Fighting cybersecurity threats with Apache Spot
-
Upload
markgrover -
Category
Engineering
-
view
94 -
download
1
Transcript of Fighting cybersecurity threats with Apache Spot
![Page 1: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/1.jpg)
1©Cloudera,Inc.Allrightsreserved.
ACommunityApproachtoFightingCyberThreats -ApacheSpot(incubating)MarkGrover|@mark_groverApacheSpot(incubating)committerandPPMCmemberSlidesatslideshare.com/markgrover
![Page 2: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/2.jpg)
2©Cloudera,Inc.Allrightsreserved.
Aboutthebook
•@hadooparchbook• hadooparchitecturebook.com• github.com/hadooparchitecturebook• slideshare.com/hadooparchbook
![Page 3: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/3.jpg)
3©Cloudera,Inc.Allrightsreserved.
Agenda
• ApacheSpot(incubating)
![Page 4: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/4.jpg)
4©Cloudera,Inc.Allrightsreserved.
…whilesecurityoperationscentersdonot.
SOC2
SOC1
SOC3
SOC4
Hackerscollaborateeveryday…
![Page 5: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/5.jpg)
5©Cloudera,Inc.Allrightsreserved.
ApacheSpot(Incubating)
Acommunityapproachtofightingcyberthreats.
spot.incubator.apache.org
![Page 6: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/6.jpg)
6©Cloudera,Inc.Allrightsreserved.
Gapsinexistingcybersecuritysolutions
DetectingAdvancedThreats
Onlysignatureandcorrelationbaseddetection
Machinelearningisdifficulttoimplement
Dataisnotenrichedforbetterdetection
ReducingInvestigationandResponseTime
Accessmultipleapplicationsinordertoact
Partialenterprisevisibility
Onlyaccessmonthsworthofdata
UnderstandingTrueBusinessRisk
Balancingriskwithcosts
Gettinganunderstandingoftheriskofanentityoruser
Meetingchangingcomplianceregulations
![Page 7: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/7.jpg)
7©Cloudera,Inc.Allrightsreserved.
WhySpot?Whynow?
• Bigdatatools• Scalablestorageandcomputer
• Reasonablecost• Commodityhardware
• Advancedthreatdetection•MachineLearning
![Page 8: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/8.jpg)
8©Cloudera,Inc.Allrightsreserved.
TheValueofApacheSpot
Detectadvancedthreatsfasterviamachinelearning
Fastertimetoincidentinvestigationandresponsewith
comprehensiveenterprisevisibility
Changetheeconomicsofcybersecurity withanopen
sourceplatformthatsupportsmultipleLOBworkloads
![Page 9: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/9.jpg)
9©Cloudera,Inc.Allrightsreserved.
Architecturediagram
![Page 10: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/10.jpg)
10©Cloudera,Inc.Allrightsreserved.
![Page 11: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/11.jpg)
11©Cloudera,Inc.Allrightsreserved.
ApacheSpotIngestionPartneringwith:
![Page 12: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/12.jpg)
12©Cloudera,Inc.Allrightsreserved.
ApacheSpotProcessing
Analystqueries(UI)
Analystfull-textsearch(UI)
MachineLearning
![Page 13: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/13.jpg)
13©Cloudera,Inc.Allrightsreserved.
RememberNetflixprize?
![Page 14: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/14.jpg)
14©Cloudera,Inc.Allrightsreserved.
Whatif…
• …wecombinednetflow,DNS,proxydatawith• Usercontext• Org,privileges,etc.
• Endpointcontext•Whatsecurityregulationgovernsthisserver
• Networkcontext• Informationaboutnetworkfromwhoisservers,etc.
• Threatintelligencemodel• SetofknownmaliciousIPs,etc.
![Page 15: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/15.jpg)
15©Cloudera,Inc.Allrightsreserved.
OpenDataModel
• Rawevent1Zg2y780a,10.1.1.3:23444,10.1.1.10:1521,successfulloginassysdba byjsmith,Oracle• UsercontextJohnSmith,jsmith,smithj,csdkkv,[email protected],Jeff Beck,703-555-1212,Recruiter,domainusers,HR• Endpointcontext10.1.1.10,crm.companyA.com,IT,Prod,SOX,PCI,Redhat6.1,OracleCM,[email protected]
![Page 16: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/16.jpg)
16©Cloudera,Inc.Allrightsreserved.
OpenDataModel
• Rawevent1Zg2y780a,10.1.1.3:23444,10.1.1.10:1521,successfulloginassysdba byjsmith,Oracle• UsercontextJohnSmith,jsmith,smithj,csdkkv,[email protected],Jeff Beck,703-555-1212,Recruiter,domainusers,HR• Endpointcontext10.1.1.10,crm.companyA.com,IT,Prod,SOX,PCI,Redhat6.1,OracleCM,[email protected]
JohnSmith,amemberoftheHRrecruitingteamsuccessfullyloggedinasaprivilegedusertoanOracledatabasehousingthecompany’sCRMdata,regulatedbySOX&PCI
![Page 17: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/17.jpg)
17©Cloudera,Inc.Allrightsreserved.
Demo
![Page 18: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/18.jpg)
18©Cloudera,Inc.Allrightsreserved.
OpenSourceCollaboration1. Collaboratewithanalytic,bigdata,andcybersecurity industryleaders2. Shareanalyticswithpeerorganizationsleveragingtheopendatamodel
3. Future-proofyourplatformasopensourcecommunityinnovatesatgreaterspeed
![Page 19: Fighting cybersecurity threats with Apache Spot](https://reader033.fdocuments.net/reader033/viewer/2022052405/58ce954e1a28ab8c3b8b6417/html5/thumbnails/19.jpg)
19©Cloudera,Inc.Allrightsreserved.
Thanksspot.apache.org@mark_grover