Big Data & Security Have Collided - What Are You Going to do About It?
-
Upload
emc-academic-alliance -
Category
Technology
-
view
372 -
download
2
description
Transcript of Big Data & Security Have Collided - What Are You Going to do About It?
1 © Copyright 2013 EMC Corporation. All rights reserved.
Big Data & Security Have Collided What Are You Going to do About It?
Matthew Gardiner, Sr. Manager, RSA, The Security Division of EMC
2 © Copyright 2013 EMC Corporation. All rights reserved.
Roadmap Information Disclaimer EMC makes no representation and undertakes no obligations with
regard to product planning information, anticipated product characteristics, performance specifications, or anticipated release dates (collectively, “Roadmap Information”).
Roadmap Information is provided by EMC as an accommodation to the recipient solely for purposes of discussion and without intending to be bound thereby.
Roadmap information is EMC Restricted Confidential and is provided under the terms, conditions and restrictions defined in the EMC Non-Disclosure Agreement in place with your organization.
3 © Copyright 2013 EMC Corporation. All rights reserved.
Alternative Title
Security for Big Data &
Big Data for Security
4 © Copyright 2013 EMC Corporation. All rights reserved.
How Many of You are IT Security Professionals?
5 © Copyright 2013 EMC Corporation. All rights reserved.
Security for Big Data
6 © Copyright 2013 EMC Corporation. All rights reserved.
At this point more questions than answers New Technology, New Use Cases, New Social Norms
7 © Copyright 2013 EMC Corporation. All rights reserved.
Add Big Data to the List of Hard Security Challenges Security is always trying to catch up
Mobile Cloud
APTs
Sophisticated Fraud
Extended Workforce
Networked Value Chains Big
Data
8 © Copyright 2013 EMC Corporation. All rights reserved.
Big Data Has A Tidal Wave of New Technologies And Surprise! Security/Privacy has not been a key focus to date
9 © Copyright 2013 EMC Corporation. All rights reserved.
Your Organization’s Security Professional?
10 © Copyright 2013 EMC Corporation. All rights reserved.
How is Big Data Different? And why this creates security challenges Distributed nodes
– Moving computation is cheaper than moving data
Shared data – Don’t know where data is or how many copies there are
Coarse grained data access ownership – Most limited at the schema level only
Inter-node communication – Usually done in the clear
Client applications typically not verified
Web services with limited or no protection
Sourced from: Securosis, Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments, October 12, 2012
11 © Copyright 2013 EMC Corporation. All rights reserved.
Suggestion - Go Back to Security Basics And apply to new domain
Prevention Remediation
Detection
12 © Copyright 2013 EMC Corporation. All rights reserved.
Security Concepts Haven’t Changed Just how to apply them
Prevention – Authentication/Authorization – Secure communications – Encryption/tokenization/redaction – Patching the underlying systems
Detection – Auditing/Monitoring/Logging
Remediation – Fast, (pre-defined) incident response
Data Privacy – Principled (& legal) data/analysis usage
13 © Copyright 2013 EMC Corporation. All rights reserved.
Don’t Fall into the Obfuscation Security “Strategy” Infrastructures often are (or soon will be) Web accessible
14 © Copyright 2013 EMC Corporation. All rights reserved.
But wait - Didn’t we just do this for the Cloud?
15 © Copyright 2013 EMC Corporation. All rights reserved.
Providing centralized control with dist. enforcement? Are Web Access Management Systems a Model for big data systems?
User
Access Manager Agent
Access Manager Server
Access Manager Agent
Website with Access Manager Agent
Access Manager Admin
Console
Website with Access Manager Agent
Access Manager Agent
Website with Access Manager Agent
16 © Copyright 2013 EMC Corporation. All rights reserved.
Providing centralized control with dist. enforcement? PAP/PDP/PEP – See XACML standard
User
Policy Enforcement
Point
Policy Decision
Point
Policy Enforcement
Point
Hadoop Node #2
Policy Admin. Point
Hadoop Node #1
Policy Enforcement
Point Hadoop Node #N
17 © Copyright 2013 EMC Corporation. All rights reserved.
Security Maturity – More Important than Ever
IT RISK CONTROL COMPLIANCE BUSINESS RISK
MATURITY LEVEL
Mobile Cloud
APTs
Sophisticated Fraud
Extended Workforce
Networked Value Chains
Big Data
18 © Copyright 2013 EMC Corporation. All rights reserved.
