SlideShare ist ein Scribd-Unternehmen logo

October 2014 Webinar: Cybersecurity Threat Detection

Sqrrl
Sqrrl

Using Sqrrl Enterprise and the GraphX library included in Apache Spark, we will construct a dynamic graph of entities and relationships that will allow us to build baseline patterns of normalcy, flag anomalies on the fly, analyze the context of an event, and ultimately identify and protect against emergent cyber threats.

Daten & Analysen
1 von 25
Downloaden Sie, um offline zu lesen
Securely explore your data CYBERSECURITY THREAT DETECTION Deriving Insights with Sqrrl and Spark GraphX Adam Fuchs, CTO October 2014
WHO WE ARE 2© 2014 Sqrrl Data, Inc. | All Rights Reserved
WHAT WE’LL DISCUSS 3© 2014 Sqrrl Data, Inc. | All Rights Reserved •  Security Analytics using (Big) Cybersecurity Data •  You’ve been breached – what’s at stake? •  Dealing with the new security dilemma •  The ‘Linked Data’ Approach •  Case study: internal network breach •  Overview of scenario •  Data modeling with Sqrrl •  Detecting anomalies with Sqrrl and GraphX •  Visual, contextual research and analysis
THE NUMBERS DON’T LIE © 2014 Sqrrl Data, Inc. | All Rights Reserved | Proprietary and Confidential 4 229 87% 90% $12.7M Source: Mandiant Source: Verizon Source: Verizon Source: Ponemon
TARGETED ATTACKS HAVE CHANGED THE GAME 5© 2014 Sqrrl Data, Inc. | All Rights Reserved Source: Battery Ventures
WHAT DOES THIS MEAN FOR US? •  You’ve been breached. Deal with it. •  Empower the investigator •  Research and respond: better, faster, smarter •  It’s all about speed to understanding © 2014 Sqrrl Data, Inc. | All Rights Reserved 6 Dissolution of the secure perimeter
© 2014 Sqrrl Data, Inc. | All Rights Reserved 7 Detecting attacks requires more (i.e. BIG) data But your tools can’t handle the big data wave So attackers are spilling in THE SECURITY DATA DILEMMA
BIG DATA TRANSFORMED © 2014 Sqrrl Data, Inc. | All Rights Reserved Linked Contextual Knowledge Perimeter Data Network Data Endpoint Data Security Data VPN FW Network Data Proxy NetFlow Application Data HR USB Email Users WebsitesInternal Servers Client Devices Assets Analysis Search Exploration Reports Anomalies Data sources Machine Learning 8
ARCHITECTURAL OVERVIEW © 2014 Sqrrl Data, Inc. | All Rights Reserved 9 Commodity Hardware HDFS + Accumulo Raw Events Entity/Relationship Model Query Engine Bulk/Graph Processing Visualization / API ML + Anomaly Detection Physical Data Storage Data Model Processing Interface Audit Cryptography Labeling+Policy Security
CASE STUDY: COMPROMISED NETWORK © 2014 Sqrrl Data, Inc. | All Rights Reserved 10
BREACH DETECTION SCENARIO © 2014 Sqrrl Data, Inc. | All Rights Reserved BREACH Compromised Laptop NETFLOW: NETWORK SCAN WINDOWS EVENT LOGS: PASS THE HASH NETFLOW: EXFIL STOLEN CREDENTIALS WINDOWS EVENT LOGS: Unusually excessive logins DB DUMP MSSQL EVENT LOG: Unscheduled backup i RECON / DELIVERY EXPLOIT / INSTALL C2 / ACTION p! a Wq mins hours days weeks months 11
CASE STUDY MODEL © 2014 Sqrrl Data, Inc. | All Rights Reserved 12 Data Sources Users Hosts login Linked Meta Model flow login DNS records Netflow Host logs Database logs External Alerts
CASE STUDY EXAMPLE MAPPING © 2014 Sqrrl Data, Inc. | All Rights Reserved 13 Netflow Records startTime endTime sourceIP destIP source Port destPort protocol tcpFlags bytesIn bytesOut 10/22/14 8:58   10/22/14 8:58   10.0.2.15   192.168.0.123   37051   139   TCP   ...RS.   100   3355   10/22/14 8:45   10/22/14 8:45   10.0.2.15   192.168.0.6   0   3328   ICMP   ......   40   100   10/22/14 8:59   10/22/14 8:59   192.168.0.11 9   10.0.2.15   139   60071   TCP   .A..S.   46   351   10.0.2.15 192.168. 0.123 Class=Flow, totalBytes = 3455 192.168. 0.6 Class=Flow, totalBytes = 140
