fighting cybersecurity threats with apache spot

1©Cloudera,Inc.Allrightsreserved.

ACommunityApproachtoFightingCyberThreats -ApacheSpot(incubating)MarkGrover|@mark_groverApacheSpot(incubating)committerandPPMCmemberSlidesatslideshare.com/markgrover

2©Cloudera,Inc.Allrightsreserved.

Aboutthebook

•@hadooparchbook• hadooparchitecturebook.com• github.com/hadooparchitecturebook• slideshare.com/hadooparchbook

3©Cloudera,Inc.Allrightsreserved.

Agenda

• ApacheSpot(incubating)

4©Cloudera,Inc.Allrightsreserved.

…whilesecurityoperationscentersdonot.

SOC2

SOC1

SOC3

SOC4

Hackerscollaborateeveryday…

5©Cloudera,Inc.Allrightsreserved.

ApacheSpot(Incubating)

Acommunityapproachtofightingcyberthreats.

spot.incubator.apache.org

6©Cloudera,Inc.Allrightsreserved.

Gapsinexistingcybersecuritysolutions

DetectingAdvancedThreats

Onlysignatureandcorrelationbaseddetection

Machinelearningisdifficulttoimplement

Dataisnotenrichedforbetterdetection

ReducingInvestigationandResponseTime

Accessmultipleapplicationsinordertoact

Partialenterprisevisibility

Onlyaccessmonthsworthofdata

UnderstandingTrueBusinessRisk

Balancingriskwithcosts

Gettinganunderstandingoftheriskofanentityoruser

Meetingchangingcomplianceregulations

7©Cloudera,Inc.Allrightsreserved.

WhySpot?Whynow?

• Bigdatatools• Scalablestorageandcomputer

• Reasonablecost• Commodityhardware

• Advancedthreatdetection•MachineLearning

8©Cloudera,Inc.Allrightsreserved.

TheValueofApacheSpot

Detectadvancedthreatsfasterviamachinelearning

Fastertimetoincidentinvestigationandresponsewith

comprehensiveenterprisevisibility

Changetheeconomicsofcybersecurity withanopen

sourceplatformthatsupportsmultipleLOBworkloads

9©Cloudera,Inc.Allrightsreserved.

Architecturediagram

10©Cloudera,Inc.Allrightsreserved.

11©Cloudera,Inc.Allrightsreserved.

ApacheSpotIngestionPartneringwith:

12©Cloudera,Inc.Allrightsreserved.

ApacheSpotProcessing

Analystqueries(UI)

Analystfull-textsearch(UI)

MachineLearning

13©Cloudera,Inc.Allrightsreserved.

RememberNetflixprize?

14©Cloudera,Inc.Allrightsreserved.

Whatif…

• …wecombinednetflow,DNS,proxydatawith• Usercontext• Org,privileges,etc.

• Endpointcontext•Whatsecurityregulationgovernsthisserver

• Networkcontext• Informationaboutnetworkfromwhoisservers,etc.

• Threatintelligencemodel• SetofknownmaliciousIPs,etc.

15©Cloudera,Inc.Allrightsreserved.

OpenDataModel

• Rawevent1Zg2y780a,10.1.1.3:23444,10.1.1.10:1521,successfulloginassysdba byjsmith,Oracle• UsercontextJohnSmith,jsmith,smithj,csdkkv,jsmith@companyA.com,Jeff Beck,703-555-1212,Recruiter,domainusers,HR• Endpointcontext10.1.1.10,crm.companyA.com,IT,Prod,SOX,PCI,Redhat6.1,OracleCM,jt@companyA.com

16©Cloudera,Inc.Allrightsreserved.

OpenDataModel

• Rawevent1Zg2y780a,10.1.1.3:23444,10.1.1.10:1521,successfulloginassysdba byjsmith,Oracle• UsercontextJohnSmith,jsmith,smithj,csdkkv,jsmith@companyA.com,Jeff Beck,703-555-1212,Recruiter,domainusers,HR• Endpointcontext10.1.1.10,crm.companyA.com,IT,Prod,SOX,PCI,Redhat6.1,OracleCM,jt@companyA.com

JohnSmith,amemberoftheHRrecruitingteamsuccessfullyloggedinasaprivilegedusertoanOracledatabasehousingthecompany’sCRMdata,regulatedbySOX&PCI

17©Cloudera,Inc.Allrightsreserved.

Demo

18©Cloudera,Inc.Allrightsreserved.

OpenSourceCollaboration1. Collaboratewithanalytic,bigdata,andcybersecurity industryleaders2. Shareanalyticswithpeerorganizationsleveragingtheopendatamodel

3. Future-proofyourplatformasopensourcecommunityinnovatesatgreaterspeed

19©Cloudera,Inc.Allrightsreserved.

Thanksspot.apache.org@mark_grover