Cyber Security in Network Centric Environment Anvita Sharma Middleware Architect Red Hat.

Cyber Security in Network Centric Environment

Anvita SharmaMiddleware ArchitectRed Hat

2

Agenda

NCO - Network Centric Operations

Cyber Security Challenge

Intelligence Driven Security Systems

Tools that can help

Questions

3

Network Centric Operations

4

“Net-Centric Operations refers to participating as a part of a complex community of people,

devices, information and services interconnected by a communications network to

optimise resource management and provide superior information on events and conditions

needed to empower decision makers.”

5

NCO – Reference Model

6

What Problems are we trying to solve?

7

What Problems are we trying to solve?

SECURE THE NET

9

Cybersecurity Challenge

It's largely about DATA..

RED HAT | ADD NAME11


... Machine generated data

200 billions 40%

Connected devicesby 2020

Machine data growthby 2020

Getting DATA from MACHINES


Business generated data

Getting DATA from BUSINESS

DATA SILOS


Human Generated data

Source: eMarketer, Dec 2013 Source: eMarketer, Dec 2013

Getting DATA on/from the USERS

500M tweets/dayeq 6.5 Gbps

10B messages/dayeq 146 Gbps

64B messages/dayeq 830 Gbps


CONVERGENCE OF FOUR DATA TRENDS

More Data means More Security

17

Intelligence Driven Security Model

It's largely about DATA..

Using Big Data to confront the unprecedented information risk arising from

Diminishing Network Boundaries

Sophisticated AdversariesIt's largely about DATA..It's largely about DATA..

18

Intelligence Driven Security Model

It's largely about DATA..It's largely about DATA..It's largely about DATA..Big Data Driven Security Model

Diverse Data Sources

Tools to collect Data

Monitoring Systems

Centralised Storage

High Degree of Integration

Standardised Views

Analytics Engine

INTEGRATON PLATFORMS

partners

devices

cloud / SaaS apps

distributors

With JBoss Fuse, You Can Integrate Everything...

+

HQ + integration stack

MQ

MQ

MQ

MQ

MQ

MQESB

ESB

Integration beyond the Data Center – deploy ESBs and brokers at distributers, outlets and devices

No longer limited to hub-and spoke – deploy integration intelligence at any location around the globe

Eliminate batch delivery –brokers can easily and inexpensively be deployed everywhere

DATA GRID

22

What is a data grid?

An in-memory distributed data store designed for fast access to large volumes of data and scalability

Commonly a complementary layer to the relational database and the application.

Store and Compute Data/Events

Key data grid characteristics:

In-memory, distributed caching

Elastic scalability

Advanced querying

Data replication

Processing for streaming data

Transaction capabilities

COMPLEX EVENT PROCESSING


What is Complex Event Processing?

What is an Event?

A significant change of state at a particular point in time.

What is Complex Event Processing?

The ability to detect, correlate, abstract, aggregate or compose and react to events.


CEP and BRMS Enables:

Event DetectionFrom an event cloud or set of streams, select all the meaningful events and only

then:

(Temporal) Event CorrelationAbility to correlate events and facts declaring both temporal and non-temporal

constraints between them. Ability to reason over event aggregation.

Event abstractionAbility to compose complex events from atomic events AND reason over them.


Model: CEP Modes

Cloud Mode Stream Mode

Default Mode – All facts and events are loaded before reasoning

Many to many pattern matching by the engine

No notion of flow of time, no clock synchronization

Ordering is not required

Event lifecycle managed by user

Sliding window is not needed

Events must be time-ordered

Engine synchronizes between streams using session clock

Engine applies the notion of flow

Engine manages the event lifecycle

Sliding window option could be used

Negative patterns could be used. Ex. Fire detected, no sprinkler turned on in 10 sec sound alarm


Model: Temporal Relationships

Event A before Event B

Event A meets Event B

Event A overlaps Event B

Event A finishes Event B

Event A includes Event B

Event A starts Event B

Event A coincides Event B

Event A after Event B

Event A metBy Event B

Event A overlapedBy Event B

Event A finishedBy Event B

Event A during Event B

Event A finishes Event B

when

Shipment( $pickupTime : scheduledPickupTime )

not ShipmentPickup( this before $pickupTime )

then

// shipment not picked up... Action required.

end

rule “Shipment not picked up in time”

when

Shipment( $pickupTime : scheduledPickupTime )

not ShipmentPickup( this before $pickupTime )

then

// shipment not picked up... Action required.

end

rule “Shipment not picked up in time”