CASE STUDY EXAMPLE DATA © 2014 Sqrrl Data, Inc. | All Rights Reserved 14 Jane Class=User: id=Jane, loginAttempts=82 192.168. 10.94login 74.129. 94.19 Class=Host: id=74.129.94.19, bytesTransfered={ 2014-09-30/01:00: 64472381} Class=Host: id=192.168.10.94, hostname=kali, bytesTransfered={ 2014-09-30/01:00: 64472381} flow 192.168. 10.120 Class=Host: id=192.168.10.120, hostname=msserv bytesTransfered= {2014-09-30/04:00: 42318}
INVESTIGATION PROCESS © 2014 Sqrrl Data, Inc. | All Rights Reserved 15 1. Set the Stage 2. Enable Search and Discovery 3. Automate Analysis •  Define the security-centric entity/ relationship model •  Extract and maintain the model •  Visually navigate assets and actors in the network •  Drill down to the raw data seeding the model •  Use behavioral analytics to build expectations of ‘normal’ •  Flag entities as potentially ‘abnormal’ and sniff them out
SPARK METHODOLOGY, ALGORITHMS, AND RESULTS © 2014 Sqrrl Data, Inc. | All Rights Reserved 16
APACHE SPARK 101 We use Spark because: 1.  Meets core processing requirements •  Pre-canned algorithms •  Native support for graph processing •  Simple programmability 2.  Good performance •  Low latency for many small jobs •  Scalability for big jobs 3.  Natural fit •  Ties with Hadoop ecosystem simplified integration © 2014 Sqrrl Data, Inc. | All Rights Reserved 17
ROUND-TRIPPING WITH SPARK © 2014 Sqrrl Data, Inc. | All Rights Reserved 18 Algorithmic Enrichment SqrrlGraphInputFormat SqrrlGraph.update(uuid, values) Sqrrl Graph Store Input Data Ingest/ Extract Serve/ Analyze Sqrrl UI •  DNS •  Netflow •  Windows Logs •  DB logs •  Alert data
STRUCTURAL FEATURES © 2014 Sqrrl Data, Inc. | All Rights Reserved 19 Triangle Counting: •  Given node A, find edges AB, AC, BC •  For nodes B, C in A’s neighborhood, is P(BC) > E/N2 Node Degree: •  Given node A, how many nodes within 1 or 2 edges? Page Rank: •  Iteratively transfer weight proportionally to neighbors •  Converges on entity importance
SPARK OUTLIER DETECTION •  Use GraphX to load Sqrrl graph model •  Entities: Users, Hosts •  Relationships: Flows, Logins (both user and host) •  Loads an RDD with Sqrrl graph in Spark •  For every node, generate features: •  GraphX built-in methods: •  Degree, Triangle Count, PageRank •  Implemented in Spark by Sqrrl: •  edgeWeightTotal, totalNeighborDegree © 2014 Sqrrl Data, Inc. | All Rights Reserved 20 Detail on data flow and algorithms
SPARK OUTLIER DETECTION •  Transform statistics to feature matrix, run PCA •  Creates ranked list of high-variance dimensions, most likely indicative of an entity’s “outlierness” •  PCA run with Spark MLLib •  Top feature pairs: •  totalNeighborDegree vs. edgeWeightTotal •  Degree vs. edgeWeightTotal •  Create “distance” measure using pairs to flag anomalies © 2014 Sqrrl Data, Inc. | All Rights Reserved 21 Detail on data flow and algorithms
SPARK RAPID ITERATION © 2014 Sqrrl Data, Inc. | All Rights Reserved 22
VISUALIZING THE THREAT © 2014 Sqrrl Data, Inc. | All Rights Reserved 23
© 2014 Sqrrl Data, Inc. | All Rights Reserved 24
THANKS! © 2014 Sqrrl Data, Inc. | All Rights Reserved 25 Adam Fuchs, CTO Sqrrl Data, Inc. http://www.sqrrl.com

Empfohlen

Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
Sqrrl
 
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl
 
Reducing Mean Time to Know
Reducing Mean Time to KnowReducing Mean Time to Know
Reducing Mean Time to Know
Sqrrl
 
Sqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big App
Sqrrl
 
Sqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love StorySqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love Story
Sqrrl
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilson
Becky Burwell
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl
 
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache SpotFighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spot
markgrover
 

Empfohlen

Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
Sqrrl
 
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl
 
Reducing Mean Time to Know
Reducing Mean Time to KnowReducing Mean Time to Know
Reducing Mean Time to Know
Sqrrl
 
Sqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big App
Sqrrl
 
Sqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love StorySqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love Story
Sqrrl
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilson
Becky Burwell
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl
 
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache SpotFighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spot
markgrover
 
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
DataWorks Summit
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Elasticsearch
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
Sqrrl
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
Splunk
 
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Databricks
 
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
DataWorks Summit
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
DataWorks Summit
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting Started
Sqrrl
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
Elasticsearch
 
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresGrace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Cloudera, Inc.
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
Raffael Marty
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
Raffael Marty
 
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk
 
Will County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with DataWill County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with Data
Elasticsearch
 
Fighting cyber fraud with hadoop
Fighting cyber fraud with hadoopFighting cyber fraud with hadoop
Fighting cyber fraud with hadoop
Niel Dunnage
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill Chain
Splunk
 
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Big Data Spain
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)
Jason Trost
 
IJCNN 2017
IJCNN 2017IJCNN 2017
IJCNN 2017
Sven Krasser
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch Webinar
Sqrrl
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
Anton Chuvakin
 

Weitere ähnliche Inhalte

Was ist angesagt?

Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
DataWorks Summit
 
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Databricks
 
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
DataWorks Summit
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
DataWorks Summit
 
Fighting cyber fraud with hadoop
Fighting cyber fraud with hadoopFighting cyber fraud with hadoop
Fighting cyber fraud with hadoop
Niel Dunnage
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 

Was ist angesagt? (20)

Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
 
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
Beyond Kerberos and Ranger - Tips to discover, track and manage risks in hybr...
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting Started
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
 
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresGrace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data In
 
Will County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with DataWill County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with Data
 
Fighting cyber fraud with hadoop
Fighting cyber fraud with hadoopFighting cyber fraud with hadoop
Fighting cyber fraud with hadoop
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill Chain
 
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)
 
IJCNN 2017
IJCNN 2017IJCNN 2017
IJCNN 2017
 

Andere mochten auch

Andere mochten auch (6)

Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch Webinar
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
 

Ähnlich wie October 2014 Webinar: Cybersecurity Threat Detection

Cassandra Summit 2014: Apache Cassandra at Telefonica CBS
Cassandra Summit 2014: Apache Cassandra at Telefonica CBSCassandra Summit 2014: Apache Cassandra at Telefonica CBS
Cassandra Summit 2014: Apache Cassandra at Telefonica CBS
DataStax Academy
 
Performance Models for Apache Accumulo
Performance Models for Apache AccumuloPerformance Models for Apache Accumulo
Performance Models for Apache Accumulo
Sqrrl
 
Hortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptxHortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptx
Hortonworks
 
The Future of Data Management: The Enterprise Data Hub
The Future of Data Management: The Enterprise Data HubThe Future of Data Management: The Enterprise Data Hub
The Future of Data Management: The Enterprise Data Hub
Cloudera, Inc.
 

Ähnlich wie October 2014 Webinar: Cybersecurity Threat Detection (20)

Real Time Data Processing Using Spark Streaming
Real Time Data Processing Using Spark StreamingReal Time Data Processing Using Spark Streaming
Real Time Data Processing Using Spark Streaming
 
Cassandra Summit 2014: Apache Cassandra at Telefonica CBS
Cassandra Summit 2014: Apache Cassandra at Telefonica CBSCassandra Summit 2014: Apache Cassandra at Telefonica CBS
Cassandra Summit 2014: Apache Cassandra at Telefonica CBS
 
XDF 2019 Xilinx Accelerated Database and Data Analytics Ecosystem
XDF 2019 Xilinx Accelerated Database and Data Analytics EcosystemXDF 2019 Xilinx Accelerated Database and Data Analytics Ecosystem
XDF 2019 Xilinx Accelerated Database and Data Analytics Ecosystem
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
 
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
 
Performance Models for Apache Accumulo
Performance Models for Apache AccumuloPerformance Models for Apache Accumulo
Performance Models for Apache Accumulo
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT Operations
 
Near Real-Time Network Anomaly Detection and Traffic Analysis using Spark bas...
Near Real-Time Network Anomaly Detection and Traffic Analysis using Spark bas...Near Real-Time Network Anomaly Detection and Traffic Analysis using Spark bas...
Near Real-Time Network Anomaly Detection and Traffic Analysis using Spark bas...
 
