Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Apache Spot
Ähnlich wie Apache Spot (20)
Apache Spot
- 1. APACHE SPOT Network Security Re-imagined Austin Leahy @DataMinion
- 2. AGENDA Where is the need The new approach Moving to real investigation Value of anomaly based detection ONI –Demo Open Data Model Q&A
- 3. DECREASING BENEFITS AT SCALE
- 4. START WITH THE HARDEST PILL TO SWALLOW Operational Analytics • Visualization, attack heuristics, noise filter Machine Learning • Filter billion of events to a few thousands • Unsupervised learning Parallel Ingest Framework • Open source decoders • Load data in Hadoop Telemetry • Network Flows (nfcapd) • DNS (PCAP) • Proxy
- 5. SIEM (TBs) Big Data/ML based Applications (PBs) INVESTIGATION WAS NEVER DETECTION
- 6. EVERY LAYER REQUIRES MORE EXPENSIVE COMPUTATION
- 7. APACHE SPOT – REIMAGINE SCIRT WORKFLOWS
- 8. • Partners Should control their Data • Application framework is rocket fuel for the build instead of buy decision • Community engagement means ever increasing value describing the landscape Network Apache Hadoop* Spark + ML Intel Platform OPEN NETWORK INSIGHT OPEN DATA MODEL Identity Endpoint Open Network Insight
- 9. http://incubator.apache.org/projects/spot.html Join the community today and participate: @DataMinion
Hinweis der Redaktion
- Traditional SIEMs… Y-axis: Detect known threats using search and correlation based techniques. They are not meant for querying/ or advanced analytics. X-axis: The data that you store in the SIEM needs to be structured and limited in volume. High large, high volume data sources are not being stored or processed. Z-axis: The volume of information is limited. SIEMs only store 90 to 120 days worth of data. CLICK ANIMATION Apache Hadoop-based cybersecurity solutions: Y-axis: Allows a wide range of access to the data depending on analytics technique. Not just a search or SQL engine. X-axis: Any volume or type of data can be stored on the enterprise data hub. Z-axis: Months and years worth of data can remain accessible for threat responders to access and analysts to analyze. But Alan, but you know all of this. You have done some work in the open source community to help but this new technology in the hands of cybersecurity professionals.
- Cybersecurity application framework Abnormal traffic patterns analyzing network flow and dns with machine learning Open data models for network Community to extend
- We are going to continue to grow the ONI community to deliver on additional open data models such as endpoint and identity/ user, while continuing to look at the Apache Hadoop ecosystem to improve the performance of ONI. CTA: We need your help. ONI gets stronger as more organizations embed it into their application, and more enterprise leverage the open data model so they can share analytics with industry peers. *** CLICK TO REVEAL CYBRAICS HIGHLIGHT — SPECIAL ANNOUNCEMENT ***