SlideShare ist ein Scribd-Unternehmen logo

Performing network security analytics

DataWorks Summit
DataWorks Summit
Technologie
1 von 15
Performing  Network  &  Security  Analy7cs   with  Hadoop   Travis Dawson Director of Product Management Narus, Inc Hadoop Summit 2012
Agenda   §  Who am I, What do I do §  What is Network & Security Analytics §  Using Hadoop in Network & Security Analytics §  What becomes possible with Big Data Analytics §  Putting it all together §  Lessons Learned Narus  |    2    
Who  am  I   What  do  I  do   §  Geek §  Director of Product Management, Narus Inc –  Narus Inc, A wholly owned subsidiary of Boeing –  Build High Performance Network Intelligence Systems –  I herd cats and make Powerpoints all day –  Occasionally think about product requirements §  Principal Member Technical Staff, Sprint –  Sprint Advanced Technology Labs –  Wireline/Wireless Network Architecture, Design, Security –  I broke stuff Narus    |    3    
What  is  Network  &  Security  Analy7cs   A  type  of  voodoo,  but  with  computers   The (black) art of finding malicious or problematic sessions in a mountain of network traffic §  Multiple approaches –  Signatures/Blacklists –  Behavior –  Algorithmic –  Ouiji Board, Live Chicken, Full Moon, etc §  Single Goal –  Identify malicious or problematic traffic before it causes substantial harm to your network or your assets. Narus    |    4    
Network  &  Security  Analy7cs   What’s  working  against  you   The enemy is ever-changing and infinitely intelligent §  New attack vectors are more difficult to detect than ever –  Polymorphic, Randomized –  APTs are real –  Zero-Days –  Protocol, Application, OS §  Traditional Methods in-effective –  Payloads ever changing –  Simply too many new and existing §  Higher speeds of links makes deeper analysis harder –  10G/sec maxes out at ~15M packets per second Narus    |    5    
What  is  Network  &  Security  Analy7cs   Finding  the  Needle  in  a  stack  of  Needles   §  Where to look –  Which stack of Needles do I need to look at §  What are you looking for –  Do you know? –  Are you guessing? –  Do you know what you are NOT looking for? §  How to find something that is not ‘right’ –  What is ‘right’, what is ‘not-right’, what is ‘wrong’? –  What is the difference? –  What is ‘normal’ vs what is ‘right’ ? –  How much data do you need ? Narus    |    6    
What  is  Network  &  Security  Analy7cs     Solving  the  Network  &  Security  Analy7cs  Problem       Multiple Methods, Multiple Algorithms, Multiple Passes Per Analytic §  You need a lot of data to determine what is ‘not-right’ –  More data == More accurate results §  You need to run sophisticated algorithms across the data –  Use new algorithms to find something ‘not-right’ –  Not always easy §  You need multiple passes on the data –  One Algorithm feeds the next Algorithm –  Focus on the workflow, how an analyst would work. Narus    |    7    
Breaking  out  of  the  SQL  Prison   A  quick  rant   §  SQL has been around since the 70’s –  So have I! –  Great for solving ‘known’ problems §  Unable to perform the deep analytics required –  No combination of SELECT, JOIN, UDF will get you what you need at times –  Unstructured data is a nightmare and now more common §  However, use of one tool does not mean you can’t use another tool as well –  SQL and Hadoop can live very happily together –  The right tool for the right job, or more precisely: •  The right tool for the right PART of the job Narus    |    8    
Network  &  Security  Analy7c   Using  Hadoop  to  solve  the  hard  problems   §  Amount of Data –  1 week -> 1 Month+ of data: 100’s of Billions of Sessions, 100’s of TB’s of Data, ingesting dozens of data types and millions of sessions per hour §  Algorithms –  Looking for sessions that look something like this thing or maybe unlike this other thing. You can do that right??? §  Unstructured –  We have no idea what we are going to get in terms of information §  Price per Analytic Hour –  How much does it cost to run this analytic in a set amount of time Narus    |    9    
Network  &  Security  Analy7c   A  Simple  Workflow  Example   Find a Polymorphic BotNet/Worm infection vector §  Find the suspected infected hosts –  Clustering/Behavior/Signatures to find possible bots and worms §  Find the Command & Control –  From list of suspects, who are the most popular ‘servers’ §  Find ALL of the possible infections –  From C&C servers, what hosts were communicated with –  Cluster and group similar hosts to find even more §  Find the Infection Vector –  From all the suspect hosts, cluster hosts by common Application ‘features’ and traffic patterns You need a LOT of data and it’s non-deterministic Narus    |    10    
Network  &  Security  Analy7c   Workflow  details   What Makes This Work §  Hadoop Tools/Methods Used –  Entropy, FFT, Behavior Jobs –  Mahout (Clustering and Machine Learning) –  Custom Clustering (Hourglass Co-Clustering) –  Custom Correlation §  Other Tools Used –  Streaming Classification/Statistics Engine –  RDBMS –  Visualization Front End Narus    |    11    
Network  &  Security  Analy7c   In  real  life   Many  tools  enabling  each  other   I  need  to   I  know   I  don’t  know   I  need  to   I  need  to  view   capture  the   what  I  am   what  I  am   organize  the   the  findings   traffic   looking  for   looking  for   findings   logically   Datasets   Deep   Summary   Packets   Metadata   Streaming   Analysis   Shallow   Views   Capture   Analysis   Hadoop   Analysis   RDBMS   Narus    |    12    
Lessons  learned   How  we  learned  to  make  it  all  work   §  Don’t use a hammer when you need a scalpel –  It just doesn’t work, don’t force it. –  If there is a better way of doing it, use that way §  Hadoop does a lot of things really well –  Complicated algorithms over vast amounts of data –  Unstructured Data §  Hadoop does some things really poorly –  Low Latency results for visualization –  Simple Statistics and some groupings §  Use Hadoop in conjunction with other tools –  Use the best tool for the job. –  Break the job into pieces and evaluate the tools for each piece Narus    |    13    
Conclusion   Hadoop  as  a  pla^orm  for  Network  Security  Analy7cs   §  Hadoop has allowed us to solve problems for our customers that were previously unsolvable in a reasonable amount of time §  New algorithms and analytics were made possible by Hadoop §  By using Hadoop in conjunction with our Streaming Engine and an RDBMS we were able to create a system that performed better then just the sum of its parts. §  We are now able to scale into larger datasets and extract even better insights then before §  No longer confined by any tool, we leverage the power of Hadoop to solve many of our problems Narus    |    14    
Q&A   Narus    |    15    

