BigData and (in)Security Considerations - SCGMIS offers A Defense-in-Depth: Approach to Security....

BigData and (in)Security Considerations

2

Most Organizations are reengineeringthe way they do business.

Powerful Mobile Computing Devices

Fast, Widespread Wireless/Wireline IP Networks

Cloud Computing

Amazing ApplicationsThat Change Our World

Technology Trends Reshaping Business

Government/Education Interactions

FinanceCommunities

Compliance Communities

DemandCommunities

Compliance

Payment &Settlement

Fulfillment

Revenue

Logistics Service

Providers

Brokers

Carriers

Suppliers/ Distributors

Banks & Credit

Escrow/Endowments Agents

Student Finance

Regulatory Authorities

Government Authorities

Industry Standards

OrganizationsRetailers

ConsumersParents/StudentsConstituents

Education Distributors,

Vendors Partners

IT/Software

IT Standards Community

Financial Investment

Management

Industry/Education/ Government

Organizations

Your Organization

Marketing

Legal

Security

Logistics & Facilities

Communities

4

Computing PowerOn Demand

Application PlatformOn Demand

UtilityComputing

Managed Hosting

Replication & Storage

Collocation

Smartphone &Laptop Back‐up

Virtual Cloud

Global Geographic Diversity

Domestic Geographic Diversity

Cloud & Hosting Services

Security

Private Cloud

Technology Diversity

5

Application Hosting &Pro Services


ApplicationHosting &Pro Services

ApplicationManagement

Application Management

Content Acceleration

Content DeliveryNetwork

Digital Signage

Video Management

WebSphereHosting &Services

Application Services

eCommerce Application

Hosting & Pro Services

Security

Business ApplicationMobilization Middleware

Software as aServiceEnablement


Security

Vendor and Partner Choices

6

Internet Access

Local & Long Distance

Telepresence

DomesticMPLS

Wireless WAN

Remote Access

Web & Audio Conferencing

Web & Email Security

Firewall, Bandwidth, & Mobile Security

as a ServiceNetwork Sourcing

UnifiedCommunications

Network Services

Integrated Voice & Data

Legacy DataNetworking

GlobalMPLS

Security

Access and Communications Choices

7

Global MobileCompatibility

Mobility Services

Business Applications

Simultaneous Voice & Data

SmartPhones

Tablets

Laptops & Netbooks

Mobile Commerce

Mobile Device Management

Fixed Mobile Convergence

Mobile ProductivitySolutions

Machine‐to‐Machine

Legacy Cell Phones Global Wi‐Fi

Access

Mobile ResourceManagement

Mobile Messaging

$

Security

Mobility Explosion

Connect To Your WorldPutting all of

the Pieces Together

Data Warehouse

Custom Hardware Solutions

Application Acceleration

3rd Party Mobile Apps

Equipment Staging, Cabling, and Wiring

PCI

Customer Data Protection

Regulatory Compliance

Application Consulting Mobility Consulting

SAS 70 / SSAE 16 / ISAE 3402

Network Architecture Assistance

Firewall Assessments

Assess Security Risk Of Evolving Application-based Mobile Technologies

Security Event Management

Network Consulting

Incident Response &

Forensics

Cloud Strategy

Disaster Recovery Strategy

eCommerce Strategy

Software Implementation, Enhancements &

UpgradesCustom Application Development

Network Integration

Systems Integration

Protecting Interests

Cloud & Hosting Consulting

Mobilize Everything

Rise Above the Cloud

Unlock Your Applications

ISO 27001/2

Sarbanes-OxleyGLB

RFID Supply Chain

Logistics

WWWAN Architecture Assistance

Telemetry Solution

DevelopmentYour GovEd

Organization

Security

Mandates and More

$ecurity

BigData

BigData and (in)Security Considerations

The threat Landscape is changing

Concerns are real – not FUDAlaska Department of Health and Social Services the state Medicaid agency, has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $1,700,000 to settle possible HIPAA violations. Alaska DHSS has also agreed to take corrective action to properly safeguard the electronic protected health information (ePHI) of their Medicaid beneficiaries

Utah Department of Health March 30, approximately 780,000 Medicaid patients & recipients of the Children's Health Insurance Plan had personal information stolen after a hacker from Eastern Europe accessed the Utah Department of Technology Service's server.

