Mouaz Alnouri presented on using big data technologies for cybersecurity. He discussed how cybersecurity poses big data challenges due to the volume, velocity, and variety of security data. Skilledfield helps clients address these challenges by designing analytics pipelines to acquire, parse, enrich, analyze and alert on security data. They also implement techniques like threat modeling, behavioral analytics and machine learning to detect threats. Unleashing big data technologies can help organizations improve security detection, response and visibility to protect against emerging cyber threats.
Big data for cybersecurity - skilledfield slides - 25032021
1. Big Data for Cybersecurity
Mouaz Alnouri
25 March 2021
This Session will be recorded and posted on Skilledfield’s Youtube Channel
2. About me
I’m Mouaz Alnouri, the Managing Director of Skilledfield.
We help clients unleash the power of big data technology to detect cyber
security events and utilise automation to efficiently alert, escalate and
respond to security threats.
Technologist with years of experience in solving complex business
problems through creative client-centric strategies and value-driven
solutions. A change agent, capable of orchestrating a transformative
business strategy through data-driven decisions.
2
Mouaz leads the Skilledfield
team with an unrivalled passion
for data and a zest for problem
solving. With over a decade in
the IT services industry, he’s
provided intelligent solutions
for complex problems
throughout his career. He’s
worked with major technology
and telecommunications firms
including Telstra and NBN Co.
Limited, where he’s delivered
data focused solutions that
have significantly improved
operational efficiency. He’s a
customer-focused problem
solver that leads the Skilledfield
team towards their vision to
become Australia’s leading Big
Data solutions provider.
https://www.linkedin.com/in/malnouri/
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
3. What we are covering today
➔ One Slides about Skilledfield
➔ Why Cybersecurity is a Big Data use case
➔ How do we address Cybersecurity as Big Data Professionals
➔ How do we keep up with the emerging cyber threats
➔ Benefits of Big Data Technology for Cybersecurity
3
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
4. About Skilledfield: A Field of Skilled professionals!
4
Uplift Security Detection and
Response Capability
Uplift Observability Capability BI to AI Analytics Services
● Centralised Security Event
logging and auditing
● Endpoint Protection
● SOAR
● Advanced Security Analytics
● Managed Services
● Centralised Operational event
monitoring and alerting
● AIOps, (Artificial Intelligence for
IT operations)
● Managed Services
● Big Data Analytics using Elastic
● Big Data Analytics using
Databricks
● Big Data Analytics using
Microsoft Azure Services
Solving Complex Problems with Simplified Solutions
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
5. Cybersecurity is Big Data Use Case
5
Volume
High amount of data
generated In terabytes
Velocity
Generated in real-time
in streams, batch or
bits
Variety
Structured,
Unstructured, Semi
structured
Big Data
Use Case
Protect
R
e
s
p
o
n
s
e
&
R
e
c
o
v
e
r
I
d
e
n
t
i
f
y
&
D
e
t
e
c
t
Assessment
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
6. Detection Data Engineering Pipeline
6
Acquire Parse Enrich Analyse Alert
Sources
Tune
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
7. Design Data Analytics Solution
● Comprehend business value chain
● Understand short-term and long-term goals and identify key
business questions
● Define analytics use cases
● Perform an initial assessment of data sources
● Design a solution
7
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
8. Threat Modelling - PASTA (Risk Based)
8
Define
Objectives
Define
Technical
Scope
Application
Decomposition
Threat Analysis
Vulnerability &
Weakness
Analysis
Attack
Modelling
Risk & Impact
Analysis
The Process for Attack Simulation and Threat Analysis
https://resources.sei.cmu.edu/asset_files/WhitePaper/2018_019_001_524597.pdf
Potential Threat: Identified, categorized, analysed, prioritise response
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
9. Most Concerning Types of Cyber Threats
9
According to IT security decision makers worldwide as of November 2019. Source:
https://www.statista.com/statistics/500946/worldwide-leading-it-security-threats/
Malware is the most concerning cyberthreat
targeting organizations. Phishing and
ransomware were jointly ranked second.
Over the last two years, the number of insider
incidents has increased by 47%.
30 percent of malware attacks are zero day
exploits
Advanced attackers uniquely compile the
code they bring with them to specifically not
match anything they’ve used elsewhere or
ever will again
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
10. Behavioural Analytics
10
Acquire Parse Enrich Analyse Alert
Sources
Tune
Learn Detect
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
11. Same data. Different questions.
11
Ingest & prepare Alerting and Machine learning Detect, hunt, investigate
Ecosystem of network and host
data connectors used to
orchestrate your data feed from
edge devices.
Processing the data in real-time
and analysing it to identify
threats and detecting abnormal
behaviours.
Ad hoc queries at scale and
interactive threat hunting allows
a rapid event triage and
investigation.
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
12. The DAMA Wheel
12
To use consistent words
and relations which
leads to more alignment
with current and future
requirements
Data lifecycle, data
integrity, data availability
and data usage
performance
Access control,
confidentiality and
regulatory compliance
Data Consolidation and
Data Movement
Endure effective and
efficient storage, retrieval
and use of data
Provide authoritative
source of reconciled and
quality-assessed data
Technical environment
and Technical and
Business Processes
Provide organisational
understanding of
business terms and
usages
Identify Data storage
and processing
requirements
Standards, requirements
and specifications for
data
Principles, policies,
procedures, metrics,
tools and responsibilities
for data management
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
13. Skilledfield is Gold Sponsor for DAMA Australia
Our sponsorship in the Data Architecture and Data Security areas demonstrates our
commitment to the data community and our support for best practices. Our engineers
leverage the Data Management Body of Knowledge (DMBoK) to apply information and
data management best practices to enhance the business value of your Big Data.
13
The Data
Management
Association
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
14. Unleash Big Data Technologies to Solve Complex CyberSecurity Problems
Uplift Security Detection and Response Capability
14
● Stop malware at the host, while enabling centralized visibility and advanced threat detection.
● Perform threat-modeling to understand the organization's defensive capabilities and develop customised detections
whilst tuning out false alerts to target genuine vulnerabilities.
● Collect, transform and store data from a broad set of systems including custom ones, build a strong track record of
transparency to inspect security measures and increase visibility.
● Implement fast, scalable, and relevant threat intelligence and data enrichment.
● Leverage machine learning to combat zero-day attacks.
● Organise SOC tasks and playbooks for automated analysis and response.
● Right size your solution including hosting, data throughput, licencing and operational resources.
Respond
Analyse
Detect
85% 30%
50%
of MSPs reported
attacks against SMBs
over the last two years.
of malware attacks
are zero-day exploits.
of security alerts are
false positives leading
to SOCs increasing
staff.
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
15. Protect your Organisation!
15
“It takes 20 years to build a reputation
and a few minutes of cyber-incident to
ruin it”
STEPHANE NAPPO
Global Head of Information Security for Société Générale International Banking & Financial Services
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel
16. “A more secure
online world for
Australians, their
businesses and the
essential services
upon which we all
depend.”
Australia’s Cyber Security Strategy 2020
16
https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf
● Invest $1.67 billion over 10 years
● New ways to investigate and shut
down cyber crime, including on the
dark web.
● Advice for small and medium
enterprises to increase their cyber
resilience.
● Clear guidance for businesses and
consumers about securing Internet of
Things devices.
● Improved community awareness of
cyber security threats.
This Session is being recorded and will be posted on Skilledfield’s Youtube Channel