Big Data Presentation 04Nov2013

8/13/2019 Big Data Presentation 04Nov2013

1/27

2013 MetricStream, Inc. All Rights Reserved.

GRC Big Data

November 2013


2/27


From Integrated to Pervasive GRC

Widespread and rapid

adopt ion of new

technologies (e.g. ,

mobi le, soc ial )

Increas ing regulatorypressures and Board /

Management

accountabi l i t y

Represents internally developed solutions Represents vendor solutions

First Generation Second Generation

Third Generation Fourth Generation

ExpandingGRC

App

lications

2003 2013 ?

Sarbanes-Oxley (SOX) enacted fol lowing s er ies of

acco unt ing scandals (Enron, Tyco, WorldCom)Global financ ial cr is is

S i loes lead to grea ter

r isk and inef f ic ient use

of resource s

Audit / Finance

(Sarbanes-Oxley)Audit / Finance

IT GRC

Audit / Finance

IT GRC

Legal

Quality

Management

Compliance

Management

IT GRC

Legal

Quality

Management

Notable disasters inc lude Deepwater Hor izon and Fukushim a

Risk

Management

Standalone, largely

ad hoc, in ternally

developed solut ion s

Si loed vendor and

internally develop ed

poin t so lu t ions

Integr ated GRCplat form solut ion s

Pervasi ve GRC

Audit / Finance

IT GRC

Legal

Quality

Management

Compliance

Management

Risk

Management

Vendor RiskManagement

Social GRC

Long-Tail Apps

Comprehensive&Unified

Analytics

Cloud GRC

Com

monDataModel;CustomizableP

latform


3/27


Product Vision

GRC Platform Infrastructure

Aggregator of structured and unstructured data Analytics for risk intelligence and contextual analysis

Orchestrator of native and non-native apps

Best-in-Class Core Apps

Federated architecture, integrated taxonomy Fully-packaged apps

Highly configurable with AppStudio by customers

and partners

Enable Long Tail of Apps Technology and ecosystem collaboration

GRC Intelligence

Aggregated and native content capabilities


4/27


Pervasive GRC: Data Sources and Types

MetricStream


5/27


Big Data The New Trend in Analytics

Size of data

Complexity

and Effort

in deriving

intelligence

Unstructured data sets such

as social media feeds,

location data, news feeds

Structured data sets

such as ERP

transaction data and

metadata, standard

XML feeds from websources etc.

Big datasets

Big data analytics

Small datasets

Traditional data analytics

Key Attributes:

Approximate results, but quickly

Processing very large volume of data

Filtering relevant data

Key Attributes: Exact results

Number crunching

Incremental data sizes


6/27


GRC: A Big Data Problem

Multiple GRC Data Sources, Event Co-relations

Content and Standards Library ERP, SCM, Content Management applications

Network Frontiers/UCF, NIST NVD, Cloud Security

Alliance, SharedAssessments.org

SAP, Oracle, i2, Ariba, JD Edwards, EMC, Documentum,

OpenText, Sharepoint

Threat , Vulnerability, Logs, SIEMS, Operations and Asset Management

nCircle, Nessus , Qualys, Symantec, McAfee, Arcsight,

Splunk, BigFix, eEye

HP Asset Manager, BMC Remedy

SIEM, Log Management, Application Intelligence Risk Models

LogLogic, ArcSight, Splunk Market and Credit Risk Models, RiskMetrics, RMA

Segregation of Duties, CCM, Transaction Monitoring Risk and Framework Content

CrossIdeas , Engiweb Security, Greenlight, Mantaz,

Actimize, MES systems

ORX, Gold; American Banking, OCEG, IIA, ISO, D&B,

Configuration Management Regulatory Content sources

Qualys, nCircle Configuration Compliance Manager(CCM), eEye Retina CS

Lexis, Factiva, Complinet, Reuters, FDA, State RegsComplianceOnline - > 1000 sources

Data Loss, EndPoint, Mobile, Application Security Smart Grid and Green Data centers