South Carolina Department of Revenue Breach$25m and climbing. Employee opened a phishing email on a personal machine… infected a thumb drive… inserted thumb drive in DOR PC… low and slow extraction of data from DOR data base SC DOR no longer allows employees to use state machines for personal use.. Can not access during lunch or after work.

Concerns are seen early by BigData

12

BigData Advisory – Cisco Security Advisory Cisco ASA5500 Series Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device.

Protect Alert Increased scan sources on port 135/tcpIncrease scanning on port 135/TCP. Port 135/TCP is commonly associated with “epmap” to manage services like Exchange, AD, DHCP, DNS and WINS. The current scanning activity appears to be an attempt to identify open DCE/RPC Locator Services to target vulnerable systems for malicious purposes. Several malware (Randex, Spybot, Sdbot and Ircbot) are know to use 135/tcp.

With BigData…

BigData Resources that benefit Gov/Ed Organizations: Extremely (elastic) Large Network Resources: Teams and Organizations with

Expertise Full-time/part-time security professionals

with training and credentials Benefit from real-time knowledge-base

and tools

33 petabytes of data traffic per day on average –(peta = 1 million gigbytes)

Wireless subscribers – >150M – not simply cell phones… Hand-held computers

BigData has large Wi-Fi network view with hundreds of thousands of WiFi hotspots around world.

BD has more than one billion devices connected to its network at any given time

Billions of IP flows go through a BigDataanalysis DB per hour on average.

What BigData Sees/Monitors

14

With BigData behind you: Correlation of your events with a large

threat intelligence databases in the world

Proactive signatures Custom tools for early detection Resources for mitigation BigData offers a unique global view

of traffic & threats that can not be replicated.

15

Viewing Internet Activity …Through a BigData Portal.

Using BigData Engines (Monitoring, Correlating, Trafficking, etc.) to support mitigation and prevention of penetrations.

HOW BigData Identifies Vulnerabilities Correlation Across Network, Servers & Applications

Real-Time Alerts & Alarms with

Severity & Likely Source

Profiling Engine“What You Expect as Normal”

SecurityProfessionals

• Normalized Databaseof Alerts

• 24 x 7 monitoring• Documented process• Moving terabytes of

data worldwide• Protection against

many security eventsCorrelation Engine

Monitoring Engine“What you Actually See”

Security Analysis (Profile/Anomaly Based)

2 8 4 2

1 7 2 0

52 2

8

Network Security GNOC

18Non-targeted

servers

DDoS Defense Diversion Overview

2842

17 20

52 2

8

Scrubbing Complex

IP Network

2. ActivateScrubbing Complex

BGP announcement1.2.3.4/32

Targeted servers

1.2.3.4/24

3. Withdraw routes to alternate ISP

1. BigDataPartner DetectsDDoS attack

19Non-targeted

servers

DDoS Defense Diversion Overview

2842

17 20

52 2

8

Scrubbing Complex

IP Network

Targeted servers

1.2.3.4/24

6. Scrubbed Legitimate Traffic Flows back to targeted devices

4. Scrubber Identifiesand filters the malicious traffic

3. Divert only the Target’s traffic to Scrubber

BigData

BigData

BigData

Service Support Model / Flow

Real-Time Alerts & Alarms with Severity &

Likely Source

• IDS Alarms• Firewall Logs • DLP Alarms• Netflow• Proxy Logs

• Server Alarms• Internet Alarms • DDOS Detection • VPN Logs• Honey Pots

• Monitoring Engines• Correlation Engines• Flow Analysis



Likely Source



Global Network Security






Likely Source



BigData Network Security GNOC




Security InformationMitigation PlanSecurity Support

Security Event Threat Management System

Customer Information Flow

25

IDS FW LogsCustomerIntranetData

Flow data Registry

BigData IP BackboneFeeds

OthersOthersOthers

InternetBasedIntelligence

CustomerPortal

Alarm

s

Data Collection Analysis

CorrelatedAlerts

Cus

tom

erN

otifi

catio

n

Customer IntranetFeeds

OthersOthersOthers

Security Event & Threat Analysis

Notification of prioritized events based on their risk to the company and

the ability to mitigate them.