Event Detection Pipelines with Apache Kafka
Event Detection Pipelines with Apache KafkaEvent Detection Pipelines with Apache Kafka
Event Detection Pipelines with Apache Kafka
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
 
Hortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptxHortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptx
 
The Future of Data Management: The Enterprise Data Hub
The Future of Data Management: The Enterprise Data HubThe Future of Data Management: The Enterprise Data Hub
The Future of Data Management: The Enterprise Data Hub
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS Analytics
 
Apache Spark & Cassandra use case at Telefónica Cbs by Antonio Alcacer
Apache Spark & Cassandra use case at Telefónica Cbs by Antonio AlcacerApache Spark & Cassandra use case at Telefónica Cbs by Antonio Alcacer
Apache Spark & Cassandra use case at Telefónica Cbs by Antonio Alcacer
 
Architecting a Fraud Detection Application with Hadoop
Architecting a Fraud Detection Application with HadoopArchitecting a Fraud Detection Application with Hadoop
Architecting a Fraud Detection Application with Hadoop
 
Fraud Detection Architecture
Fraud Detection ArchitectureFraud Detection Architecture
Fraud Detection Architecture
 
What's Next for Google's BigTable
What's Next for Google's BigTableWhat's Next for Google's BigTable
What's Next for Google's BigTable
 
Data Pipelines and Telephony Fraud Detection Using Machine Learning
Data Pipelines and Telephony Fraud Detection Using Machine Learning Data Pipelines and Telephony Fraud Detection Using Machine Learning
Data Pipelines and Telephony Fraud Detection Using Machine Learning
 
Successful AI/ML Projects with End-to-End Cloud Data Engineering
Successful AI/ML Projects with End-to-End Cloud Data EngineeringSuccessful AI/ML Projects with End-to-End Cloud Data Engineering
Successful AI/ML Projects with End-to-End Cloud Data Engineering
 
Fraud Detection using Hadoop
Fraud Detection using HadoopFraud Detection using Hadoop
Fraud Detection using Hadoop
 

Mehr von Sqrrl

The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
 

Mehr von Sqrrl (19)

Transitioning Government Technology
Transitioning Government TechnologyTransitioning Government Technology
Transitioning Government Technology
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your Hunts
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
User and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphUser and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior Graph
 
Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker Activity
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
The Linked Data Advantage
The Linked Data AdvantageThe Linked Data Advantage
The Linked Data Advantage
 
Sqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, Analyze
 
Sqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber HuntingSqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber Hunting
 
Benchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreBenchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value Store
 
Scalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelScalable Graph Clustering with Pregel
Scalable Graph Clustering with Pregel
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
 
Sqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in AccumuloSqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in Accumulo
 
Sqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and IndexingSqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and Indexing
 

Kürzlich hochgeladen

Just Call Vip call girls Mysore Escorts ☎️9352988975 Two shot with one girl (...
Just Call Vip call girls Mysore Escorts ☎️9352988975 Two shot with one girl (...Just Call Vip call girls Mysore Escorts ☎️9352988975 Two shot with one girl (...
Just Call Vip call girls Mysore Escorts ☎️9352988975 Two shot with one girl (...
gajnagarg
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
Boston Institute of Analytics
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
amitlee9823
 
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
amitlee9823
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Just Call Vip call girls kakinada Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls kakinada Escorts ☎️9352988975 Two shot with one girl...Just Call Vip call girls kakinada Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls kakinada Escorts ☎️9352988975 Two shot with one girl...
gajnagarg
 
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
gajnagarg
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
Timothy Spann
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
Boston Institute of Analytics
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
amitlee9823
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
amitlee9823
 
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
amitlee9823
 
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
amitlee9823
 
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
amitlee9823
 

Kürzlich hochgeladen (20)

Just Call Vip call girls Mysore Escorts ☎️9352988975 Two shot with one girl (...
Just Call Vip call girls Mysore Escorts ☎️9352988975 Two shot with one girl (...Just Call Vip call girls Mysore Escorts ☎️9352988975 Two shot with one girl (...
Just Call Vip call girls Mysore Escorts ☎️9352988975 Two shot with one girl (...
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
 
Just Call Vip call girls kakinada Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls kakinada Escorts ☎️9352988975 Two shot with one girl...Just Call Vip call girls kakinada Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls kakinada Escorts ☎️9352988975 Two shot with one girl...
 