Verdasys, Sophos, Veracode, Lookout, Symantec Cisco, SilverSpring

Social Media Sources News Feeds

Facebook, Twitter, Linkedin www.iss.net, xssed.com
http://www.iss.net/http://www.iss.net/


7/27


Big Data: A Effective Risk Management Tool

Trends predictSuper Cyclone in

India

90% ofManufacturing

Plants impacted

No supply till plantsrestored

Anticipate, Countersupply disruptionwith remedial plan

and publish it

Stock stable

Super Cyclone inIndia

90% ofManufacturing

Plants impacted

No supply till plants

restored

News of disruption

in supply

Stock volatile

10.13 10.30

10.3514.35

10.10 10.30

10.35Next

day


8/27


Big Data Risk Analysis A Product Reputation Use Case

Social Media site

PostingsCall center transcripts Customer Support

Emails Internal data & reports

Identifythe key datasources for gathering the

Product reputation andquality feedback

Aggregate & Processthedata using Hadoop DFS

and MapReduce framework

Detectthe risks usingnatural language processingbased rules, keywords andauthor profiles and influence

Informthe relevantstakeholders through trend

analysis reports anddashboards

Hadoop DFS

Store the complete data in a Distributed File system

Create risk detection

rules based on key

words, repetition

frequency & Authorinfluence

Analyze the product

feedback data based

on the rules on a real-time basis

Reduce the data to highlight

the key product & brand

reputation risks and their

causes

Create trend analysis dashboards to highlight key product feedback categories and risks

and causes highlighted based on the analysis


9/27


Big Data Risk AnalysisVendor Due Diligence Use Case

Big DataAnalytics

Unstructured data sets :

News feeds, SocialMedia comments

External databases:

Exports registry, PEPDatabase ,

Rating Agency Databases

Internal databases:

Vendor information,

Credit and Paymentinformation

AggregateReal time and Up-to-date Vendor Due diligence and Assessment

information

Correlatethe vendor data against key identified risks for accurate risk scoring

and assessment

Managecompliance to FCPA, UK Bribery Act & OECD Convention etc.


10/27


Big Data Risk AnalysisIT-GRC Use Case

Aggregatethe vulnerabilitybulletins across websites e.g.

www.xssed.com, www.iss.net etc

Analyzethe feeds based on thetext analytics based rules and ITAsset library

Highlightthe risks & vulnerabilitiesbased on the asset library as well

as the rules engine Correlatethe Product and CVE details withthe internal IT asset libraries and highlight

potential risks and vulnerabilities
http://www.xssed.com/http://www.xssed.com/http://www.xssed.com/


11/27


Situational Awareness for BCP

Track Social Media platforms like:Twitter

FacebookPinterest

Google (Google +, Youtube, Crisis Map etc.)

Correlate Information with Organizational Assets /

Facilities / Risks

Trigger / Update Incident Management Workflows &

Notifications

Real-Time Reports &

Dashboards

Leverage Social Media for

Communications During

Emergencies


12/27


Big Data Risk Analysis Other Use Cases

Fraud, AML Trader and Broker Compliance

Brand and Reputation risk management

Vendor Due-Diligence

Product Feedback & Complaints management

Increased supply chain visibility


Customer Feedback & Complaints management

Reputation management


Customer Feedback & Complaints management

Reputation management


13/27


Big Data and MetricStream GRC Solutions

Identify

Identify thekey risks

Identify the

informationsources

Aggregate

Aggregatedata acrossstructured andunstructured

data sourcesusing Big dataaggregation &analysis

Detect

Auto detectionof riskindicatorsusing rules

Risk scoreassessment ofdata toprioritize

Inform

Actionableinformationbased onvisual reports

Alerts andNotificationsfor keystakeholders

Remedy

Manage theremediationactionsthrough pre-

set ERMworkflows

Provide organizations with a plug and play solution to align

the Big Data risk detection, analysis, mitigation as well as

continuous monitoring with the integrated enterprise GRC

framework of the organization.

MetricStream Big Data

Risk Detection Framework

MetricStream Enterprise Risk

Management Framework


14/27


Big Data: Solving the Key Challenge

How to channelize the data

to right stakeholder?

