Turn Your Big Security Data

into a Big Advantage

February 23, 2012

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com

What We’ll Cover Today

Today’s Speakers

The Challenge with Big Security Data

Big Data’s Value to Security

Wasn’t this Already Promised?

eEye’s Unique Offering

451 Analysis

Our view of big data’s value to security

Why do something different?

How this is actually impacting the enterprise

Questions, Closing Comments

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 2

Today’s Speakers

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 3

Mike Puterbaugh,

VP, Marketing

Industry Pioneers Leaders in IT security since 1998

Thought Leaders World-renowned research team

Security Experts Thousands of customers

World’s largest vulnerability

management deployments

Award-Winning Solutions Recognized product leadership

Andrew Hay, Senior Analyst,

Enterprise Security Practice (ESP)

Research areas SIEM & Log Management

Forensics & Incident Response

Penetration Testing &

Vulnerability Management

Twitter @andrewsmhay

Personal Blog www.andrewhay.ca

There is No Bigger Data Than Your Security Data

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 4

The technologies being deployed today have changed the way

security teams manage risk

New technologies bring new security gaps (aka Risk) with them

Virtual applications

Public/Private cloud assets

Managed and unmanaged mobile devices

These new security gaps are introduced at both macro and

micro levels

The ability to pinpoint and act on this risk data creates a

protection advantage that drives better informed decisions

about how to continually evolve your security strategy

There is no shortage of security data…

“Supply” IT Environment

Applications

OSs

Desktops

Servers

Mobile Devices

Virtualization

Ports

Services

People

Cloud

“Demand” Security Requirements

Risk Tolerance

Regulations

Best Practices

and Standards

Processes

and Procedures

End-user Needs

Resources

Security’s

Challenge

Turning this Data

Into Action

…and this is just the natively generated data…

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 5

…there’s more than you can handle, actually…

“Supply” IT Environment

Applications

OSs

Desktops

Servers

Mobile Devices

Virtualization

Ports

Services

People

Cloud

“Demand” Security Requirements

Risk Tolerance

Regulations

Best Practices

and Standards

Processes

and Procedures

End-user Needs

Resources

Security’s

Challenge

Turning this Data

Into Action

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 6

What about…

Exploits

Vulnerabilities

Attacks

Misconfigurations

User privileges

Attempts

etc

Big Security Data The intersection

of tech and business

What this used to mean

Big Data and Security Intelligence from eEye

RETINA Insight Security Intelligence Engine

RETINA CS Centralized Management Console

RETINA Network The Industry’s Vulnerability Scanning Benchmark

Patch Management Built-In Remediation

Configuration Compliance Configuration Benchmarking

Regulatory Reporting Advanced Compliance Reporting

Retina Protection Agent Local Scanning Agent

Reduce Security Risks Close Security Gaps Improve Visibility

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 8

Retina Insight: Security Intelligence for the Enterprise

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 9

RETINA Insight Security Intelligence Engine

Purpose-built data warehouse;

integrated with Retina CS

Actionable analysis via Risk

Matrix, Trending and Targeted

Reports

Complete ad-hoc reporting

support as well

Roles-based access opens up

intelligence to security, ops,

risk, audit, etc.

Attacks Vulnerabilities

Exploits

Configuration

Compliance

Mobile

Cloud

Desktop

Server Virtual

Applications

Patches

Retina Insight: Security Intelligence for the Enterprise

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com

Multi-dimensional risk matrix

Viewable by technology,

assets, vulnerabilities,

attacks, exploits, etc.

RETINA Insight Security Intelligence Engine

Direct access to database via

Pivot Grid ad-hoc reporting

In addition to the 100’s of

included reports

Retina Insight: Security Intelligence for the Enterprise

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com

Compliance Scorecards

PCI, HIPPA, SOX, GLBA, NIST,

FER/NERC, COBIT, etc.

RETINA Insight Security Intelligence Engine

Reporting subscriptions and

delivery management

Weren’t SEIM/SIMs Supposed To Deliver This?

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 12

SIEM/SIM solutions gather data from multiple

data sources, correlating over time and date

Technical relationship between the data points

“Big Security Data” offers value beyond

simple correlation, if properly leveraged

In addition to the technical relationship, it provides a

business context around that data

Relates to business functions, compliance requirements,

forward planning

This is far beyond reporting: This data can be

used to optimize internal processes and

workflows = creating a better security strategy

Data

vs

Insight

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com

Andrew Hay,

Senior Analyst, Enterprise

Security Practice (ESP)

451 Research

Our view of big data’s value to security

There is a wealth of data in the enterprise

Only subsets are used for security context

Mathmagically speaking

Big Data = (Volume +/- Variety +/- Velocity)

Where:

• Volume relates to the amount of data being generated, stored and

processed;

• Variety relates to the number of different data formats; and

• Velocity relates to the rate at which data is updated

Big data is not necessarily just about large volumes of data

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 14

Why do something different?

Most SIEM products were

designed for dealing only with

security-related data with

Large volume

Little variety

Fairly consistent and predictable

velocity

Technology built off of data pains

of the late 1990’s and early 2000’s

“How do I manage all of these IDS

alerts from my 10 sensors?”

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 15

Relative strengths of traditional RDBMS and

Hadoop

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 16

We need access to EVERYTHING!

Image Source: http://preview.tinyurl.com/3ux8bo6

Traditional sources of information

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 18

But what might we be missing?

Physical security

Swipe card readers

Video feeds

Mobile devices

iPhone/Android data exfiltration via

Starbucks

Cloud

Hypervisor-level exploitation • “Hey Amazon, can I get your

infrastructure logs?”

The minutiae of covert low-and-

slow attacks with varying

velocity and variety

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 19

Primary platform by data type

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 20

Impact to the enterprise

Security data is not the only relevant data for data

security

Think globally and act locally

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com 21

Data is evolving and your organization

needs to evolve with it

Plan for the future, not the past

If ‘big data security’ were easy, everyone would be

doing it

A big data security product isn’t a “Big Data Easy Button™”

Questions? Check Out These Resources

22

www.eeye.com

@eEye

www.451Research.com

@451Research

Thank You!

eEye Digital Security 1.866.339.3732 www.eEye.com info@eEye.com