Cyber Security in Network Centric Environment Anvita Sharma Middleware Architect Red Hat.
-
Upload
conrad-parsons -
Category
Documents
-
view
219 -
download
2
Transcript of Cyber Security in Network Centric Environment Anvita Sharma Middleware Architect Red Hat.
Cyber Security in Network Centric Environment
Anvita SharmaMiddleware ArchitectRed Hat
2
Agenda
NCO - Network Centric Operations
Cyber Security Challenge
Intelligence Driven Security Systems
Tools that can help
Questions
3
Network Centric Operations
4
“Net-Centric Operations refers to participating as a part of a complex community of people,
devices, information and services interconnected by a communications network to
optimise resource management and provide superior information on events and conditions
needed to empower decision makers.”
5
NCO – Reference Model
6
What Problems are we trying to solve?
7
What Problems are we trying to solve?
SECURE THE NET
9
Cybersecurity Challenge
It's largely about DATA..
RED HAT | ADD NAME11
RED HAT | ADD NAME12
... Machine generated data
200 billions 40%
Connected devicesby 2020
Machine data growthby 2020
Getting DATA from MACHINES
RED HAT | ADD NAME13
Business generated data
Getting DATA from BUSINESS
DATA SILOS
RED HAT | ADD NAME14
Human Generated data
Source: eMarketer, Dec 2013 Source: eMarketer, Dec 2013
Getting DATA on/from the USERS
500M tweets/dayeq 6.5 Gbps
10B messages/dayeq 146 Gbps
64B messages/dayeq 830 Gbps
RED HAT | ADD NAME15
CONVERGENCE OF FOUR DATA TRENDS
More Data means More Security
17
Intelligence Driven Security Model
It's largely about DATA..
Using Big Data to confront the unprecedented information risk arising from
Diminishing Network Boundaries
Sophisticated AdversariesIt's largely about DATA..It's largely about DATA..
18
Intelligence Driven Security Model
It's largely about DATA..It's largely about DATA..It's largely about DATA..Big Data Driven Security Model
Diverse Data Sources
Tools to collect Data
Monitoring Systems
Centralised Storage
High Degree of Integration
Standardised Views
Analytics Engine
INTEGRATON PLATFORMS
partners
devices
cloud / SaaS apps
distributors
With JBoss Fuse, You Can Integrate Everything...
+
HQ + integration stack
MQ
MQ
MQ
MQ
MQ
MQESB
ESB
Integration beyond the Data Center – deploy ESBs and brokers at distributers, outlets and devices
No longer limited to hub-and spoke – deploy integration intelligence at any location around the globe
Eliminate batch delivery –brokers can easily and inexpensively be deployed everywhere
DATA GRID
22
What is a data grid?
An in-memory distributed data store designed for fast access to large volumes of data and scalability
Commonly a complementary layer to the relational database and the application.
Store and Compute Data/Events
Key data grid characteristics:
In-memory, distributed caching
Elastic scalability
Advanced querying
Data replication
Processing for streaming data
Transaction capabilities
COMPLEX EVENT PROCESSING
RED HAT | ADD NAME24
What is Complex Event Processing?
What is an Event?
A significant change of state at a particular point in time.
What is Complex Event Processing?
The ability to detect, correlate, abstract, aggregate or compose and react to events.
RED HAT | ADD NAME25
CEP and BRMS Enables:
Event DetectionFrom an event cloud or set of streams, select all the meaningful events and only
then:
(Temporal) Event CorrelationAbility to correlate events and facts declaring both temporal and non-temporal
constraints between them. Ability to reason over event aggregation.
Event abstractionAbility to compose complex events from atomic events AND reason over them.
RED HAT | ADD NAME26
Model: CEP Modes
Cloud Mode Stream Mode
Default Mode – All facts and events are loaded before reasoning
Many to many pattern matching by the engine
No notion of flow of time, no clock synchronization
Ordering is not required
Event lifecycle managed by user
Sliding window is not needed
Events must be time-ordered
Engine synchronizes between streams using session clock
Engine applies the notion of flow
Engine manages the event lifecycle
Sliding window option could be used
Negative patterns could be used. Ex. Fire detected, no sprinkler turned on in 10 sec sound alarm
RED HAT | ADD NAME27
Model: Temporal Relationships
Event A before Event B
Event A meets Event B
Event A overlaps Event B
Event A finishes Event B
Event A includes Event B
Event A starts Event B
Event A coincides Event B
Event A after Event B
Event A metBy Event B
Event A overlapedBy Event B
Event A finishedBy Event B
Event A during Event B
Event A finishes Event B
when
Shipment( $pickupTime : scheduledPickupTime )
not ShipmentPickup( this before $pickupTime )
then
// shipment not picked up... Action required.
end
rule “Shipment not picked up in time”
when
Shipment( $pickupTime : scheduledPickupTime )
not ShipmentPickup( this before $pickupTime )
then
// shipment not picked up... Action required.
