Big Data & Security Have Collided - What Are You Going to do About It?

33
1 © Copyright 2013 EMC Corporation. All rights reserved. Big Data & Security Have Collided What Are You Going to do About It? Matthew Gardiner, Sr. Manager, RSA, The Security Division of EMC

description

Big data has recently begun to impact enterprise security organizations. How can organizations use the flood of security-relevant data to improve overall security? How can organizations actually secure the big data systems themselves? This session discusses the opportunity for big data to improve security and reduce risk, focusing especially on the critical role of security strategy and management. Objective 1: Identify the key current challenges of security and why improved security requires big data tools and techniques. After this session you will be able to: Objective 2: Describe strategies for using big data tools and techniques to improve security, in particular monitoring and analysis. Objective 3: Identify best practices and technologies that can be used to secure big data systems themselves. Access the recording via http://www.brainshark.com/emcworld/vu?pi=zIGzOvwlUzB8sLz0

Transcript of Big Data & Security Have Collided - What Are You Going to do About It?

Page 1: Big Data & Security Have Collided - What Are You Going to do About It?

1 © Copyright 2013 EMC Corporation. All rights reserved.

Big Data & Security Have Collided What Are You Going to do About It?

Matthew Gardiner, Sr. Manager, RSA, The Security Division of EMC

Page 2: Big Data & Security Have Collided - What Are You Going to do About It?

2 © Copyright 2013 EMC Corporation. All rights reserved.

Roadmap Information Disclaimer EMC makes no representation and undertakes no obligations with

regard to product planning information, anticipated product characteristics, performance specifications, or anticipated release dates (collectively, “Roadmap Information”).

Roadmap Information is provided by EMC as an accommodation to the recipient solely for purposes of discussion and without intending to be bound thereby.

Roadmap information is EMC Restricted Confidential and is provided under the terms, conditions and restrictions defined in the EMC Non-Disclosure Agreement in place with your organization.

Page 3: Big Data & Security Have Collided - What Are You Going to do About It?

3 © Copyright 2013 EMC Corporation. All rights reserved.

Alternative Title

Security for Big Data &

Big Data for Security

Page 4: Big Data & Security Have Collided - What Are You Going to do About It?

4 © Copyright 2013 EMC Corporation. All rights reserved.

How Many of You are IT Security Professionals?

Page 5: Big Data & Security Have Collided - What Are You Going to do About It?

5 © Copyright 2013 EMC Corporation. All rights reserved.

Security for Big Data

Page 6: Big Data & Security Have Collided - What Are You Going to do About It?

6 © Copyright 2013 EMC Corporation. All rights reserved.

At this point more questions than answers New Technology, New Use Cases, New Social Norms

Page 7: Big Data & Security Have Collided - What Are You Going to do About It?

7 © Copyright 2013 EMC Corporation. All rights reserved.

Add Big Data to the List of Hard Security Challenges Security is always trying to catch up

Mobile Cloud

APTs

Sophisticated Fraud

Extended Workforce

Networked Value Chains Big

Data

Page 8: Big Data & Security Have Collided - What Are You Going to do About It?

8 © Copyright 2013 EMC Corporation. All rights reserved.

Big Data Has A Tidal Wave of New Technologies And Surprise! Security/Privacy has not been a key focus to date

Page 9: Big Data & Security Have Collided - What Are You Going to do About It?

9 © Copyright 2013 EMC Corporation. All rights reserved.

Your Organization’s Security Professional?

Page 10: Big Data & Security Have Collided - What Are You Going to do About It?

10 © Copyright 2013 EMC Corporation. All rights reserved.

How is Big Data Different? And why this creates security challenges Distributed nodes

– Moving computation is cheaper than moving data

Shared data – Don’t know where data is or how many copies there are

Coarse grained data access ownership – Most limited at the schema level only

Inter-node communication – Usually done in the clear

Client applications typically not verified

Web services with limited or no protection

Sourced from: Securosis, Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments, October 12, 2012

Page 11: Big Data & Security Have Collided - What Are You Going to do About It?

