Combating Fraud and Intrusion Threats with Event Processing, TIBCO, TUCON 2007, Tim Bass, CISSP, Principal Global Architect, DirectorEmerging Technologies Group, TIBCO Software Inc.
UiPath Community: AI for UiPath Automation Developers
Combating Fraud and Intrusion Threats with Event Processing
1. Combating Fraud and Intrusion Threats with Event Processing Tim Bass, CISSP Principal Global Architect, Director Emerging Technologies Group TIBCO Software Inc.
2.
3.
4. Threats Are Everywhere! Source: www.cert.org Intruders High Low 1980 1985 1990 1995 2000+ Intruder Knowledge Attack Sophistication cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools “ stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools staged auto coordinated / bots
14. Overview of IDS & FDS Systems Detection Approach Systems Protected Architecture Data Sources Analysis Timing Detection Actions HIDS NIDS Hybrid Audit Logs Net Traffic System Stats Real Time Data Mining Anomaly Detection Signature Detection Centralized Distributed Active Passive Security Event “Stovepipes” Centralized Distributed Fraud and Intrusion Detection Systems, Logs Agent Based
23. EDA Characteristics Aggregate events across multiple sources; compare reality with expectations Analyze Detect events across extended environment in real-time Sense Update expectations; Invoke distributed services in real-time Respond
24.
25.
26.
27.
28. CEP Illustrated Detecting Threats with Complex Event Processing
29. Complex Event Processing " Events in several forms, from simple events to complex events, will become very widely used in business applications during 2004 through 2008 " --- Gartner July 2003 Situation Detection
30. Event Processing Reference Architecture 24 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT TRACKING Visualization, BAM, User Interaction Event-Processing Architecture DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION DETECTION LEVEL THREE PREDICTIVE ANALYSIS LEVEL FOUR ADAPTIVE BPM
37. BusinessEvents™ Components Enterprise Metadata (Concepts, Properties, State Models, XML Schemas, Business Rules) BusinessEvents Workbench (Designtime) BusinessEvents Engine (Runtime) Business User Interface Business User Language Decision Tables Runtime Viewer Management Server
38.
39. On-Line Fraud Detection Use Case Approx. 12,000 Hits Per Second During Peak Period Across the Three Sites – One Instance Of TIBCO BusinessEvents™ Capable of Handling Maximum Hits Overall 100 Million Hits Handled Between 3PM – 4 PM Peak Approx. 250 Million Hits Per Day Across the Three Sites TIBCO EMS™ TIBCO Business Events™ Session Info Three Server Farms ~600-700 Application Servers
40.
41.
42. Thank You! Tim Bass, CISSP Principal Global Architect, Director TIBCO Software Inc.