Upload
softnix-technology
View
185
Download
1
Embed Size (px)
Citation preview
SecurityDataLake LeveragingBigDataPlatformtobuildstrongercyberdefense
RujirapongRitwongCEO,Co-founderSoftnix Technology
Definition• SecurityDataLakeisDataLakeappearinginthesecurityfield.
• DataLakeisamethodofstoringdatawithinBigDatasystem
• SecurityDataLakecentrallocationwhereallsecuritydata
• SimilarLogManagement,SIEM
TraditionalSecurityManagement• SIEMaresecuritymonitor,logmanagementactedas
thedatastoreforsecuritydata.• Technologiesused15yearsago.• Relationaldatabasesarenotwellsuitedforlarge
amountsofdata.• ACID- Fastwritesorfastreads,butnotboth• Realtimecorrelation(rules)enginerunonsingle
machine.• Notbuildtoletotherproductsreuse.• Expensiveforexplaining
Howlongdoyoucurrentlystoreeventandlogdata forSIEM
http://go.cyphort.com/rs/181-NTN-682/images/Cyphort-Ponemon-SIEM-Report.pdf
RetentiondataforcomplianceISO27001 ,PCI-DSS,HIPAA,FISMA,Sarbanes-Oxley(SOX)
ComparingSecurityDataLaketoSIEMSecurityDataLakeisnotareplaceforSIEMSecurityDataLakeObjective;◦ datastorage◦ dataprocessing◦ PurposefunctionofaSIEMcovers
2.25xMorelikelyTodetectthreatsWithinminutes
Timetodetectandidentifyasecurityincident
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html
Moreinformation:https://www.ponemon.org/local/upload/file/Big_Data_Analytics_in_Cyber_Defense_V12.pdf
82%BigDataPlatform+SecurityTechnologies=StrongerCyberDefense
WhatisstoppingBigDataanalyticsadoption?
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html
Oforganizationssayit’simpossibletoleverageBigDataanalyticswithtraditionalsystem
72%
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html
ButSecurityDataLake(Hadoopbased)can.
29 % 72 % 43%
increasedatavolumesmorethan100%
increasedataprocessingmorethan76%
increasedataaccessforanalyticsmorethan100%
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html
UseCase
VodafoneUK’snewSIEMsystemreliesonApacheFlumeandApacheKafkatoingestnearly1millioneventspersecond.
DatafeedforSecurityDataLake
SecurityTechnologiesData NonSecurityData
http://go.cyphort.com/rs/181-NTN-682/images/Cyphort-Ponemon-SIEM-Report.pdf
SecurityDatalakehelpoptimizeSIEMCost-EffectivelyIncreaseEnterpriseVisibilityAnalyticsFlexibilitySIEMLock-inDeploymentFlexibility
Logger LoggerCloudforMSP
DataPlatformAuthenticator
LoggerforAWS
LoggerforAzure
“BigDataPlatformCompany”
Collector
EdgePoint
All-in-one LawCompliance Security&ITServices
MonitoringbyZABBIX
BigDataAnalytics
Softnix DataPlatformBigDataAnalyticPlatform
Any DeviceAnyPlatform
Dashboard&VisualizeIntegrationtoEnterpriseAnalyticSystem
Softnix DataPlatformBigDataAnalyticPlatform
CapabilityüSupportmachinedatawithanytypeüDataextractiontoanalyticformatüSupportdataindexingandaggregationüFull-textsearchorspecificsearch
üVisualizedataforhumanunderstandüSchedulesendreporttoemail
OurProcess
CollectionofData
DataEnrichment
ConvertintoStructured
AnalysisofData
VirtualizationofData
ContactUs
www.softnix.co.thfacebook.com/softnixtechtwitter.com/softnix
medium.com/@softnix