Empfohlen

44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysisMichael Boman
 
Performing Network & Security Analytics with Hadoop
Performing Network & Security Analytics with HadoopPerforming Network & Security Analytics with Hadoop
Performing Network & Security Analytics with HadoopDataWorks Summit
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionMapR Technologies
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionMichael Boman
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeDataWorks Summit
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoringchrissanders88
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivitySqrrl
 

Empfohlen

44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysisMichael Boman
 
Performing Network & Security Analytics with Hadoop
Performing Network & Security Analytics with HadoopPerforming Network & Security Analytics with Hadoop
Performing Network & Security Analytics with HadoopDataWorks Summit
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionMapR Technologies
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionMichael Boman
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeDataWorks Summit
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoringchrissanders88
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivitySqrrl
 
Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...
Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...
Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...Big Data Spain
 
Managing your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC OsloManaging your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC OsloDavid Pilato
 
Managing your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgManaging your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgDavid Pilato
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonBecky Burwell
 
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...Databricks
 
Smart Data Conference: DL4J and DataVec
Smart Data Conference: DL4J and DataVecSmart Data Conference: DL4J and DataVec
Smart Data Conference: DL4J and DataVecJosh Patterson
 
Managing your black friday logs - Code Europe
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code EuropeDavid Pilato
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup Suman Karumuri
 
Large-Scale Search Discovery Analytics with Hadoop, Mahout, Solr
Large-Scale Search Discovery Analytics with Hadoop, Mahout, SolrLarge-Scale Search Discovery Analytics with Hadoop, Mahout, Solr
Large-Scale Search Discovery Analytics with Hadoop, Mahout, SolrDataWorks Summit
 
Building a Real-Time Gaming Analytics Service with Apache Druid
Building a Real-Time Gaming Analytics Service with Apache DruidBuilding a Real-Time Gaming Analytics Service with Apache Druid
Building a Real-Time Gaming Analytics Service with Apache DruidImply
 
