• Home

  • Documents

  • Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming...
13
QUALYS SECURITY CONFERENCE 2020 Security Data Lake and Analytics Cloud Platform Dilip Bachwani Senior Vice President, Engineering and Cloud Operations, Qualys, Inc.

Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

  • Upload
    others

  • View
    28

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

QUALYS SECURITY CONFERENCE 2020

Security Data Lake and Security Data Lake and Analytics Cloud Platform

Dilip BachwaniSenior Vice President, Engineering and Cloud Operations, Qualys, Inc.

Page 2: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

Cloud Platform Evolution

Growing portfolio with 19+ apps

Cloud Agent driving product adoption

Organically built multi-petabyte data lake

Better cross-product and third-party data correlation…

2 February 25, 2020Qualys Security Conference San Francisco

Page 3: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

Data Lake and Security Analytics Goals

Provide a coherent and actionable view of your security posture by breaking down security data silos

Coalesce all data into a centralized highly scalable security data lake

Combine and enrich Qualys generated findings with third party signals

Leverage the strength of Qualys Cloud Platform, Cloud Agent and Apps to build a comprehensive security analytics platform

3 February 25, 2020Qualys Security Conference San Francisco

Page 4: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

Security Analytics Use Cases

Real-time streaming correlation and analytics with out-of-box rules

Out-of-band batch analytics over historical data

Ad-hoc querying and threat hunting on enriched and security aware data sets

Advanced analytics use cases using machine learning

Orchestration with playbooks

Response and endpoint protection

4 February 25, 2020Qualys Security Conference San Francisco

Page 5: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

Advanced Correlation and Analytics

!"#$%&'()*+,-

Network Firewall End Point Apps Cloud Users IoTServer Qualys Apps

Qualys Security Data Lake PlatformData Ingestion | Normalization | Enrichment | Governance

Threat HuntingSearch | Exploration | Behavior Graph

ML/AI ServicePatterns | Outlier | Predictive SoC

Security AnalyticsAnomaly | Visualization | Dashboard

UEBAUser & Entity Behavior Analytics

Advanced CorrelationActionable Insights | Out-of-box Rules

Orchestration & AutomationIntegration | Playbooks | Response

Qualys Quick Connectors

IOCCA VM WAS WAFAI PC

February 25, 2020

Page 6: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

Correlation and Data Platform Architecture

6 February 25, 2020Qualys Security Conference San Francisco

Third Party Sources

Qualys Apps

Firewall

Apps

IoT

IOC

CA VM WAS

WAF

AI

PC FIM

Users

Cloud IPS

Security Data Lake

Visualization

Threat Hunting

OrchestrationAutomation

APIs

Qua

lys

Stre

amin

g D

ata

Bac

kbo

ne

No

rmal

izat

ion

and

Enr

ichm

ent

Rea

l-ti

me

Stre

am P

roce

ssin

g

Batch Processing

Machine Learning

Page 7: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

MITRE ATT&CK Stages

Initial Access ExecutionPrivilege

EscalationDefenseEvasion

CredentialAccess

DiscoveryLateral

MovementCollection Exfiltration C2

SOC Analyst

Next-Gen Analytics, Data Lake and Orchestration

Behavioral Analytics across MITRE ATT&CK stagesBehavioral Analytics across MITRE ATT&CK stages

Correlation Engine

Behavioral Analytics across MITRE ATT&CK stagesBehavioral Analytics across MITRE ATT&CK stages

Threat Storyline

Behavioral Analytics across MITRE ATT&CK stagesBehavioral Analytics across MITRE ATT&CK stages

SOAR

Continuous Logging from Qualys Apps and 3rd PartyContinuous Logging from Qualys Apps and 3

IT InfraEvents

Continuous Logging from Qualys Apps and 3Continuous Logging from Qualys Apps and 3Continuous Logging from Qualys Apps and 3rd PartyContinuous Logging from Qualys Apps and 3

SecurityInfra Events

Threat Actortargets webserver with known vulnCVE-2018-7600

(Drupalgeddon2)

Threat ActorSteals credential by

using Mimikatz and logs into domain controller

CVE Exploited

Emergency Patch applied

IDS LogsAttempted

Exploit

Initial Access

IOC detectspost exploit tool,

correlate to Mimikatz

CredentialAccess

Cloud Agent Detects & Log Login activity

LateralMovement

Passive Sensor Logs outbound

C&C traffic

C2

!

SOC AnalystCan stop attacks

before data exfiltration

Threat ActorCould NOT exfiltrate

the sensitive info

C&C

Page 8: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

February 25, 2020Qualys Security Conference San Francisco8

Page 9: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

February 25, 2020Qualys Security Conference San Francisco9

Page 10: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

February 25, 2020Qualys Security Conference San Francisco10

Page 11: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

February 25, 2020Qualys Security Conference San Francisco11 February 25, 2020Qualys Security Conference San Francisco

Page 12: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

Security Analytics – Milestone Timelines

12

2020 2021April 2020 – Milestone 2 (Alpha)

Adv Correlation EngineMITRE ATT&CK Analytics

Connector Library

February 25, 2020Qualys Security Conference San Francisco

Nov 2019 – Milestone 1Demo at QSC

Adv Correlation Engine

Aug 2020 – Milestone 3 (Beta) SIEM Connectors

Incident ResponseReal-Time Context Enrichment

Alert Triage, Investigation & Prioritization

Nov 2020 – Milestone 4 (GA)UEBA, Threat Hunting

Data Analytics50+ Connector Library

Page 13: Security Data Lake and Analytics Cloud Platform · Security Analytics Use Cases Real-time streaming correlation and analytics with out-of-box rules Out-of-band batch analytics over

QUALYS SECURITY CONFERENCE 2020

Thank YouDilip Bachwani

[email protected]