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
 
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
 

October 2014 Webinar: Cybersecurity Threat Detection

  • 1. Securely explore your data CYBERSECURITY THREAT DETECTION Deriving Insights with Sqrrl and Spark GraphX Adam Fuchs, CTO October 2014
  • 2. WHO WE ARE 2© 2014 Sqrrl Data, Inc. | All Rights Reserved
  • 3. WHAT WE’LL DISCUSS 3© 2014 Sqrrl Data, Inc. | All Rights Reserved •  Security Analytics using (Big) Cybersecurity Data •  You’ve been breached – what’s at stake? •  Dealing with the new security dilemma •  The ‘Linked Data’ Approach •  Case study: internal network breach •  Overview of scenario •  Data modeling with Sqrrl •  Detecting anomalies with Sqrrl and GraphX •  Visual, contextual research and analysis
  • 4. THE NUMBERS DON’T LIE © 2014 Sqrrl Data, Inc. | All Rights Reserved | Proprietary and Confidential 4 229 87% 90% $12.7M Source: Mandiant Source: Verizon Source: Verizon Source: Ponemon
  • 5. TARGETED ATTACKS HAVE CHANGED THE GAME 5© 2014 Sqrrl Data, Inc. | All Rights Reserved Source: Battery Ventures
  • 6. WHAT DOES THIS MEAN FOR US? •  You’ve been breached. Deal with it. •  Empower the investigator •  Research and respond: better, faster, smarter •  It’s all about speed to understanding © 2014 Sqrrl Data, Inc. | All Rights Reserved 6 Dissolution of the secure perimeter
  • 7. © 2014 Sqrrl Data, Inc. | All Rights Reserved 7 Detecting attacks requires more (i.e. BIG) data But your tools can’t handle the big data wave So attackers are spilling in THE SECURITY DATA DILEMMA
  • 8. BIG DATA TRANSFORMED © 2014 Sqrrl Data, Inc. | All Rights Reserved Linked Contextual Knowledge Perimeter Data Network Data Endpoint Data Security Data VPN FW Network Data Proxy NetFlow Application Data HR USB Email Users WebsitesInternal Servers Client Devices Assets Analysis Search Exploration Reports Anomalies Data sources Machine Learning 8
  • 9. ARCHITECTURAL OVERVIEW © 2014 Sqrrl Data, Inc. | All Rights Reserved 9 Commodity Hardware HDFS + Accumulo Raw Events Entity/Relationship Model Query Engine Bulk/Graph Processing Visualization / API ML + Anomaly Detection Physical Data Storage Data Model Processing Interface Audit Cryptography Labeling+Policy Security
  • 10. CASE STUDY: COMPROMISED NETWORK © 2014 Sqrrl Data, Inc. | All Rights Reserved 10
  • 11. BREACH DETECTION SCENARIO © 2014 Sqrrl Data, Inc. | All Rights Reserved BREACH Compromised Laptop NETFLOW: NETWORK SCAN WINDOWS EVENT LOGS: PASS THE HASH NETFLOW: EXFIL STOLEN CREDENTIALS WINDOWS EVENT LOGS: Unusually excessive logins DB DUMP MSSQL EVENT LOG: Unscheduled backup i RECON / DELIVERY EXPLOIT / INSTALL C2 / ACTION p! a Wq mins hours days weeks months 11
  • 12. CASE STUDY MODEL © 2014 Sqrrl Data, Inc. | All Rights Reserved 12 Data Sources Users Hosts login Linked Meta Model flow login DNS records Netflow Host logs Database logs External Alerts
  • 13. CASE STUDY EXAMPLE MAPPING © 2014 Sqrrl Data, Inc. | All Rights Reserved 13 Netflow Records startTime endTime sourceIP destIP source Port destPort protocol tcpFlags bytesIn bytesOut 10/22/14 8:58   10/22/14 8:58   10.0.2.15   192.168.0.123   37051   139   TCP   ...RS.   100   3355   10/22/14 8:45   10/22/14 8:45   10.0.2.15   192.168.0.6   0   3328   ICMP   ......   40   100   10/22/14 8:59   10/22/14 8:59   192.168.0.11 9   10.0.2.15   139   60071   TCP   .A..S.   46   351   10.0.2.15 192.168. 0.123 Class=Flow, totalBytes = 3455 192.168. 0.6 Class=Flow, totalBytes = 140
