Post on 21-Oct-2014
description
Turn Your Big Security Data
into a Big Advantage
February 23, 2012
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com
What We’ll Cover Today
Today’s Speakers
The Challenge with Big Security Data
Big Data’s Value to Security
Wasn’t this Already Promised?
eEye’s Unique Offering
451 Analysis
Our view of big data’s value to security
Why do something different?
How this is actually impacting the enterprise
Questions, Closing Comments
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 2
Today’s Speakers
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 3
Mike Puterbaugh,
VP, Marketing
Industry Pioneers Leaders in IT security since 1998
Thought Leaders World-renowned research team
Security Experts Thousands of customers
World’s largest vulnerability
management deployments
Award-Winning Solutions Recognized product leadership
Andrew Hay, Senior Analyst,
Enterprise Security Practice (ESP)
Research areas SIEM & Log Management
Forensics & Incident Response
Penetration Testing &
Vulnerability Management
Twitter @andrewsmhay
Personal Blog www.andrewhay.ca
There is No Bigger Data Than Your Security Data
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 4
The technologies being deployed today have changed the way
security teams manage risk
New technologies bring new security gaps (aka Risk) with them
Virtual applications
Public/Private cloud assets
Managed and unmanaged mobile devices
These new security gaps are introduced at both macro and
micro levels
The ability to pinpoint and act on this risk data creates a
protection advantage that drives better informed decisions
about how to continually evolve your security strategy
There is no shortage of security data…
“Supply” IT Environment
Applications
OSs
Desktops
Servers
Mobile Devices
Virtualization
Ports
Services
People
Cloud
“Demand” Security Requirements
Risk Tolerance
Regulations
Best Practices
and Standards
Processes
and Procedures
End-user Needs
Resources
Security’s
Challenge
Turning this Data
Into Action
…and this is just the natively generated data…
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 5
…there’s more than you can handle, actually…
“Supply” IT Environment
Applications
OSs
Desktops
Servers
Mobile Devices
Virtualization
Ports
Services
People
Cloud
“Demand” Security Requirements
Risk Tolerance
Regulations
Best Practices
and Standards
Processes
and Procedures
End-user Needs
Resources
Security’s
Challenge
Turning this Data
Into Action
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 6
What about…
Exploits
Vulnerabilities
Attacks
Misconfigurations
User privileges
Attempts
etc
Big Security Data The intersection
of tech and business
What this used to mean
Big Data and Security Intelligence from eEye
RETINA Insight Security Intelligence Engine
RETINA CS Centralized Management Console
RETINA Network The Industry’s Vulnerability Scanning Benchmark
Patch Management Built-In Remediation
Configuration Compliance Configuration Benchmarking
Regulatory Reporting Advanced Compliance Reporting
Retina Protection Agent Local Scanning Agent
Reduce Security Risks Close Security Gaps Improve Visibility
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 8
Retina Insight: Security Intelligence for the Enterprise
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 9
RETINA Insight Security Intelligence Engine
Purpose-built data warehouse;
integrated with Retina CS
Actionable analysis via Risk
Matrix, Trending and Targeted
Reports
Complete ad-hoc reporting
support as well
Roles-based access opens up
intelligence to security, ops,
risk, audit, etc.
Attacks Vulnerabilities
Exploits
Configuration
Compliance
Mobile
Cloud
Desktop
Server Virtual
Applications
Patches
Retina Insight: Security Intelligence for the Enterprise
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com
Multi-dimensional risk matrix
Viewable by technology,
assets, vulnerabilities,
attacks, exploits, etc.
RETINA Insight Security Intelligence Engine
Direct access to database via
Pivot Grid ad-hoc reporting
In addition to the 100’s of
included reports
Retina Insight: Security Intelligence for the Enterprise
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com
Compliance Scorecards
PCI, HIPPA, SOX, GLBA, NIST,
FER/NERC, COBIT, etc.
RETINA Insight Security Intelligence Engine
Reporting subscriptions and
delivery management
Weren’t SEIM/SIMs Supposed To Deliver This?
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 12
SIEM/SIM solutions gather data from multiple
data sources, correlating over time and date
Technical relationship between the data points
“Big Security Data” offers value beyond
simple correlation, if properly leveraged
In addition to the technical relationship, it provides a
business context around that data
Relates to business functions, compliance requirements,
forward planning
This is far beyond reporting: This data can be
used to optimize internal processes and
workflows = creating a better security strategy
Data
vs
Insight
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com
Andrew Hay,
Senior Analyst, Enterprise
Security Practice (ESP)
451 Research
Our view of big data’s value to security
There is a wealth of data in the enterprise
Only subsets are used for security context
Mathmagically speaking
Big Data = (Volume +/- Variety +/- Velocity)
Where:
• Volume relates to the amount of data being generated, stored and
processed;
• Variety relates to the number of different data formats; and
• Velocity relates to the rate at which data is updated
Big data is not necessarily just about large volumes of data
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 14
Why do something different?
Most SIEM products were
designed for dealing only with
security-related data with
Large volume
Little variety
Fairly consistent and predictable
velocity
Technology built off of data pains
of the late 1990’s and early 2000’s
“How do I manage all of these IDS
alerts from my 10 sensors?”
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 15
Relative strengths of traditional RDBMS and
Hadoop
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 16
We need access to EVERYTHING!
Image Source: http://preview.tinyurl.com/3ux8bo6
Traditional sources of information
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 18
But what might we be missing?
Physical security
Swipe card readers
Video feeds
Mobile devices
iPhone/Android data exfiltration via
Starbucks
Cloud
Hypervisor-level exploitation • “Hey Amazon, can I get your
infrastructure logs?”
The minutiae of covert low-and-
slow attacks with varying
velocity and variety
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 19
Primary platform by data type
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 20
Impact to the enterprise
Security data is not the only relevant data for data
security
Think globally and act locally
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 21
Data is evolving and your organization
needs to evolve with it
Plan for the future, not the past
If ‘big data security’ were easy, everyone would be
doing it
A big data security product isn’t a “Big Data Easy Button™”
Questions? Check Out These Resources
22
www.eeye.com
@eEye
www.451Research.com
@451Research
Thank You!
eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com