Network security analytics today

Network security analytics today

Documents
144 Study and Analysis of Big Data Security Analytics for ... · and historical information – big data security analytics. Mingle the current condition of analytics with security

144 Study and Analysis of Big Data Security Analytics for ... · and historical information – big data security analytics. Mingle the current condition of analytics with security

Documents
RSA ADVANCED SECURITY OPERATIONS CENTER · RSA Security Analytics RSA Advanced ... RSA SECURITY ANALYTICS ARCHITECTURE ... Intelligence feeds APT Domains Suspicious Proxies Malicious

RSA ADVANCED SECURITY OPERATIONS CENTER · RSA Security Analytics RSA Advanced ... RSA SECURITY ANALYTICS ARCHITECTURE ... Intelligence feeds APT Domains Suspicious Proxies Malicious

Documents
Big Data Analytics for Security Intelligence - Cloud Security Alliance

Big Data Analytics for Security Intelligence - Cloud Security Alliance

Documents
Visual Analytics and Security Intelligence

Visual Analytics and Security Intelligence

Technology
[RakutenTechConf2013] [A-0] Security Meets Analytics

[RakutenTechConf2013] [A-0] Security Meets Analytics

Technology
Security Intelligence and Analytics

Security Intelligence and Analytics

Documents
Business Analytics out of the box - TechnologyOne · Business Analytics out of the box Mick Cowper ... Integration Demonstration Preconfigured dashboards. Business Analytics Next

Business Analytics out of the box - TechnologyOne · Business Analytics out of the box Mick Cowper ... Integration Demonstration Preconfigured dashboards. Business Analytics Next

Documents
Cybersecurity Analytics and Operations HAS evolved · Cybersecurity Analytics and Operations HAS evolved Too Many Tools Security Analytics and Operations Challenges Security Analytics

Cybersecurity Analytics and Operations HAS evolved · Cybersecurity Analytics and Operations HAS evolved Too Many Tools Security Analytics and Operations Challenges Security Analytics

Documents
Network security analytics today …and tomorrow

Network security analytics today …and tomorrow

Documents
Data Analytics for Security Intelligence

Data Analytics for Security Intelligence

Data & Analytics
RSA: Security Analytics Architecture for APT

RSA: Security Analytics Architecture for APT

Technology
Social Security Administration Analytics Center of Excellence D… · Social Security Administration Analytics Center of Excellence Advanced Analytics Capability Maturity Model (A

Social Security Administration Analytics Center of Excellence D… · Social Security Administration Analytics Center of Excellence Advanced Analytics Capability Maturity Model (A

Documents
Cloud Analytics Security

Cloud Analytics Security

Documents
Security Data Analytics Platform (pdf)

Security Data Analytics Platform (pdf)

Documents
Tutorial: Text Analytics for Security

Tutorial: Text Analytics for Security

Technology
Security Analytics Beyond Cyber

Security Analytics Beyond Cyber

Technology
E-guide Security Analysis & Analytics Tools Buyer’s Guidecdn.ttgtmedia.com/searchSecurity/downloads/Security... · 2016-07-19 · analytics software Comparing the top security analytics

E-guide Security Analysis & Analytics Tools Buyer’s Guidecdn.ttgtmedia.com/searchSecurity/downloads/Security... · 2016-07-19 · analytics software Comparing the top security analytics

Documents
Predictive Analytics for security & law enforcement · Predictive Analytics for security & law enforcement ... Predictive Analytics helps security and law enforcement ... PREDICTIVE

Predictive Analytics for security & law enforcement · Predictive Analytics for security & law enforcement ... Predictive Analytics helps security and law enforcement ... PREDICTIVE

Documents
Cyber Security Analytics: A Stochastic Model for Security ... · Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains . Subil Abraham

Cyber Security Analytics: A Stochastic Model for Security ... · Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains . Subil Abraham

Documents
Text Analytics for Security

Text Analytics for Security

Technology
Security Big Data Analytics - project.inria.fr

Security Big Data Analytics - project.inria.fr

Documents
JSA Series Secure Analytics Appliances with IBM Security … · JSA Series Secure Analytics Appliances with IBM Security ... JSA Series Secure Analytics Appliances with IB Security

JSA Series Secure Analytics Appliances with IBM Security … · JSA Series Secure Analytics Appliances with IBM Security ... JSA Series Secure Analytics Appliances with IB Security

Documents
Security Analytics for Certified Fraud Examiners

Security Analytics for Certified Fraud Examiners

Technology
Symantec Security Analytics - Broadcom Inc

Symantec Security Analytics - Broadcom Inc

Documents
Information Security Analytics

Information Security Analytics

Documents
eGain Analytics Security Guide - support.egain.com 15/Analytics/User... · eGain® 15 eGain Analytics Security Guide , ... without the written permission of eGain Corporation. eGain

eGain Analytics Security Guide - support.egain.com 15/Analytics/User... · eGain® 15 eGain Analytics Security Guide , ... without the written permission of eGain Corporation. eGain

Documents
Software Analytics: Data Analytics for Software Engineering and Security

Software Analytics: Data Analytics for Software Engineering and Security

Software
The Forrester Wave™: Security Analytics Platforms, Q1 2017 Security/The Forrester Wave - Security Analytics.pdfThe Forrester Wave™: Security Analytics Platforms, Q1 2017 Tools

The Forrester Wave™: Security Analytics Platforms, Q1 2017 Security/The Forrester Wave - Security Analytics.pdfThe Forrester Wave™: Security Analytics Platforms, Q1 2017 Tools

Documents
Lviv MD Day 2015 Роман Остап "Intro to security analytics. Security Analytics on mobile devices"

Lviv MD Day 2015 Роман Остап "Intro to security analytics. Security Analytics on mobile devices"

Business