How can the situation be

mitigated in real-time?How to filter Voice from

Noise in the Big Data?

Hadoop DFS based framework to allow aggregation of contentacross data sources

Ability to handle both structured and unstructured content

Aggregate data across big data

sources

Advanced text analytics based on custom rules to identify text

patterns and indicators of risk. Risk analysis and scoring mechanism to prioritize the identified

data.

Advanced Text analytics for RiskIdentification

Pre-built integration with MetricStream ERM framework

Single workflow for end-to-end handling of Big data based riskanalytics

Out-of-box integration with

MetricStream ERM

M t i St I t g ti A hit t S l bl


15/27


MetricStream Integration Architecture: ScalableAcross Structured and Unstructured Data Sources

Store data from Structured

data sources such as ERP,

DMS, XML Data feeds

Store data from unstructured data sources such

as Social Media, Email Data stores, Public

Databases


16/27


Big Data Aggregation and Analytics Workflow

Aggregation Processing Reporting Actionizing

Integrated Data

feed management

with Internet

websites

Automatic and

advanced scraping

capabilities

Internet

Directory/Company

Registry/Litigation

record searches

Key dashboards

and reports

available for results

analysis such as

Article Risk report

Consolidated risk

dashboard

Out-of-Box

Integration with

the Issuemanagement

solution

Assignment of

the identified risk

to designated

stakeholder

Word dictionary

and risk rules

based analysis of

feeds for risk

detection

Robust rule

engine to

accommodate

fuzzy logic for

textual risk analysis


17/27


Various Big Data

Sources

Big Data Aggregation and Analytics Workflow


18/27


Big Data and Social Media Risk and Compliance Mgmt

Identify the Risks which need

to be analyzed in theorganization

1

Identify the word dictionary

that needs to be associatedwith the risk rule

2

Create the rule using one or

more of the dictionaries with

configurable parameters for

detecting risk in feeds

3

Configure the feed from a

Facebook page or Twitter

Hashtag for extraction

4

Identify the feeds which

match the rule in the channel

report

5

Take action on the article by

routing it to the Incident &

Issue management system

6


19/27


Feed Source Configuration

Ability to Configure feeds

across multiple sources

Multiple URLs from a single

social media source can be

configured

Leverage Hadoop Distributed

file system (DFS) and

MapReduce Framework for

detection and analysis


20/27


Text Analysis Configuration

Ability to handle lexicon

across multiple languages forreal time text analysis


21/27


Rule Configuration

Ability to create complicated

text analysis rules based on

to facilitate real time text

analysis and riskassessment.


22/27


Detect risky content across

articles and flag it for user to

analyze and decide on futurecourse of action.

Analyze risk content on each

article and display risk

assessment scores on each

article for prioritization

Display Author information toallow user to gauge the author

influence by the system score as

well as other configurable

parameters.

Analysis Report


23/27


Analysis Report


24/27


Issue Creation


25/27


Next Gen GRC Platform Capabilities

Big Data Analytic Capabilities

Building Technology architectures to deal with 3 Vs with support for

Hadoop and MongoDB

Building intelligent parsing and caching capabilities

Social Media Awarenessapplying rules, differences in network types

Contextual Risk Intelligence and Advanced Analytics Advanced analytics, reporting and business intelligence

Advanced AppStudio

Enabling customers and partners to extend or create applications Enabling significantly higher productivity for Services and product

development


26/27


Next Gen GRC Platform Capabilities

Multi-platform mobility support

Multiple form factors and innovations

Persisting user state across devices to preserve user experience

Location and context awareness and sensing

Cloud-based IT provisioning

Rapid deployment modelsGRC Express

Higher range of service levels

Readiness for Enterprise

Increased investments in MS Labs testing expanded for compatibilitywith browsers, servers, databases, versions, open-source

Performance in lab5,000+ concurrent users in certain applications

High availability

Multi-lingual capabilities


27/27

Documents

Big Data Presentation 04Nov2013