  • 14. CASE STUDY EXAMPLE DATA © 2014 Sqrrl Data, Inc. | All Rights Reserved 14 Jane Class=User: id=Jane, loginAttempts=82 192.168. 10.94login 74.129. 94.19 Class=Host: id=74.129.94.19, bytesTransfered={ 2014-09-30/01:00: 64472381} Class=Host: id=192.168.10.94, hostname=kali, bytesTransfered={ 2014-09-30/01:00: 64472381} flow 192.168. 10.120 Class=Host: id=192.168.10.120, hostname=msserv bytesTransfered= {2014-09-30/04:00: 42318}
  • 15. INVESTIGATION PROCESS © 2014 Sqrrl Data, Inc. | All Rights Reserved 15 1. Set the Stage 2. Enable Search and Discovery 3. Automate Analysis •  Define the security-centric entity/ relationship model •  Extract and maintain the model •  Visually navigate assets and actors in the network •  Drill down to the raw data seeding the model •  Use behavioral analytics to build expectations of ‘normal’ •  Flag entities as potentially ‘abnormal’ and sniff them out
  • 16. SPARK METHODOLOGY, ALGORITHMS, AND RESULTS © 2014 Sqrrl Data, Inc. | All Rights Reserved 16
  • 17. APACHE SPARK 101 We use Spark because: 1.  Meets core processing requirements •  Pre-canned algorithms •  Native support for graph processing •  Simple programmability 2.  Good performance •  Low latency for many small jobs •  Scalability for big jobs 3.  Natural fit •  Ties with Hadoop ecosystem simplified integration © 2014 Sqrrl Data, Inc. | All Rights Reserved 17
  • 18. ROUND-TRIPPING WITH SPARK © 2014 Sqrrl Data, Inc. | All Rights Reserved 18 Algorithmic Enrichment SqrrlGraphInputFormat SqrrlGraph.update(uuid, values) Sqrrl Graph Store Input Data Ingest/ Extract Serve/ Analyze Sqrrl UI •  DNS •  Netflow •  Windows Logs •  DB logs •  Alert data
  • 19. STRUCTURAL FEATURES © 2014 Sqrrl Data, Inc. | All Rights Reserved 19 Triangle Counting: •  Given node A, find edges AB, AC, BC •  For nodes B, C in A’s neighborhood, is P(BC) > E/N2 Node Degree: •  Given node A, how many nodes within 1 or 2 edges? Page Rank: •  Iteratively transfer weight proportionally to neighbors •  Converges on entity importance
  • 20. SPARK OUTLIER DETECTION •  Use GraphX to load Sqrrl graph model •  Entities: Users, Hosts •  Relationships: Flows, Logins (both user and host) •  Loads an RDD with Sqrrl graph in Spark •  For every node, generate features: •  GraphX built-in methods: •  Degree, Triangle Count, PageRank •  Implemented in Spark by Sqrrl: •  edgeWeightTotal, totalNeighborDegree © 2014 Sqrrl Data, Inc. | All Rights Reserved 20 Detail on data flow and algorithms
  • 21. SPARK OUTLIER DETECTION •  Transform statistics to feature matrix, run PCA •  Creates ranked list of high-variance dimensions, most likely indicative of an entity’s “outlierness” •  PCA run with Spark MLLib •  Top feature pairs: •  totalNeighborDegree vs. edgeWeightTotal •  Degree vs. edgeWeightTotal •  Create “distance” measure using pairs to flag anomalies © 2014 Sqrrl Data, Inc. | All Rights Reserved 21 Detail on data flow and algorithms
  • 22. SPARK RAPID ITERATION © 2014 Sqrrl Data, Inc. | All Rights Reserved 22
  • 23. VISUALIZING THE THREAT © 2014 Sqrrl Data, Inc. | All Rights Reserved 23
  • 24. © 2014 Sqrrl Data, Inc. | All Rights Reserved 24
  • 25. THANKS! © 2014 Sqrrl Data, Inc. | All Rights Reserved 25 Adam Fuchs, CTO Sqrrl Data, Inc. http://www.sqrrl.com