Security data deluge
Security data delugeSecurity data deluge
Security data delugeDataWorks Summit
 
qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...
qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...
qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...Sri Ambati
 
Hunting Botnets with Zmap
Hunting Botnets with ZmapHunting Botnets with Zmap
Hunting Botnets with ZmapHeadlessZeke
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsMarco Casassa Mont
 
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...DataWorks Summit
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and RoadmapImply
 
Cisco OpenSOC
Cisco OpenSOCCisco OpenSOC
Cisco OpenSOCJames Sirota
 
Deep learning on Hadoop/Spark -NextML
Deep learning on Hadoop/Spark -NextMLDeep learning on Hadoop/Spark -NextML
Deep learning on Hadoop/Spark -NextMLAdam Gibson
 
Minimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop labMinimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop labAnurag Shrivastava
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Allot Communications
 
Netadminpres
NetadminpresNetadminpres
NetadminpresSimon Bennett
 

Weitere ähnliche Inhalte

Was ist angesagt?

Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...
Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...
Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...Big Data Spain
 
Managing your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC OsloManaging your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC OsloDavid Pilato
 
Managing your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgManaging your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgDavid Pilato
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonBecky Burwell
 
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...Databricks
 
Smart Data Conference: DL4J and DataVec
Smart Data Conference: DL4J and DataVecSmart Data Conference: DL4J and DataVec
Smart Data Conference: DL4J and DataVecJosh Patterson
 
Managing your black friday logs - Code Europe
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code EuropeDavid Pilato
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup Suman Karumuri
 
Large-Scale Search Discovery Analytics with Hadoop, Mahout, Solr
Large-Scale Search Discovery Analytics with Hadoop, Mahout, SolrLarge-Scale Search Discovery Analytics with Hadoop, Mahout, Solr
Large-Scale Search Discovery Analytics with Hadoop, Mahout, SolrDataWorks Summit
 
Building a Real-Time Gaming Analytics Service with Apache Druid
Building a Real-Time Gaming Analytics Service with Apache DruidBuilding a Real-Time Gaming Analytics Service with Apache Druid
Building a Real-Time Gaming Analytics Service with Apache DruidImply
 
qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...
qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...
qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...Sri Ambati
 
Hunting Botnets with Zmap
Hunting Botnets with ZmapHunting Botnets with Zmap
Hunting Botnets with ZmapHeadlessZeke
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsMarco Casassa Mont
 
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...DataWorks Summit
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and RoadmapImply
 
Deep learning on Hadoop/Spark -NextML
Deep learning on Hadoop/Spark -NextMLDeep learning on Hadoop/Spark -NextML
Deep learning on Hadoop/Spark -NextMLAdam Gibson
 
Minimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop labMinimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop labAnurag Shrivastava
 

Was ist angesagt? (20)

Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...
Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...
Fishing Graphs in a Hadoop Data Lake by Jörg Schad and Max Neunhoeffer at Big...
 
Managing your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC OsloManaging your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC Oslo
 
Managing your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgManaging your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed Luxembourg
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilson
 
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
 
Smart Data Conference: DL4J and DataVec
Smart Data Conference: DL4J and DataVecSmart Data Conference: DL4J and DataVec
Smart Data Conference: DL4J and DataVec
 
Managing your black friday logs - Code Europe
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code Europe
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
 
PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup
 
Large-Scale Search Discovery Analytics with Hadoop, Mahout, Solr
Large-Scale Search Discovery Analytics with Hadoop, Mahout, SolrLarge-Scale Search Discovery Analytics with Hadoop, Mahout, Solr
Large-Scale Search Discovery Analytics with Hadoop, Mahout, Solr
 
Building a Real-Time Gaming Analytics Service with Apache Druid
Building a Real-Time Gaming Analytics Service with Apache DruidBuilding a Real-Time Gaming Analytics Service with Apache Druid
Building a Real-Time Gaming Analytics Service with Apache Druid
 
Security data deluge
Security data delugeSecurity data deluge
Security data deluge
 
qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...
qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...
qconsf 2013: Top 10 Performance Gotchas for scaling in-memory Algorithms - Sr...
 
