SlideShare ist ein Scribd-Unternehmen logo

Big Data Analytics for Cyber Security: A Quick Overview

Femi Ashaye
Femi Ashaye

Update of slide on "addressing cyber security", emphasising the data centric approach introduced previously through use of Big Data Analytics.

Technologie
1 von 8
Big Data Analytics for Cyber Security: A Quick Overview By Femi Ashaye
 Introduction – Addressing Cyber Security (2013)  Managing Cyber Threats (2013)  Big Data Analytics in SIEM  Managing Cyber Threats (2016)  Cyber Security Control Model  Conclusion Agenda
 Previous presentation on Cyber Security http://www.slideshare.net/fashaye/addressing-cyber-security-26632216 addressed approach required to deal with Cyber threats in mid 2013 – threat landscape in 2016 has increased and evolved.  Risk based approach of 2013 is still relevant, utilising relevant, but more linear, ISO 27001 processes and activities (Plan->Do->Check->Act->Check->Act->Check->Act->Check->.... ):  Risk Assessments conducted to understand likelihood of threats and vulnerabilities and impact to the organisation (Plan & Check)  Prevent, detect and respond to security incidents, reviewing existing state of security (Check & Act)  Measurement of control effectiveness and maturity of overall security to enable when, where and how to improve overall security posture (Check & Act)  SIEM provides recording of security incidents and risk related information such as:  Malicious traffic to specific systems  Suspicious activity across domain boundaries  User session activity.. and more...  Outcome is that the approach is required to understand the scale and impact of Cyber Threats.  Indicators for risk exposure and control effectiveness identifies key risks over time.  Data and system centric processes and key controls already exists for dealing with Cyber Threats.  Might require help from other disciplines such as criminologists, sociologists, psychologists. lawyers etc.. leading to people and behaviour centric controls. Introduction – Addressing Cyber Security (2013)
Managing Cyber Threats (2013) Threat Firewall Identity and Access Manager DLP Vulnerability Vulnerability Scanner Asset Preventative and Detective Controls IDS/IPS Suspicious Login or Access Event Malicious Port Scanning Event Malware Event Data Theft Event Mitigates or stop attack against... Discovers attack against.. Suspicious Network Access Event Application; DB and OS etc.. information Asset Inventory and compliance Information Un-patched OS/Application Denial of Service Event Mounts attack on.. Can be exploited to attack Discovers and protects against Discovers and protects against.  Threat Correlation/Aggregation  Vulnerability Correlation/Aggregation  Asset Correlation/Aggregation  Event Logging and Reporting Risk Information SIEM & Logger AV Gateway ALARM Security Incidents
 Digitalisation (specifically Internet-of-things) and business ecosystems introducing proliferation and disparate connected systems and devices, means variety of security data are creeping up to higher volumes now more so than ever (Gartner – Security data expect to slowly double up every year through to 2016, since 2014).  Threat landscape in 2016 has evolved, and is increasing. Cyber criminals typically blend into background operational noise, performing undetected reconnaissance of networks over long period of time, before carrying out attacks. Identifying these threats amongst the growing volumes of security data presents greater challenges  Data centric controls outlined, but not detailed, in 2013 approach is now more relevant. Big Data analytics applied to Cyber Security provides another level of context. It identifies threat anomalies, patterns and predict threats not typically derived from the traditional risk-based context.  Traditional SIEM not able to capture proliferation of new data - New generation of SIEM tools incorporate Big Data Analytics to provide Security Analytics.  Security analytics will better consolidate all security data from disparate security tools, business applications, IT applications, cloud applications, digital business ecosystems and business processes to deal with enterprise level threats at real-time.  Security analytics will have the capabilities to seamlessly mine data, structured and unstructured, to enhance threat landscape analysis and provide better visualisation of such data to further aid forensics capabilities.  Security Analyst skillset requires high level of data science and big data analytics expertise Big Data Analytics in SIEM
Managing Cyber Threats (2016) Threat Firewall Identity and Access Manager DLP Vulnerability Vulnerability Scanner Asset Preventative, Predictive and Detective Control IDS/IPS Suspicious Login or Access Event Malicious Port Scanning Event Malware Event Data Theft Event Mitigates or stop attack against... Discovers attack against.. Suspicious Network Access Event Application; DB and OS etc.. information Asset Inventory and compliance Information Un-patched OS/Application Denial of Service Event Mounts attack on.. Can be exploited to attack Discovers and protects against Discovers and protects against. Unstructured Security Event Correlation/Aggregation Threat Correlation/Aggregation  Vulnerability Correlation/Aggregation  Asset Correlation/Aggregation  Event Logging and Reporting Predictive Modelling Risk Information SIEM w/Security Analytics AV Gateway ALARM Security Incidents Business & IT application Unstructured security events Cloud systems Context aware identity data Predicted Threats
Cyber Security Control Model THREATS INCIDENTS COMPLIANCE NEGATIVE BUSINESS IMPACT PREDICTIVE CONTROLS DETERRENT CONTROLS PREVENTATIVE CONTROLS CONTAINMENT CONTROLS ASSURANCE CONTROLS EVIDENTIAL CONTROL CORRECTIVE CONTROLS DETECTIVE CONTROLS VALUE ASSETS Demonstrates Reduce Have Results in VULNERABILITIES Triggers Triggers Triggers The model illustrates the basic relationships between Risks and Countermeasures driven by the control capabilities of Security Analytics. It demonstrates how prediction and detection of threats enables proactive response to definitive, and potential risk scenarios. Exploit Causing Affecting CountermeasuresRisk Model Informs
Conclusion  Big data driven security enables organisations to gain richer context for assessing Cyber threats against their specific business and compliance requirements  Enables a more data centric approach to traditional risk-based security intelligence  Enables a more agile approach to traditional risk-based security intelligence  Address Advanced Persistent Threats  Improve security monitoring  Data architecture to incorporate and catalogue all relevant security information across the business required for Security Analytics  Future security strategy will feature investment and alignment of security tools enhanced with big data analytics capabilities – This is the next challenge  Security Analytics currently addresses Cyber Threats by combining traditional human led risk analysis with machine led data-driven, behavioural analysis - This will evolve to a machine only led, risk and data driven, Security Analytics. Thank You!!