What to do Now?
19 © Copyright 2013 EMC Corporation. All rights reserved.
3 Steps to Improved Big Data Security 1. Protect the data
– Basic access controls (even if only password based) – Establish, document, & enforce a Big Data lifecycle – Understand where your data lives & moves
2. Audit/Monitor the systems – Audit the platform – Audit data consumers – Establish remediation procedures
3. Make your data more resilient – Tokenization/redaction of the truly sensitive stuff
20 © Copyright 2013 EMC Corporation. All rights reserved.
Mental break while we shift topics
21 © Copyright 2013 EMC Corporation. All rights reserved.
Big Data for Security
22 © Copyright 2013 EMC Corporation. All rights reserved.
Traditional Security is Not Working
Source: Verizon 2012 Data Breach Investigations Report
99% of breaches led to compromise within “days” or less with 85%
leading to data exfiltration in the same time
85% of breaches took “weeks” or more to discover
23 © Copyright 2013 EMC Corporation. All rights reserved.
Threat Actors Have Evolved Substantially
Nation state
actors PII, government, defense industrial base, IP rich organizations
Criminals
Petty criminals
Organized crime
Organized, sophisticated supply chains (PII, financial services, retail)
Unsophisticated
Non-state actors
Terrorists Anti-establishment vigilantes
“Hacktivists” Targets of opportunity
PII, Government, critical infrastructure
24 © Copyright 2013 EMC Corporation. All rights reserved.
Speed Response Time 2 Decrease
Dwell Time 1
TIME
Attack Identified Response
System Intrusion
Attack Begins
Cover-Up Complete
Advanced Threats Are Different
Cover-Up Discovery Leap Frog Attacks
1 TARGETED SPECIFIC OBJECTIVE
STEALTHY LOW AND SLOW 2 3 INTERACTIVE
HUMAN INVOLVEMENT
Dwell Time Response Time
25 © Copyright 2013 EMC Corporation. All rights reserved.
Effective Security is always about balance Most organizations need to improve detection/remediation
Prevention Remediation
Detection
26 © Copyright 2013 EMC Corporation. All rights reserved.
Orgs. are Increasingly Creating SOCs/CIRCs – Why? Better detection/investigation/remediation
IDS
AV
IPS
Centralized Log
Collection SOC/CIRC
SIEM
27 © Copyright 2013 EMC Corporation. All rights reserved.
Threats have changed, shouldn’t protection change too?
Single well-defined security event – Signature-based approaches for pinpoint accuracy
Group of closely related (time or space) security events – Security Incident Event Management approaches for locality identification; Send in the CIRT team
in Isolated set of normal-looking events with weak correlation (Advanced or Targeted Attacks) – Needs a data-intensive analytics approach
Find me a blade of grass of height H, width W, color G, from field F, cut at time T and changed colors to G’, G’’, G’’’ over time T1, T2,T3..
28 © Copyright 2013 EMC Corporation. All rights reserved.
3 RSA Security Technologies That Leverage Big Data
29 © Copyright 2013 EMC Corporation. All rights reserved.
LONG-TERM
RSA Security Analytics ->Using Big Data to Detect Advanced Threats
LIVE INTELLIGENCE Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions
WAREHOUSE
THE ANALYTICS
Reporting and Alerting Investigation Malware Analytics Administration
Complex Event Processing Free Text Speech Correlation Metadata Tagging
Incident Management Asset Criticality
Compliance
EUROPE
NORTH AMERICA
ASIA
Enrichment Data
Logs
Packets
DIS
TRIB
UTE
D
CO
LLEC
TIO
N
REAL-TIME
30 © Copyright 2013 EMC Corporation. All rights reserved.
RSA SilverTail ->Using Big Data to Detect Web Attacks/Fraud
31 © Copyright 2013 EMC Corporation. All rights reserved.
RSA Risk Engine -> Using Big Data to Improve Authentication
Web Browser
RSA Risk Engine
Device Identification
User Behavior
PASS
FAIL
Protected Resources
PASS
RISKY
Identity Challenge
?
On-Demand
Challenge Questions Access
Denied
SSL VPN
OWA
SharePoint
Web Portals
Authentication Policy
Assurance Level
Activity Details
32 © Copyright 2013 EMC Corporation. All rights reserved.
Questions?
Big Data & Security Have Collided - What Are You Going to do About It?