Hunting Botnets with Zmap
Hunting Botnets with ZmapHunting Botnets with Zmap
Hunting Botnets with Zmap
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS Analytics
 
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and Roadmap
 
Cisco OpenSOC
Cisco OpenSOCCisco OpenSOC
Cisco OpenSOC
 
Deep learning on Hadoop/Spark -NextML
Deep learning on Hadoop/Spark -NextMLDeep learning on Hadoop/Spark -NextML
Deep learning on Hadoop/Spark -NextML
 
Minimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop labMinimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop lab
 

Andere mochten auch

Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Allot Communications
 
IP&A109 Next-Generation Analytics Architecture for the Year 2020
IP&A109 Next-Generation Analytics Architecture for the Year 2020IP&A109 Next-Generation Analytics Architecture for the Year 2020
IP&A109 Next-Generation Analytics Architecture for the Year 2020Anjan Roy, PMP
 
Envisioning the Next Generation of Analytics
Envisioning the Next Generation of AnalyticsEnvisioning the Next Generation of Analytics
Envisioning the Next Generation of AnalyticsLora Cecere
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Survey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSurvey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSolarWinds
 
(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big DataAmazon Web Services
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
 
Data Analytics for Security Intelligence
Data Analytics for Security IntelligenceData Analytics for Security Intelligence
Data Analytics for Security IntelligenceData Driven Innovation
 
Big Data 2.0: ETL & Analytics: Implementing a next generation platform
Big Data 2.0: ETL & Analytics: Implementing a next generation platformBig Data 2.0: ETL & Analytics: Implementing a next generation platform
Big Data 2.0: ETL & Analytics: Implementing a next generation platformCaserta
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkRahul Jain
 

Andere mochten auch (14)

Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
 
Netadminpres
NetadminpresNetadminpres
Netadminpres
 
Security analytics
Security analyticsSecurity analytics
Security analytics
 
IP&A109 Next-Generation Analytics Architecture for the Year 2020
IP&A109 Next-Generation Analytics Architecture for the Year 2020IP&A109 Next-Generation Analytics Architecture for the Year 2020
IP&A109 Next-Generation Analytics Architecture for the Year 2020
 
Envisioning the Next Generation of Analytics
Envisioning the Next Generation of AnalyticsEnvisioning the Next Generation of Analytics
Envisioning the Next Generation of Analytics
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Survey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSurvey: Security Analytics and Intelligence
Survey: Security Analytics and Intelligence
 
(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
 
Data Analytics for Security Intelligence
Data Analytics for Security IntelligenceData Analytics for Security Intelligence
Data Analytics for Security Intelligence
 
Big Data 2.0: ETL & Analytics: Implementing a next generation platform
Big Data 2.0: ETL & Analytics: Implementing a next generation platformBig Data 2.0: ETL & Analytics: Implementing a next generation platform
Big Data 2.0: ETL & Analytics: Implementing a next generation platform
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache Spark
 

Ähnlich wie Performing network security analytics

Deep Learning and Recurrent Neural Networks in the Enterprise
Deep Learning and Recurrent Neural Networks in the EnterpriseDeep Learning and Recurrent Neural Networks in the Enterprise
Deep Learning and Recurrent Neural Networks in the EnterpriseJosh Patterson
 
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and SolrLarge Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and SolrGrant Ingersoll
 
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and SolrLarge Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and SolrGrant Ingersoll
 
MapR LucidWorks Joint Webinar 121211
MapR LucidWorks Joint Webinar 121211MapR LucidWorks Joint Webinar 121211
MapR LucidWorks Joint Webinar 121211MapR Technologies
 
Cloudera Breakfast Series, Analytics Part 1: Use All Your Data
Cloudera Breakfast Series, Analytics Part 1: Use All Your DataCloudera Breakfast Series, Analytics Part 1: Use All Your Data
Cloudera Breakfast Series, Analytics Part 1: Use All Your DataCloudera, Inc.
 