Temporal Relationship

13 Operators are Supported


Model: CEP – Sliding WindowsSliding window 1

Sliding window 2

Joined window

Sliding Time Window- Reason Over events occurring next set time duration

Sliding Length Window- Reason Over set number of events occuring

rule "Sound the alarm in case temperature rises above threshold"when TemperatureThreshold( $max : max ) Number( doubleValue > $max ) from accumulate( SensorReading( $temp : temperature ) over window:time( 10m ), average( $temp ) )then // sound the alarmend

rule "Sound the alarm in case temperature rises above threshold"when TemperatureThreshold( $max : max ) Number( doubleValue > $max ) from accumulate( SensorReading( $temp : temperature ) over window:length( 100 ), average( $temp ) )then // sound the alarmend

Example: Raise alarm if avg temp reading from sensor over last 10m is above the threshold

Example: Raise alarm if avg temp from last 100 sensor readings is above the threshold

DATA VIRTUALIZATION AND FEDERATION


What is Data Virtualization software?

Data Virtualization software makes data that is spread across various disparate sources; available to applications as if it is coming from a single dedicated data source.

Virtual Data Source

BI Reports

Data Virtualization Software

SAP Salesforce.comOracle DW XML, CSV& Excel files

Siloed & Complex

VirtualizeAbstractFederate

Easy,Real-time

InformationAccess

SOA Applications

31 RED HAT Confidential

Turn Data to Actionable Information

Connect

Compose

Consume

Unified Customer View

Unified Product View

Unified Supplier View

BI Reports & AnalyticsMobile Applications

SOA Applications & Portals

Unified Virtual Database / Common Data Model

ESB, ETL

Native Data Connectivity

Standard based Data ProvisioningJDBC, ODBC, SOAP, REST, OData

Design Tools

Dashboard

Optimization

Caching

Security

Metadata

Hadoop NoSQL Cloud Apps Data Warehouse & Databases Mainframe

XML, CSV& Excel Files

Enterprise Apps

Siloed & Complex

VirtualizeAbstractFederate

Easy,Real-time

InformationAccess

Data Sources

JDV

Data Consumers


Data Virtualization:Supported Data SourcesEnterprise RDBMS:• Oracle • IBM DB2 • Microsoft SQL Server• Sybase ASE• MySQL• PostgreSQL• Ingres

Enterprise EDW:• Teradata • Netezza • Greenplum

Hadoop:• Apache• HortonWorks• Cloudera• More coming…

Office Productivity:• Microsoft Excel • Microsoft Access• Google Spreadsheets

Specialty Data Sources:

• ModeShape Repository

• Mondrian• MetaMatrix• LDAP

NoSQL:• JBoss Data Grid• MongoDB • More coming…

Enterprise & Cloud Applications:

• Salesforce.com• SAP

Technology Connectors:

• Flat Files, XML Files, XML over HTTP

• SOAP Web Services• REST Web Services• OData Services

ANALYTICS


BAM: Process Dashboard – Instance Details


Some have done it already What for ?


Red Hat JBoss and Storage solutions power the Risk Management group of a Tier 1 global Bank with infrastructure to run Liquidity Risk algorithms on multiple intervals (intraday to annual), to optimize rule-based decisions and provide long term data retention

Red Hat Embedded Partner in military

Realtime Aggregate Retention Mission criticalVariety

Direct feeds from market data, to inject those data into intra-day calcultation

Multi-period calculations, from intraday to over the year calculations. Up to 80 future dates and 3000 different market paths

Market data live feeds with other counterparties, liabilities and exposures ; mix of hadoop-based data analysis and realtime data analysis

Long term retention of data to compute year-long risk analysis (up to 2 years)

System reliability and availability with data caching, persistent messages and high availability architecture

Red Hat Customer SuccessGlobal Banking Institution


Red Hat JBoss solutions power the ERDF Intelligent System with complex data filtering, event processing and data collected by the millions of intelligent and connected home electric meters

Red Hat Embedded Partner in military

Detect Filter and correlate Diagnose Mission

criticalCollect

Meters and Collectors monitoring, Event collection for QoS and performance monitoring

Data and Event collection 8 millions multi-format events per day, stored for 5 years.On the fly KPI calculation

Contextual behavior analysis via CEP, to identify malfunctions and unwanted floods, to control and manage context

Automatic diagnosis based on complex rules and context management. Manual diagnosis via mobile device and applications, structured data and cartography

System reliability and availability with data caching, persistent messages and high availability architecture

Red Hat Customer SuccessFrance Electricity provider ERDF


QuestionsQuestionsand and DiscussionDiscussion

Cyber Security in Network Centric Environment Anvita Sharma Middleware Architect Red Hat.

Documents

Transcript of Cyber Security in Network Centric Environment Anvita Sharma Middleware Architect Red Hat.