end
rule “Shipment not picked up in time”
Temporal Relationship
13 Operators are Supported
RED HAT | ADD NAME28
Model: CEP – Sliding WindowsSliding window 1
Sliding window 2
Joined window
Sliding Time Window- Reason Over events occurring next set time duration
Sliding Length Window- Reason Over set number of events occuring
rule "Sound the alarm in case temperature rises above threshold"when TemperatureThreshold( $max : max ) Number( doubleValue > $max ) from accumulate( SensorReading( $temp : temperature ) over window:time( 10m ), average( $temp ) )then // sound the alarmend
rule "Sound the alarm in case temperature rises above threshold"when TemperatureThreshold( $max : max ) Number( doubleValue > $max ) from accumulate( SensorReading( $temp : temperature ) over window:length( 100 ), average( $temp ) )then // sound the alarmend
Example: Raise alarm if avg temp reading from sensor over last 10m is above the threshold
Example: Raise alarm if avg temp from last 100 sensor readings is above the threshold
DATA VIRTUALIZATION AND FEDERATION
RED HAT | ADD NAME30
What is Data Virtualization software?
Data Virtualization software makes data that is spread across various disparate sources; available to applications as if it is coming from a single dedicated data source.
Virtual Data Source
BI Reports
Data Virtualization Software
SAP Salesforce.comOracle DW XML, CSV& Excel files
Siloed & Complex
VirtualizeAbstractFederate
Easy,Real-time
InformationAccess
SOA Applications
31 RED HAT Confidential
Turn Data to Actionable Information
Connect
Compose
Consume
Unified Customer View
Unified Product View
Unified Supplier View
BI Reports & AnalyticsMobile Applications
SOA Applications & Portals
Unified Virtual Database / Common Data Model
ESB, ETL
Native Data Connectivity
Standard based Data ProvisioningJDBC, ODBC, SOAP, REST, OData
Design Tools
Dashboard
Optimization
Caching
Security
Metadata
Hadoop NoSQL Cloud Apps Data Warehouse & Databases Mainframe
XML, CSV& Excel Files
Enterprise Apps
Siloed & Complex
VirtualizeAbstractFederate
Easy,Real-time
InformationAccess
Data Sources
JDV
Data Consumers
RED HAT | ADD NAME32
Data Virtualization:Supported Data SourcesEnterprise RDBMS:• Oracle • IBM DB2 • Microsoft SQL Server• Sybase ASE• MySQL• PostgreSQL• Ingres
Enterprise EDW:• Teradata • Netezza • Greenplum
Hadoop:• Apache• HortonWorks• Cloudera• More coming…
Office Productivity:• Microsoft Excel • Microsoft Access• Google Spreadsheets
Specialty Data Sources:
• ModeShape Repository
• Mondrian• MetaMatrix• LDAP
NoSQL:• JBoss Data Grid• MongoDB • More coming…
Enterprise & Cloud Applications:
• Salesforce.com• SAP
Technology Connectors:
• Flat Files, XML Files, XML over HTTP
• SOAP Web Services• REST Web Services• OData Services
ANALYTICS
RED HAT | ADD NAME34
BAM: Process Dashboard – Instance Details
RED HAT | ADD NAME35
Some have done it already What for ?
RED HAT | ADD NAME36
Red Hat JBoss and Storage solutions power the Risk Management group of a Tier 1 global Bank with infrastructure to run Liquidity Risk algorithms on multiple intervals (intraday to annual), to optimize rule-based decisions and provide long term data retention
Red Hat Embedded Partner in military
Realtime Aggregate Retention Mission criticalVariety
Direct feeds from market data, to inject those data into intra-day calcultation
Multi-period calculations, from intraday to over the year calculations. Up to 80 future dates and 3000 different market paths
Market data live feeds with other counterparties, liabilities and exposures ; mix of hadoop-based data analysis and realtime data analysis
Long term retention of data to compute year-long risk analysis (up to 2 years)
System reliability and availability with data caching, persistent messages and high availability architecture
Red Hat Customer SuccessGlobal Banking Institution
RED HAT | ADD NAME37
Red Hat JBoss solutions power the ERDF Intelligent System with complex data filtering, event processing and data collected by the millions of intelligent and connected home electric meters
Red Hat Embedded Partner in military
Detect Filter and correlate Diagnose Mission
criticalCollect
Meters and Collectors monitoring, Event collection for QoS and performance monitoring
Data and Event collection 8 millions multi-format events per day, stored for 5 years.On the fly KPI calculation
Contextual behavior analysis via CEP, to identify malfunctions and unwanted floods, to control and manage context
Automatic diagnosis based on complex rules and context management. Manual diagnosis via mobile device and applications, structured data and cartography
System reliability and availability with data caching, persistent messages and high availability architecture
Red Hat Customer SuccessFrance Electricity provider ERDF
RED HAT | ADD NAME38
QuestionsQuestionsand and DiscussionDiscussion