MapR lucidworks joint webinar
MapR lucidworks joint webinarMapR lucidworks joint webinar
MapR lucidworks joint webinarTed Dunning
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Islam Azeddine Mennouchi
 
Monitoring and Managing Network Application Performance
Monitoring and Managing Network Application PerformanceMonitoring and Managing Network Application Performance
Monitoring and Managing Network Application PerformanceSavvius, Inc
 
Monitoring and Managing Network Application Performance
Monitoring and Managing Network Application PerformanceMonitoring and Managing Network Application Performance
Monitoring and Managing Network Application PerformanceLisa Menestrina
 
The Age of Data-Driven Network Operations
The Age of Data-Driven Network OperationsThe Age of Data-Driven Network Operations
The Age of Data-Driven Network OperationsAPNIC
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
Hadoop summit EU - Crowd Sourcing Reflected Intelligence
Hadoop summit EU - Crowd Sourcing Reflected IntelligenceHadoop summit EU - Crowd Sourcing Reflected Intelligence
Hadoop summit EU - Crowd Sourcing Reflected IntelligenceTed Dunning
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertISSA LA
 
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider DisciplineTroubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider DisciplineSagi Brody
 
Crowd-Sourced Intelligence Built into Search over Hadoop
Crowd-Sourced Intelligence Built into Search over HadoopCrowd-Sourced Intelligence Built into Search over Hadoop
Crowd-Sourced Intelligence Built into Search over HadoopDataWorks Summit
 
Machine Learning and Hadoop
Machine Learning and HadoopMachine Learning and Hadoop
Machine Learning and HadoopJosh Patterson
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
Georgia Tech cse6242 - Intro to Deep Learning and DL4J
Georgia Tech cse6242 - Intro to Deep Learning and DL4JGeorgia Tech cse6242 - Intro to Deep Learning and DL4J
Georgia Tech cse6242 - Intro to Deep Learning and DL4JJosh Patterson
 
Zen and the art of collecting and analyzing malware
Zen and the art of collecting and analyzing malwareZen and the art of collecting and analyzing malware
Zen and the art of collecting and analyzing malwareGaetano Zappulla
 

Ähnlich wie Performing network security analytics (20)

Deep Learning and Recurrent Neural Networks in the Enterprise
Deep Learning and Recurrent Neural Networks in the EnterpriseDeep Learning and Recurrent Neural Networks in the Enterprise
Deep Learning and Recurrent Neural Networks in the Enterprise
 
Log Data Mining
Log Data MiningLog Data Mining
Log Data Mining
 
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and SolrLarge Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
 
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and SolrLarge Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
Large Scale Search, Discovery and Analytics with Hadoop, Mahout and Solr
 
MapR LucidWorks Joint Webinar 121211
MapR LucidWorks Joint Webinar 121211MapR LucidWorks Joint Webinar 121211
MapR LucidWorks Joint Webinar 121211
 
Cloudera Breakfast Series, Analytics Part 1: Use All Your Data
Cloudera Breakfast Series, Analytics Part 1: Use All Your DataCloudera Breakfast Series, Analytics Part 1: Use All Your Data
Cloudera Breakfast Series, Analytics Part 1: Use All Your Data
 
MapR lucidworks joint webinar
MapR lucidworks joint webinarMapR lucidworks joint webinar
MapR lucidworks joint webinar
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013
 
Monitoring and Managing Network Application Performance
Monitoring and Managing Network Application PerformanceMonitoring and Managing Network Application Performance
Monitoring and Managing Network Application Performance
 
Monitoring and Managing Network Application Performance
Monitoring and Managing Network Application PerformanceMonitoring and Managing Network Application Performance
Monitoring and Managing Network Application Performance
 
The Age of Data-Driven Network Operations
The Age of Data-Driven Network OperationsThe Age of Data-Driven Network Operations
The Age of Data-Driven Network Operations
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
 
Hadoop summit EU - Crowd Sourcing Reflected Intelligence
Hadoop summit EU - Crowd Sourcing Reflected IntelligenceHadoop summit EU - Crowd Sourcing Reflected Intelligence
Hadoop summit EU - Crowd Sourcing Reflected Intelligence
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
 
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider DisciplineTroubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
 
Crowd-Sourced Intelligence Built into Search over Hadoop
Crowd-Sourced Intelligence Built into Search over HadoopCrowd-Sourced Intelligence Built into Search over Hadoop
Crowd-Sourced Intelligence Built into Search over Hadoop
 
Machine Learning and Hadoop
Machine Learning and HadoopMachine Learning and Hadoop
Machine Learning and Hadoop
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Georgia Tech cse6242 - Intro to Deep Learning and DL4J
Georgia Tech cse6242 - Intro to Deep Learning and DL4JGeorgia Tech cse6242 - Intro to Deep Learning and DL4J
Georgia Tech cse6242 - Intro to Deep Learning and DL4J
 