Empfohlen

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Data warehouse presentaion
Data warehouse presentaionData warehouse presentaion
Data warehouse presentaionsridhark1981
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Solution architecture for big data projects
Solution architecture for big data projectsSolution architecture for big data projects
Solution architecture for big data projectsSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 

Empfohlen

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Data warehouse presentaion
Data warehouse presentaionData warehouse presentaion
Data warehouse presentaionsridhark1981
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Solution architecture for big data projects
Solution architecture for big data projectsSolution architecture for big data projects
Solution architecture for big data projectsSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
Data Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesData Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesDATAVERSITY
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Data Architecture - The Foundation for Enterprise Architecture and Governance
Data Architecture - The Foundation for Enterprise Architecture and GovernanceData Architecture - The Foundation for Enterprise Architecture and Governance
Data Architecture - The Foundation for Enterprise Architecture and GovernanceDATAVERSITY
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Business intelligence
Business intelligenceBusiness intelligence
Business intelligenceRandy L. Archambault
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Architecting a datalake
Architecting a datalakeArchitecting a datalake
Architecting a datalakeLaurent Leturgez
 
000 introduction to big data analytics 2021
000 introduction to big data analytics 2021000 introduction to big data analytics 2021
000 introduction to big data analytics 2021Dendej Sawarnkatat
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case studyAntonio Fontes
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation PrasadThorat23
 
Data warehouse architecture
Data warehouse architectureData warehouse architecture
Data warehouse architecturepcherukumalla
 
Cybersecurity Risk Quantification
Cybersecurity Risk QuantificationCybersecurity Risk Quantification
Cybersecurity Risk QuantificationMatthew Karnas
 
2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOKBoris Loukanov
 
Introduction To Analytics
Introduction To AnalyticsIntroduction To Analytics
Introduction To AnalyticsAlex Meadows
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016Amgad Magdy
 

Weitere ähnliche Inhalte

Was ist angesagt?

Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
Data Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesData Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesDATAVERSITY
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Data Architecture - The Foundation for Enterprise Architecture and Governance
Data Architecture - The Foundation for Enterprise Architecture and GovernanceData Architecture - The Foundation for Enterprise Architecture and Governance
Data Architecture - The Foundation for Enterprise Architecture and GovernanceDATAVERSITY
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
000 introduction to big data analytics 2021
000 introduction to big data analytics 2021000 introduction to big data analytics 2021
000 introduction to big data analytics 2021Dendej Sawarnkatat
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case studyAntonio Fontes
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Data warehouse architecture
Data warehouse architectureData warehouse architecture
Data warehouse architecturepcherukumalla
 
Cybersecurity Risk Quantification
Cybersecurity Risk QuantificationCybersecurity Risk Quantification
Cybersecurity Risk QuantificationMatthew Karnas
 
2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOKBoris Loukanov
 
Introduction To Analytics
Introduction To AnalyticsIntroduction To Analytics
Introduction To AnalyticsAlex Meadows
 

Was ist angesagt? (20)

Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101
 
Data Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesData Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & Approaches
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Data Architecture - The Foundation for Enterprise Architecture and Governance
Data Architecture - The Foundation for Enterprise Architecture and GovernanceData Architecture - The Foundation for Enterprise Architecture and Governance
Data Architecture - The Foundation for Enterprise Architecture and Governance
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Business intelligence
Business intelligenceBusiness intelligence
Business intelligence
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
Architecting a datalake
Architecting a datalakeArchitecting a datalake
Architecting a datalake
 
000 introduction to big data analytics 2021
000 introduction to big data analytics 2021000 introduction to big data analytics 2021
000 introduction to big data analytics 2021
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Data warehouse architecture
Data warehouse architectureData warehouse architecture
Data warehouse architecture
 
Cybersecurity Risk Quantification
Cybersecurity Risk QuantificationCybersecurity Risk Quantification
Cybersecurity Risk Quantification
 
2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK
 
Introduction To Analytics
Introduction To AnalyticsIntroduction To Analytics
Introduction To Analytics
 

Andere mochten auch

November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016Amgad Magdy
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 
Threat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceThreat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceSolarWinds
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkSkybox Security
 
2016 Cyber Threat Defense Report
2016 Cyber Threat Defense Report2016 Cyber Threat Defense Report
2016 Cyber Threat Defense ReportCitrix
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
IKANOW System Architecture Guide
IKANOW System Architecture GuideIKANOW System Architecture Guide
IKANOW System Architecture GuideSholeh Gregory
 
Managing Security At 1M Events a Second using Elasticsearch
Managing Security At 1M Events a Second using ElasticsearchManaging Security At 1M Events a Second using Elasticsearch
Managing Security At 1M Events a Second using ElasticsearchJoe Alex
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
Infosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseInfosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseHuntsman Security
 
Conference Presenation Cyber security and big data , Prof. Lili Saghafi
Conference Presenation Cyber security and big data , Prof. Lili SaghafiConference Presenation Cyber security and big data , Prof. Lili Saghafi
Conference Presenation Cyber security and big data , Prof. Lili SaghafiProfessor Lili Saghafi
 
Big data new era of network security analytic dwika
Big data new era of network security analytic dwikaBig data new era of network security analytic dwika
Big data new era of network security analytic dwikaDwika Sudrajat
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat ReportRapidSSLOnline.com
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchVic Hargrave
 
Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Rui Miguel Feio
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 

Andere mochten auch (20)

November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with Hadoop
 
Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 
Threat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceThreat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security Conference
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
 
2016 Cyber Threat Defense Report
2016 Cyber Threat Defense Report2016 Cyber Threat Defense Report
2016 Cyber Threat Defense Report
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
IKANOW System Architecture Guide
IKANOW System Architecture GuideIKANOW System Architecture Guide
IKANOW System Architecture Guide
 
Managing Security At 1M Events a Second using Elasticsearch
Managing Security At 1M Events a Second using ElasticsearchManaging Security At 1M Events a Second using Elasticsearch
Managing Security At 1M Events a Second using Elasticsearch
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
Infosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseInfosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security response
 
Conference Presenation Cyber security and big data , Prof. Lili Saghafi
Conference Presenation Cyber security and big data , Prof. Lili SaghafiConference Presenation Cyber security and big data , Prof. Lili Saghafi
Conference Presenation Cyber security and big data , Prof. Lili Saghafi
 
Big data new era of network security analytic dwika
Big data new era of network security analytic dwikaBig data new era of network security analytic dwika
Big data new era of network security analytic dwika
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with Elasticsearch
 
Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 

Ähnlich wie Big Data Analytics for Cyber Security: A Quick Overview

Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityRobert Herjavec
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber securityFemi Ashaye
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
[DSC Europe 23][AI:CSI] Aleksa Stojanovic - Applying AI for Threat Detection ...
[DSC Europe 23][AI:CSI] Aleksa Stojanovic - Applying AI for Threat Detection ...[DSC Europe 23][AI:CSI] Aleksa Stojanovic - Applying AI for Threat Detection ...
[DSC Europe 23][AI:CSI] Aleksa Stojanovic - Applying AI for Threat Detection ...DataScienceConferenc1
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...PECB
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress NycBob Maley
 
What is Enterprise Security Architecture (ESA)?
What is Enterprise Security Architecture (ESA)?What is Enterprise Security Architecture (ESA)?
What is Enterprise Security Architecture (ESA)?John Gardner, CMC
 
Threat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfThreat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfCiente
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoEMC
 
Cyber Security Solutions in Europe
Cyber Security Solutions in Europe Cyber Security Solutions in Europe
Cyber Security Solutions in Europe Securityium
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016Francisco González Jiménez
 

Ähnlich wie Big Data Analytics for Cyber Security: A Quick Overview (20)

Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
 
Main Menu
Main MenuMain Menu
Main Menu
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
[DSC Europe 23][AI:CSI] Aleksa Stojanovic - Applying AI for Threat Detection ...
[DSC Europe 23][AI:CSI] Aleksa Stojanovic - Applying AI for Threat Detection ...[DSC Europe 23][AI:CSI] Aleksa Stojanovic - Applying AI for Threat Detection ...
[DSC Europe 23][AI:CSI] Aleksa Stojanovic - Applying AI for Threat Detection ...
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
 
What is Enterprise Security Architecture (ESA)?
What is Enterprise Security Architecture (ESA)?What is Enterprise Security Architecture (ESA)?
What is Enterprise Security Architecture (ESA)?
 
Threat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfThreat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdf
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
CCA study group
CCA study groupCCA study group
CCA study group
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status Quo
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Cyber Security Solutions in Europe
Cyber Security Solutions in Europe Cyber Security Solutions in Europe
Cyber Security Solutions in Europe
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 

Kürzlich hochgeladen

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Kürzlich hochgeladen (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Big Data Analytics for Cyber Security: A Quick Overview

