Deep Insight Solutions - MapR Ultra

Ultra™

ULTRA™ A DEEP INSIGHT SOLUTIONS PRODUCT

INTRODUCING

Deep Insight Solutions™Proprietary

Our Proud Heritage

Started Developing Big Data Solutions in 2006…

… building advanced data fusion platforms for the Intelligence Community and US Department of Defense.

Working with Google and Yahoo, we pioneered the use of Hadoop as the Big Data platform for the U.S. Intelligence Community and Military Intelligence.

We have deployed over 100 PB of capacity around the world including Afghanistan, Iraq

and the Horn of Africa.


Solutions Development

We have been fortunate enough to

work with some amazing people…

… and been given a chance to develop some amazing products.

2007-2012

Deployed over 65PB for US

Army Intel in first PODs

2010-2012

Engineered

FlexPod

with NetApp

2013+

300 Rack deployment for

USSOCOM,

worldwide enterprise architecture

2011-2012

Provide Security Architecture for UCS

2013

Big Data platform on Humvee, Helicopters, FOBs

The stuff we can tell you about…


Security Architecture Design Principles

The Ultra Security Framework™ provides a flexible combination of security compliance and

operational automation.

Ultra provides comprehensive Defense in Depth security for the MapR platform.

Ultra is based on the SCAP Security Guide Project and provides NIST 800-53, FIPS 140-2 and ISO 27001

compliance.

GO

VER

NM

EN

T •NIST 800-53

•FIPS 140-2

• ISO 27001

•DISA STIG

•HIPAA

•SOX

•PCI-DSS

•GLBA

•CIP

•GXP

HEA

LTH •NIST 800-53

•FIPS 140-2

• ISO 27001

•DISA STIG

•HIPAA

•SOX

•PCI-DSS

•GLBA

•CIP

•GXPFIN

AN

CE •NIST 800-53

•FIPS 140-2

• ISO 27001

•DISA STIG

•HIPAA

•SOX

•PCI-DSS

•GLBA

•CIP

•GXP INTE

RN

ET

OF T

HIN

GS •NIST 800-53

•FIPS 140-2

• ISO 27001

•DISA STIG

•HIPAA

•SOX

•PCI-DSS

•GLBA

•CIP

•GXP

https://fedorahosted.org/scap-security-guide/


Value Proposition

Ultra Security Compliant Framework

Build new or transform existing deployments with our advanced security compliant framework to a highly secure, managed

configuration with an 'Defense in Depth' architecture that is ready for the most demanding industry use cases.

Securing streaming data, by ensuring

proper management and governance of

the data and overall platform

infrastructure.

Open standards based software stack facilitates rapid integration

of 3rd party tools and services.

End to end role based data & application security controls.

Automated standards based hardened operating system,

services and application deployment and configuration.

INTERNET OF THINGS

FINANCEGOVERNMENT

HEALTH

A field proven framework for highly

sensitive intelligence gathering and data

analysis.

Store sensitive and regulated data locally

to maintain compliance with evolving

regulatory

Facilitates and secures high volume

streaming transactions in the most

complex regulatory environments.


What is 'Defense in Depth'?Technical Security

Operational Security

Information System Security

The NSA definition for 'Defense in Depth' is:

“'Defense in Depth' is a practical strategy for achieving

Information Assurance in today’s highly networked

environments. It is a “best practices” strategy in that relies

on the intelligent application of techniques and

technologies that exist today. The strategy recommends a

balance between the protection capability and cost,

performance and operational considerations.”

(SCORE, 2011)

Over the years and working in conjunction with the U.S.

Intelligence community, Deep Insight Solutions engineers and

analysts have been responsible for defining, designing and

implementing the 'Defense in Depth' strategy for the world’s

most secure networked environments, including the National

Security Agency, CIA and Department of Defense military

intelligence networks.


Technical Security

Ultra security concepts that are related to the technical security controls as described in NIST 800-53. Activities include:

Identification and Authentication

User Identification and Authentication

Device Identification and Authentication

Identifier Management

Authenticator Management

Access Control

Account Management

Access Enforcement

Information Flow Enforcement

Separation of Duties

Least Privilege

Session Controls

Permitted Actions without Id or Authentication

Security Attributes

Remote Access

Systems and Communications Protection

Application Partitioning

Shared Resources

Denial of Service Protection

Boundary Protection

Transmission Security

Single User Mode

PKI and Cryptography

Mobile Code

Protection of Information at Rest

Audit and Accountability

Auditable Events

Content of Audit Records

Audit Storage

Audit Reduction and Response

Protection of Audit Information

Time Synchronization

http://simp.readthedocs.io/en/latest/glossary.html#term-nist-800-53


Operational Security

Operational management focuses on all of the activities required to sustain an organization’s security posture on a daily basis.

Activities include:

Maintaining visible and up to date system security policies.

Automated Certification & Accreditation changes to the solution architecture. The C&A processes should provide the data to support risk management based decisions. These processes should also acknowledge that a “risk accepted by one is a risk shared by many” in an interconnected environment.

Effective management of the system security posture, including installation of security patches, virus updates, and maintaining up-to-date access control lists.

Provisioning and protection of key management services.

Performing system security assessments to assess and document the continued “Security System Readiness”.

Monitoring and reacting to current threats.

Attack sensing, warning and response.

Recovery and reconstitution.


Information System Security

Information Assurance is required for systems Certification and Accreditation.

Activities include:

Risk Assessment

Ultra Self Risk Assessment

Vulnerability Scanning and Report Generation

Security Assessment and Authorization


Time to Value

MapR Ultra Timeline: 1 Day

Typical Timeline: 6-12 Months

Hardware

Architecture Design

Cloud Workload Service

Requirements

Establish Compliance

Controls

Create Distributed Cloud

Environment

Deployed Compliant

Production Environment

Software

Architecture Design

Software Integration

NSA Security Architecture Framework

The MapR Ultra™ Security Compliance Framework integrates thousands of security related mitigations and enhancements to provide a turnkey, highly secure solution. The majority of our customers are standing up their platform from bare metal in the morning, and by the afternoon are bringing data into the platform, deploying

custom applications and conducting analytics without sacrificing security.

5 6 7 81 2 3 4


Component ArchitectureP

latfo

rm O

rch

estra

tion

Application Framework for Custom Development MapR Partner Network

Commercial Engines and ApplicationsOpen Source Engines and Tools

Commodity Infrastructure

Ultra Security Compliance Framework™PKI, Secure Remote Access, LDAP, Audit Management, Host-based firewall, Unauthorized service prevention, Secure Hardened

OS, IA C&A Scanning, IA Report generation.

Custom Applications & Services


Product Configuration and Service Options

Ultra Management Node

• Physical Appliance or Virtual Appliance

Ultra Managed Node Annual License

• Right to Use/Access to Patches and Security Update Repositories

Information Assurance Annual Subscription

• Quality Assured CVE & IAVA Updates

• 30 Days for CAT I’s, 90 days for CAT II-IV

Managed Platform Support Services Annual Subscriptions

• Tier 1 Support 8/5/5 Business Day Response

• Tier 2 Support 8/7/3 Business Day Response

• Tier 3 Support 8/7/Next Business Day Response

• Tier 3 Support 24/7/Same Day Response

Deep Insight Solutions - MapR Ultra

Documents

Transcript of Deep Insight Solutions - MapR Ultra