NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
-
Upload
security-bootcamp -
Category
Presentations & Public Speaking
-
view
546 -
download
3
description
Transcript of NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
NETWORK SECURITY MONITORING WITH BIG
DATA ANALYTICS
Nguyen Minh Duc
Security BootCamp 2014
Oct 2014
Sad but True
Rules, signatures or not ?
Rules, signatures or not ?
Rules, signatures or not ?
• Security Information and Event Management
Ok, we’ve already got a SIEM
• Performance Limits Galore
• Data Variety Troubles
• Real-Time Correlation, Not Data Mining
• Analysis? Where Is That?
SIEM Challenges Today
Source: Gartner
So we need a more powerful tool
Big Data
Why Big Data ?
Hadoop ecosystem
Security analytics is the process of performing analysis on magnitudes of data, adding context to the information collected and then deriving answers and actionable knowledge
• Classification: Allows events to be grouped into like sets for context.• Correlation: Real-time & historical associations can be recognized, providing
context and relational understanding.• Clustering: Data point similarity detection across large collections provides a
straightforward, yet confident, way to derive true understanding of many events.• Affinity Grouping: Similar to clustering, but this can take the context of each data
point as it pertains to users, systems, attacks and their interactions. Provides excellent context between multiple, seemingly disparate, data points.
• Aggregation: Allows a high level view of large amounts of data, distilling often complex sets into simple numerical quantities, e.g. Did this bad event happen often enough in an hour to be of concern?
• Statistical Analysis: Provides methods for dealing with uncertainty within the data sets yielding a confidence for comprehension.
Security Analytics with Big Data
Source: HP
• Behavior-based anomaly detection vs signature-based detection
Security Analytics with Big Data
• Anomaly detection of user’s network resource access
Security Analytics with Big Data
Build your own “next-gen” NSM?
Build your own “next-gen” NSM?