11 © Copyright 2013 EMC Corporation. All rights reserved.

Suggestion - Go Back to Security Basics And apply to new domain

Prevention Remediation

Detection

Page 12: Big Data & Security Have Collided - What Are You Going to do About It?

12 © Copyright 2013 EMC Corporation. All rights reserved.

Security Concepts Haven’t Changed Just how to apply them

Prevention – Authentication/Authorization – Secure communications – Encryption/tokenization/redaction – Patching the underlying systems

Detection – Auditing/Monitoring/Logging

Remediation – Fast, (pre-defined) incident response

Data Privacy – Principled (& legal) data/analysis usage

Page 13: Big Data & Security Have Collided - What Are You Going to do About It?

13 © Copyright 2013 EMC Corporation. All rights reserved.

Don’t Fall into the Obfuscation Security “Strategy” Infrastructures often are (or soon will be) Web accessible

Page 14: Big Data & Security Have Collided - What Are You Going to do About It?

14 © Copyright 2013 EMC Corporation. All rights reserved.

But wait - Didn’t we just do this for the Cloud?

Page 15: Big Data & Security Have Collided - What Are You Going to do About It?

15 © Copyright 2013 EMC Corporation. All rights reserved.

Providing centralized control with dist. enforcement? Are Web Access Management Systems a Model for big data systems?

User

Access Manager Agent

Access Manager Server

Access Manager Agent

Website with Access Manager Agent

Access Manager Admin

Console

Website with Access Manager Agent

Access Manager Agent

Website with Access Manager Agent

Page 16: Big Data & Security Have Collided - What Are You Going to do About It?

16 © Copyright 2013 EMC Corporation. All rights reserved.

Providing centralized control with dist. enforcement? PAP/PDP/PEP – See XACML standard

User

Policy Enforcement

Point

Policy Decision

Point

Policy Enforcement

Point

Hadoop Node #2

Policy Admin. Point

Hadoop Node #1

Policy Enforcement

Point Hadoop Node #N

Page 17: Big Data & Security Have Collided - What Are You Going to do About It?

17 © Copyright 2013 EMC Corporation. All rights reserved.

Security Maturity – More Important than Ever

IT RISK CONTROL COMPLIANCE BUSINESS RISK

MATURITY LEVEL

Mobile Cloud

APTs

Sophisticated Fraud

Extended Workforce

Networked Value Chains

Big Data

Page 18: Big Data & Security Have Collided - What Are You Going to do About It?

18 © Copyright 2013 EMC Corporation. All rights reserved.

What to do Now?

Page 19: Big Data & Security Have Collided - What Are You Going to do About It?

19 © Copyright 2013 EMC Corporation. All rights reserved.

3 Steps to Improved Big Data Security 1. Protect the data

– Basic access controls (even if only password based) – Establish, document, & enforce a Big Data lifecycle – Understand where your data lives & moves

2. Audit/Monitor the systems – Audit the platform – Audit data consumers – Establish remediation procedures

3. Make your data more resilient – Tokenization/redaction of the truly sensitive stuff

Page 20: Big Data & Security Have Collided - What Are You Going to do About It?

20 © Copyright 2013 EMC Corporation. All rights reserved.

Mental break while we shift topics

Page 21: Big Data & Security Have Collided - What Are You Going to do About It?

21 © Copyright 2013 EMC Corporation. All rights reserved.

Big Data for Security

Page 22: Big Data & Security Have Collided - What Are You Going to do About It?

22 © Copyright 2013 EMC Corporation. All rights reserved.

Traditional Security is Not Working

Source: Verizon 2012 Data Breach Investigations Report

99% of breaches led to compromise within “days” or less with 85%

leading to data exfiltration in the same time

85% of breaches took “weeks” or more to discover

Page 23: Big Data & Security Have Collided - What Are You Going to do About It?

23 © Copyright 2013 EMC Corporation. All rights reserved.

