Hybrid Ingestion Real Time Applications Message Broker Distributed Real time computation system Telemetry Gateway Telemetry Generators Batch Ingestion Batch Applications HDFS

So what problems can we solve with this type of data

Identify targeted attacks Machine X logged into 15 other machines in the last hour… lateral movement? So what problems could we solve with this type of data? Help companies scope attacks and recover The attackers initially compromised machine A, then pivoted to B and G. They accessed employee-list.doc, but did not access customer.doc Help companies protect their information Lily usually accesses 2-4 sensitive documents/day, but today she’s already accessed 19 confidential documents! Hmm.

Batch Application Responding to Zero-Day Attacks Telemetry Archive Login Attempts Application Versions Application usage Pattern Login Time Running Process AV Detections Extract Features Compute Co-relations Pre- Processing Real-Time Telemetry Rules Engine Possible Attack incidents Real-Time Application Decision Tree

CENTRAL SECURITY BIG DATA STORE Known C&C Server Implicated in Targeted Attack Company 2 Company 1 Server 8 FEB MON

“Seed” Indicator

Questions?

Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.