Zen and the art of collecting and analyzing malware
Zen and the art of collecting and analyzing malwareZen and the art of collecting and analyzing malware
Zen and the art of collecting and analyzing malware
 

Mehr von DataWorks Summit

Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisDataWorks Summit
 
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiTracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiDataWorks Summit
 
HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...DataWorks Summit
 
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...DataWorks Summit
 
Managing the Dewey Decimal System
Managing the Dewey Decimal SystemManaging the Dewey Decimal System
Managing the Dewey Decimal SystemDataWorks Summit
 
Practical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist ExamplePractical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist ExampleDataWorks Summit
 
HBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at UberHBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at UberDataWorks Summit
 
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixScaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixDataWorks Summit
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiDataWorks Summit
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsDataWorks Summit
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureDataWorks Summit
 
Presto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything EnginePresto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything EngineDataWorks Summit
 
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...DataWorks Summit
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudDataWorks Summit
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiDataWorks Summit
 
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerSecuring Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerDataWorks Summit
 
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...DataWorks Summit
 
Computer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near YouComputer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near YouDataWorks Summit
 
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkBig Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkDataWorks Summit
 

Mehr von DataWorks Summit (20)

Data Science Crash Course
Data Science Crash CourseData Science Crash Course
Data Science Crash Course
 
Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache Ratis
 
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiTracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
 
HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...
 
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
 
Managing the Dewey Decimal System
Managing the Dewey Decimal SystemManaging the Dewey Decimal System
Managing the Dewey Decimal System
 
Practical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist ExamplePractical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist Example
 
HBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at UberHBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at Uber
 
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixScaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability Improvements
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
 
Presto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything EnginePresto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything Engine
 
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
 
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerSecuring Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
 
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
 
Computer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near YouComputer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near You
 
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkBig Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Performing network security analytics

