fighting cybersecurity threats with apache spot
TRANSCRIPT
1©Cloudera,Inc.Allrightsreserved.
ACommunityApproachtoFightingCyberThreats -ApacheSpot(incubating)MarkGrover|@mark_groverApacheSpot(incubating)committerandPPMCmemberSlidesatslideshare.com/markgrover
2©Cloudera,Inc.Allrightsreserved.
Aboutthebook
•@hadooparchbook• hadooparchitecturebook.com• github.com/hadooparchitecturebook• slideshare.com/hadooparchbook
3©Cloudera,Inc.Allrightsreserved.
Agenda
• ApacheSpot(incubating)
4©Cloudera,Inc.Allrightsreserved.
…whilesecurityoperationscentersdonot.
SOC2
SOC1
SOC3
SOC4
Hackerscollaborateeveryday…
5©Cloudera,Inc.Allrightsreserved.
ApacheSpot(Incubating)
Acommunityapproachtofightingcyberthreats.
spot.incubator.apache.org
6©Cloudera,Inc.Allrightsreserved.
Gapsinexistingcybersecuritysolutions
DetectingAdvancedThreats
Onlysignatureandcorrelationbaseddetection
Machinelearningisdifficulttoimplement
Dataisnotenrichedforbetterdetection
ReducingInvestigationandResponseTime
Accessmultipleapplicationsinordertoact
Partialenterprisevisibility
Onlyaccessmonthsworthofdata
UnderstandingTrueBusinessRisk
Balancingriskwithcosts
Gettinganunderstandingoftheriskofanentityoruser
Meetingchangingcomplianceregulations
7©Cloudera,Inc.Allrightsreserved.
WhySpot?Whynow?
• Bigdatatools• Scalablestorageandcomputer
• Reasonablecost• Commodityhardware
• Advancedthreatdetection•MachineLearning
8©Cloudera,Inc.Allrightsreserved.
TheValueofApacheSpot
Detectadvancedthreatsfasterviamachinelearning
Fastertimetoincidentinvestigationandresponsewith
comprehensiveenterprisevisibility
Changetheeconomicsofcybersecurity withanopen
sourceplatformthatsupportsmultipleLOBworkloads
9©Cloudera,Inc.Allrightsreserved.
Architecturediagram
10©Cloudera,Inc.Allrightsreserved.
11©Cloudera,Inc.Allrightsreserved.
ApacheSpotIngestionPartneringwith:
12©Cloudera,Inc.Allrightsreserved.
ApacheSpotProcessing
Analystqueries(UI)
Analystfull-textsearch(UI)
MachineLearning
13©Cloudera,Inc.Allrightsreserved.
RememberNetflixprize?
14©Cloudera,Inc.Allrightsreserved.
Whatif…
• …wecombinednetflow,DNS,proxydatawith• Usercontext• Org,privileges,etc.
• Endpointcontext•Whatsecurityregulationgovernsthisserver
• Networkcontext• Informationaboutnetworkfromwhoisservers,etc.
• Threatintelligencemodel• SetofknownmaliciousIPs,etc.
15©Cloudera,Inc.Allrightsreserved.
OpenDataModel
• Rawevent1Zg2y780a,10.1.1.3:23444,10.1.1.10:1521,successfulloginassysdba byjsmith,Oracle• UsercontextJohnSmith,jsmith,smithj,csdkkv,[email protected],Jeff Beck,703-555-1212,Recruiter,domainusers,HR• Endpointcontext10.1.1.10,crm.companyA.com,IT,Prod,SOX,PCI,Redhat6.1,OracleCM,[email protected]
16©Cloudera,Inc.Allrightsreserved.
OpenDataModel
• Rawevent1Zg2y780a,10.1.1.3:23444,10.1.1.10:1521,successfulloginassysdba byjsmith,Oracle• UsercontextJohnSmith,jsmith,smithj,csdkkv,[email protected],Jeff Beck,703-555-1212,Recruiter,domainusers,HR• Endpointcontext10.1.1.10,crm.companyA.com,IT,Prod,SOX,PCI,Redhat6.1,OracleCM,[email protected]
JohnSmith,amemberoftheHRrecruitingteamsuccessfullyloggedinasaprivilegedusertoanOracledatabasehousingthecompany’sCRMdata,regulatedbySOX&PCI
17©Cloudera,Inc.Allrightsreserved.
Demo
18©Cloudera,Inc.Allrightsreserved.
OpenSourceCollaboration1. Collaboratewithanalytic,bigdata,andcybersecurity industryleaders2. Shareanalyticswithpeerorganizationsleveragingtheopendatamodel
3. Future-proofyourplatformasopensourcecommunityinnovatesatgreaterspeed
19©Cloudera,Inc.Allrightsreserved.
Thanksspot.apache.org@mark_grover