  • 1. Big Data Analytics for Cyber Security: A Quick Overview By Femi Ashaye
  • 2.  Introduction – Addressing Cyber Security (2013)  Managing Cyber Threats (2013)  Big Data Analytics in SIEM  Managing Cyber Threats (2016)  Cyber Security Control Model  Conclusion Agenda
  • 3.  Previous presentation on Cyber Security http://www.slideshare.net/fashaye/addressing-cyber-security-26632216 addressed approach required to deal with Cyber threats in mid 2013 – threat landscape in 2016 has increased and evolved.  Risk based approach of 2013 is still relevant, utilising relevant, but more linear, ISO 27001 processes and activities (Plan->Do->Check->Act->Check->Act->Check->Act->Check->.... ):  Risk Assessments conducted to understand likelihood of threats and vulnerabilities and impact to the organisation (Plan & Check)  Prevent, detect and respond to security incidents, reviewing existing state of security (Check & Act)  Measurement of control effectiveness and maturity of overall security to enable when, where and how to improve overall security posture (Check & Act)  SIEM provides recording of security incidents and risk related information such as:  Malicious traffic to specific systems  Suspicious activity across domain boundaries  User session activity.. and more...  Outcome is that the approach is required to understand the scale and impact of Cyber Threats.  Indicators for risk exposure and control effectiveness identifies key risks over time.  Data and system centric processes and key controls already exists for dealing with Cyber Threats.  Might require help from other disciplines such as criminologists, sociologists, psychologists. lawyers etc.. leading to people and behaviour centric controls. Introduction – Addressing Cyber Security (2013)
  • 4. Managing Cyber Threats (2013) Threat Firewall Identity and Access Manager DLP Vulnerability Vulnerability Scanner Asset Preventative and Detective Controls IDS/IPS Suspicious Login or Access Event Malicious Port Scanning Event Malware Event Data Theft Event Mitigates or stop attack against... Discovers attack against.. Suspicious Network Access Event Application; DB and OS etc.. information Asset Inventory and compliance Information Un-patched OS/Application Denial of Service Event Mounts attack on.. Can be exploited to attack Discovers and protects against Discovers and protects against.  Threat Correlation/Aggregation  Vulnerability Correlation/Aggregation  Asset Correlation/Aggregation  Event Logging and Reporting Risk Information SIEM & Logger AV Gateway ALARM Security Incidents
  • 5.  Digitalisation (specifically Internet-of-things) and business ecosystems introducing proliferation and disparate connected systems and devices, means variety of security data are creeping up to higher volumes now more so than ever (Gartner – Security data expect to slowly double up every year through to 2016, since 2014).  Threat landscape in 2016 has evolved, and is increasing. Cyber criminals typically blend into background operational noise, performing undetected reconnaissance of networks over long period of time, before carrying out attacks. Identifying these threats amongst the growing volumes of security data presents greater challenges  Data centric controls outlined, but not detailed, in 2013 approach is now more relevant. Big Data analytics applied to Cyber Security provides another level of context. It identifies threat anomalies, patterns and predict threats not typically derived from the traditional risk-based context.  Traditional SIEM not able to capture proliferation of new data - New generation of SIEM tools incorporate Big Data Analytics to provide Security Analytics.  Security analytics will better consolidate all security data from disparate security tools, business applications, IT applications, cloud applications, digital business ecosystems and business processes to deal with enterprise level threats at real-time.  Security analytics will have the capabilities to seamlessly mine data, structured and unstructured, to enhance threat landscape analysis and provide better visualisation of such data to further aid forensics capabilities.  Security Analyst skillset requires high level of data science and big data analytics expertise Big Data Analytics in SIEM
  • 6. Managing Cyber Threats (2016) Threat Firewall Identity and Access Manager DLP Vulnerability Vulnerability Scanner Asset Preventative, Predictive and Detective Control IDS/IPS Suspicious Login or Access Event Malicious Port Scanning Event Malware Event Data Theft Event Mitigates or stop attack against... Discovers attack against.. Suspicious Network Access Event Application; DB and OS etc.. information Asset Inventory and compliance Information Un-patched OS/Application Denial of Service Event Mounts attack on.. Can be exploited to attack Discovers and protects against Discovers and protects against. Unstructured Security Event Correlation/Aggregation Threat Correlation/Aggregation  Vulnerability Correlation/Aggregation  Asset Correlation/Aggregation  Event Logging and Reporting Predictive Modelling Risk Information SIEM w/Security Analytics AV Gateway ALARM Security Incidents Business & IT application Unstructured security events Cloud systems Context aware identity data Predicted Threats
  • 7. Cyber Security Control Model THREATS INCIDENTS COMPLIANCE NEGATIVE BUSINESS IMPACT PREDICTIVE CONTROLS DETERRENT CONTROLS PREVENTATIVE CONTROLS CONTAINMENT CONTROLS ASSURANCE CONTROLS EVIDENTIAL CONTROL CORRECTIVE CONTROLS DETECTIVE CONTROLS VALUE ASSETS Demonstrates Reduce Have Results in VULNERABILITIES Triggers Triggers Triggers The model illustrates the basic relationships between Risks and Countermeasures driven by the control capabilities of Security Analytics. It demonstrates how prediction and detection of threats enables proactive response to definitive, and potential risk scenarios. Exploit Causing Affecting CountermeasuresRisk Model Informs
  • 8. Conclusion  Big data driven security enables organisations to gain richer context for assessing Cyber threats against their specific business and compliance requirements  Enables a more data centric approach to traditional risk-based security intelligence  Enables a more agile approach to traditional risk-based security intelligence  Address Advanced Persistent Threats  Improve security monitoring  Data architecture to incorporate and catalogue all relevant security information across the business required for Security Analytics  Future security strategy will feature investment and alignment of security tools enhanced with big data analytics capabilities – This is the next challenge  Security Analytics currently addresses Cyber Threats by combining traditional human led risk analysis with machine led data-driven, behavioural analysis - This will evolve to a machine only led, risk and data driven, Security Analytics. Thank You!!