Recommended mitigation plan

provided as part of BigData determined

critical and actionable alerts

Custom Periodic Threat Analysis

Report identifying threats that may

effect your business

27

Security – Protecting different data different ways. E-Mail concerns are different then Denial of Service Concerns

Data requirements and exposure can effect all parts

of your organization. Protection where needed –

Defense-in-Depth approach to securely protect your

business.

Passing packets, or augmenting your team

through services isDefense-in-Depth. Protection where you need it - when you

need it.

24x7Always on - always available BigData Network Operating Center and Security Solution

teams - There when you need them.

BigData Security SolutionsA Defense-in-Depth Approach: Many types of data share the same cable

SMTPE-Mail

Telenet – Data connections

HTTP / HTTPSWeb Browsers and Secure Web Pages

Business Applications

VPN – Site-to-Site and Users IPSec NAT-T, SSL, etc.

Token (hard or soft)

FTP - File Transfer

Application Data Traffic

28

Secure E-Mail Gateway (SEG)Protecting Against Inbound Threats, While Delivering Outbound Policy Enforcement, Disaster Recovery, and Archiving Of E-mail Data

Put the Moat outside your business- Where it belongs

• BigData Network-based solution blocking spam, viruses, and other inbound e-mail malware threats with an additional layer of protection against loss of sensitive information and services.

• DLP – Data Loss Protection• PII – Personal Identifiable

Information• Disaster Recovery Support for months

with mail-• bagging in the event of expected or

unexpected e-mail downtime. access to these e-mails during outage

• Multi-layered e-mail filtering protection• Encryption features to support your

data loss prevention strategies

Stop New and Known Malware at the Internet Level• Inbound / Outbound Real-Time Scanning across multiple, correlated detection

technologies• Zero-Day concerns dynamically identified by working with massive amounts of Web

Data

Processes

Outbreak Intelligence using proprietary,proactive, heuristics technology

• Proactively identify threats, rapidlydevelop heuristics, and test theseagainst real data.

• Ensuring accuracy, effectiveness and immediate protection.

• Anywhere+ - Same protection / enforcement for roaming assets (laptops) when away from office.

BigData Web Security URL Filtering, Company Policy Enforcement and Protection

3131

World Class Security NOC• Physical Redundancy• Documented Operational

Security Procedures• 24x7 monitoring and managementState of the art systems that monitor and manage thousands of devices• Systems that collect terabytes

of data• Correlate thousands of

security events Top Notch Security Expertise• CCNP, CCIE, GCIA, CISSP, MCSE,

and Unix certified professionals• Strong Security Skills –

Incident Handling and Intrusion Detection

• In depth understanding of TCP/IP• Years of experience

BigData = World Class Security Operations

Global Network Security GNOC

Lead in Industry Standards of Excellence

Industry Thought Leaders

SOLUTION: Move the Moat Outside the Castle.

Michael Light, Emerging Technologies Consultant [email protected] – 843.814.7935

32© 2010 AT&T Intellectual Property. All rights reserved. AT&T Proprietary (Internal Use Only)

Security ConsultingSecurity Event & Threat AnalysisNetwork-Based Firewall SolutionsIntrusion Detection and Intrusion Protection SolutionsEmail & / or Web Filtering ProtectionInternet BigView & DDoS Defense

BigData offers A Defense-in-Depth: Approach to Security

BigData and (in)Security Considerations - SCGMIS offers A Defense-in-Depth: Approach to Security....

Documents

Transcript of BigData and (in)Security Considerations - SCGMIS offers A Defense-in-Depth: Approach to Security....