  • 1. Performing  Network  &  Security  Analy7cs   with  Hadoop   Travis Dawson Director of Product Management Narus, Inc Hadoop Summit 2012
  • 2. Agenda   §  Who am I, What do I do §  What is Network & Security Analytics §  Using Hadoop in Network & Security Analytics §  What becomes possible with Big Data Analytics §  Putting it all together §  Lessons Learned Narus  |    2    
  • 3. Who  am  I   What  do  I  do   §  Geek §  Director of Product Management, Narus Inc –  Narus Inc, A wholly owned subsidiary of Boeing –  Build High Performance Network Intelligence Systems –  I herd cats and make Powerpoints all day –  Occasionally think about product requirements §  Principal Member Technical Staff, Sprint –  Sprint Advanced Technology Labs –  Wireline/Wireless Network Architecture, Design, Security –  I broke stuff Narus    |    3    
  • 4. What  is  Network  &  Security  Analy7cs   A  type  of  voodoo,  but  with  computers   The (black) art of finding malicious or problematic sessions in a mountain of network traffic §  Multiple approaches –  Signatures/Blacklists –  Behavior –  Algorithmic –  Ouiji Board, Live Chicken, Full Moon, etc §  Single Goal –  Identify malicious or problematic traffic before it causes substantial harm to your network or your assets. Narus    |    4    
  • 5. Network  &  Security  Analy7cs   What’s  working  against  you   The enemy is ever-changing and infinitely intelligent §  New attack vectors are more difficult to detect than ever –  Polymorphic, Randomized –  APTs are real –  Zero-Days –  Protocol, Application, OS §  Traditional Methods in-effective –  Payloads ever changing –  Simply too many new and existing §  Higher speeds of links makes deeper analysis harder –  10G/sec maxes out at ~15M packets per second Narus    |    5    
  • 6. What  is  Network  &  Security  Analy7cs   Finding  the  Needle  in  a  stack  of  Needles   §  Where to look –  Which stack of Needles do I need to look at §  What are you looking for –  Do you know? –  Are you guessing? –  Do you know what you are NOT looking for? §  How to find something that is not ‘right’ –  What is ‘right’, what is ‘not-right’, what is ‘wrong’? –  What is the difference? –  What is ‘normal’ vs what is ‘right’ ? –  How much data do you need ? Narus    |    6    
  • 7. What  is  Network  &  Security  Analy7cs     Solving  the  Network  &  Security  Analy7cs  Problem       Multiple Methods, Multiple Algorithms, Multiple Passes Per Analytic §  You need a lot of data to determine what is ‘not-right’ –  More data == More accurate results §  You need to run sophisticated algorithms across the data –  Use new algorithms to find something ‘not-right’ –  Not always easy §  You need multiple passes on the data –  One Algorithm feeds the next Algorithm –  Focus on the workflow, how an analyst would work. Narus    |    7    
  • 8. Breaking  out  of  the  SQL  Prison   A  quick  rant   §  SQL has been around since the 70’s –  So have I! –  Great for solving ‘known’ problems §  Unable to perform the deep analytics required –  No combination of SELECT, JOIN, UDF will get you what you need at times –  Unstructured data is a nightmare and now more common §  However, use of one tool does not mean you can’t use another tool as well –  SQL and Hadoop can live very happily together –  The right tool for the right job, or more precisely: •  The right tool for the right PART of the job Narus    |    8    
  • 9. Network  &  Security  Analy7c   Using  Hadoop  to  solve  the  hard  problems   §  Amount of Data –  1 week -> 1 Month+ of data: 100’s of Billions of Sessions, 100’s of TB’s of Data, ingesting dozens of data types and millions of sessions per hour §  Algorithms –  Looking for sessions that look something like this thing or maybe unlike this other thing. You can do that right??? §  Unstructured –  We have no idea what we are going to get in terms of information §  Price per Analytic Hour –  How much does it cost to run this analytic in a set amount of time Narus    |    9    
  • 10. Network  &  Security  Analy7c   A  Simple  Workflow  Example   Find a Polymorphic BotNet/Worm infection vector §  Find the suspected infected hosts –  Clustering/Behavior/Signatures to find possible bots and worms §  Find the Command & Control –  From list of suspects, who are the most popular ‘servers’ §  Find ALL of the possible infections –  From C&C servers, what hosts were communicated with –  Cluster and group similar hosts to find even more §  Find the Infection Vector –  From all the suspect hosts, cluster hosts by common Application ‘features’ and traffic patterns You need a LOT of data and it’s non-deterministic Narus    |    10    
  • 11. Network  &  Security  Analy7c   Workflow  details   What Makes This Work §  Hadoop Tools/Methods Used –  Entropy, FFT, Behavior Jobs –  Mahout (Clustering and Machine Learning) –  Custom Clustering (Hourglass Co-Clustering) –  Custom Correlation §  Other Tools Used –  Streaming Classification/Statistics Engine –  RDBMS –  Visualization Front End Narus    |    11    
  • 12. Network  &  Security  Analy7c   In  real  life   Many  tools  enabling  each  other   I  need  to   I  know   I  don’t  know   I  need  to   I  need  to  view   capture  the   what  I  am   what  I  am   organize  the   the  findings   traffic   looking  for   looking  for   findings   logically   Datasets   Deep   Summary   Packets   Metadata   Streaming   Analysis   Shallow   Views   Capture   Analysis   Hadoop   Analysis   RDBMS   Narus    |    12    
  • 13. Lessons  learned   How  we  learned  to  make  it  all  work   §  Don’t use a hammer when you need a scalpel –  It just doesn’t work, don’t force it. –  If there is a better way of doing it, use that way §  Hadoop does a lot of things really well –  Complicated algorithms over vast amounts of data –  Unstructured Data §  Hadoop does some things really poorly –  Low Latency results for visualization –  Simple Statistics and some groupings §  Use Hadoop in conjunction with other tools –  Use the best tool for the job. –  Break the job into pieces and evaluate the tools for each piece Narus    |    13    
  • 14. Conclusion   Hadoop  as  a  pla^orm  for  Network  Security  Analy7cs   §  Hadoop has allowed us to solve problems for our customers that were previously unsolvable in a reasonable amount of time §  New algorithms and analytics were made possible by Hadoop §  By using Hadoop in conjunction with our Streaming Engine and an RDBMS we were able to create a system that performed better then just the sum of its parts. §  We are now able to scale into larger datasets and extract even better insights then before §  No longer confined by any tool, we leverage the power of Hadoop to solve many of our problems Narus    |    14    
  • 15. Q&A   Narus    |    15