Threat Actors Have Evolved Substantially

Nation state

actors PII, government, defense industrial base, IP rich organizations

Criminals

Petty criminals

Organized crime

Organized, sophisticated supply chains (PII, financial services, retail)

Unsophisticated

Non-state actors

Terrorists Anti-establishment vigilantes

“Hacktivists” Targets of opportunity

PII, Government, critical infrastructure

Page 24: Big Data & Security Have Collided - What Are You Going to do About It?

24 © Copyright 2013 EMC Corporation. All rights reserved.

Speed Response Time 2 Decrease

Dwell Time 1

TIME

Attack Identified Response

System Intrusion

Attack Begins

Cover-Up Complete

Advanced Threats Are Different

Cover-Up Discovery Leap Frog Attacks

1 TARGETED SPECIFIC OBJECTIVE

STEALTHY LOW AND SLOW 2 3 INTERACTIVE

HUMAN INVOLVEMENT

Dwell Time Response Time

Page 25: Big Data & Security Have Collided - What Are You Going to do About It?

25 © Copyright 2013 EMC Corporation. All rights reserved.

Effective Security is always about balance Most organizations need to improve detection/remediation

Prevention Remediation

Detection

Page 26: Big Data & Security Have Collided - What Are You Going to do About It?

26 © Copyright 2013 EMC Corporation. All rights reserved.

Orgs. are Increasingly Creating SOCs/CIRCs – Why? Better detection/investigation/remediation

IDS

AV

IPS

Centralized Log

Collection SOC/CIRC

SIEM

Page 27: Big Data & Security Have Collided - What Are You Going to do About It?

27 © Copyright 2013 EMC Corporation. All rights reserved.

Threats have changed, shouldn’t protection change too?

Single well-defined security event – Signature-based approaches for pinpoint accuracy

Group of closely related (time or space) security events – Security Incident Event Management approaches for locality identification; Send in the CIRT team

in Isolated set of normal-looking events with weak correlation (Advanced or Targeted Attacks) – Needs a data-intensive analytics approach

Find me a blade of grass of height H, width W, color G, from field F, cut at time T and changed colors to G’, G’’, G’’’ over time T1, T2,T3..

Page 28: Big Data & Security Have Collided - What Are You Going to do About It?

28 © Copyright 2013 EMC Corporation. All rights reserved.

3 RSA Security Technologies That Leverage Big Data

Page 29: Big Data & Security Have Collided - What Are You Going to do About It?

29 © Copyright 2013 EMC Corporation. All rights reserved.

LONG-TERM

RSA Security Analytics ->Using Big Data to Detect Advanced Threats

LIVE INTELLIGENCE Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions

WAREHOUSE

THE ANALYTICS

Reporting and Alerting Investigation Malware Analytics Administration

Complex Event Processing Free Text Speech Correlation Metadata Tagging

Incident Management Asset Criticality

Compliance

EUROPE

NORTH AMERICA

ASIA

Enrichment Data

Logs

Packets

DIS

TRIB

UTE

D

CO

LLEC

TIO

N

REAL-TIME

Page 30: Big Data & Security Have Collided - What Are You Going to do About It?

30 © Copyright 2013 EMC Corporation. All rights reserved.

RSA SilverTail ->Using Big Data to Detect Web Attacks/Fraud

Page 31: Big Data & Security Have Collided - What Are You Going to do About It?

31 © Copyright 2013 EMC Corporation. All rights reserved.

RSA Risk Engine -> Using Big Data to Improve Authentication

Web Browser

RSA Risk Engine

Device Identification

User Behavior

PASS

FAIL

Protected Resources

PASS

RISKY

Identity Challenge

?

On-Demand

Challenge Questions Access

Denied

SSL VPN

OWA

SharePoint

Web Portals

Authentication Policy

Assurance Level

Activity Details

Page 32: Big Data & Security Have Collided - What Are You Going to do About It?

32 © Copyright 2013 EMC Corporation. All rights reserved.

Questions?

Big Data & Security Have Collided - What Are You Going to do About It?

Page 33: Big Data & Security Have Collided - What Are You Going to do About It?