SlideShare une entreprise Scribd logo

Detection of Anomalous Behavior

Télécharger en tant que PPTX, PDF
Capgemini
Capgemini

To take action before IT security attacks become critical, organizations need the analytics capabilities necessary to identify anomalous and suspicious behavior quickly.Our Anomalous Behavior Detection Solution addresses security issues that conventional methods can’t. It can help to detect and prevent theft of data or intellectual property (IP), for instance at the behest of nation states, organized crime, or by a disenchanted employee. It can quickly identify when a user is behaving in a way that is abnormal for them and take appropriate action to limit what they can do, or flag up the situation for managerial attention. It can also predict when anomalous behavior is likely to occur, flagging events of interest for further investigation for potential security breach.

Technologie
1  sur  15
Detecting Anomalous Behavior with the Business Data Lake Paul Gittins & Steve Jones
2 BIM The new threat vectors are highly targeted Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Bad “Actors”  Organized criminals  Foreign States  Hactivists Utilities: Disrupt as a strategic asset Financial Services: Operational code, user accounts, fraud Gain access to critical Intellectual Property Traditional Security approaches wouldn’t catch Edward Snowden and can’t adapt quickly enough to new cyber-crime attacks.
3 The attack surface of the business has significantly increased BIM Three drivers have increased the attack surface: Data volumes, variety and velocity are increasing Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Clouds add complexity Blurred boundaries: Increased need to share data/information across the business and with 3rd parties
4 BIM A new approach is needed to counter the threats Detect Anomalous Behavior React Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Increased Threats Traditional tools don’t protect against “bad actors” who target IP, financial Information and strategic access. Our approach creates insight into anomalous behavior and threats within the business and surrounding ecosystem. Allows you to take appropriate action based on potential impact of threat to reduce risk.
5 BIM SIEM and GRC could not prevent Mr. Snowden  Right identity & access controls Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Social engineering has been a primary attack vector for large threats  Significant IP breaches are often socially engineered  Current tooling is important but insufficient: • Governance, risk and compliance (GRC) defines a set of “allowed behavior” • Identity and access management tooling provide the system level access controls based on policy • SIEM collates but does not provide insight or analytics in the right ways to identify these threats. User accessing critical systems within role GRC Edward Snowden:  In role  Logs collated his activity  Yet the assets were accessed  The NSA could not spot the anomalous behavior. SIEM
6 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. We need a different approach Anomalous Behavior  Traditional approaches need to be complemented – SIEM, GRC are still needed  GRC says what is approved – the tasks you can do, the gates you can go through. Abnormal Behavior Detection says whether you should have.  Extend using Anomalous Behavior Detection:  This approach: 1. Learns what is normal [the difference between approved and allowed] 2. Identifies what is anomalous and categorizes the risk 3. Alerts so you can react before it becomes a problem. New Outcomes are Possible  It is an extension of current security approaches that enables a reduction in GRC and can identify threats that GRC cannot • It shows where “allowed” is not “normal” and the scope of the deviation from the norm. • Detect social engineering attacks as well as network level detections • Minimize the exposure time and loss • Potentially predict the leakage areas ahead of the attack • This can be applied to both GRC areas (Snowden) and non-GRC areas (networks, non-controlled information) to build up a broader pattern of behavior.
7 Detection of Anomalous Behavior – from Insight to Action BIM Inform management Adjust policies Lockdown Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Structured data Machine learning defines “normal” across user base SIEM AD HR Unstructured data Images Social Email Video Automated response based on level of deviation and system criticality Deviation from norm triggers action Users accessing key systems within role as defined by GRC
8 BIM How we generate insight into anomalies to enable action By taking a Data Science approach: Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Tools: • Use of the opensource MADlib library to provide in-database functions • Leading edge tools to implement machine learning collaboratively  Methods: • Parallelized a wide variety of machine learning algorithms for optimum performance on the Business Data Lake • Agile, test-driven, customer focused  Process: • Analytical workflow aligned with business needs and optimized for speed • Supports iterative and collaborative working. Business Data Lake Sources Ingestion Action tier tier Insights tier Unified operations tier System monitoring System management Unified data management tier Data mgmt. services MDM RDM Audit and policy mgmt. Workflow management Processing tier In-memory MPP database Distillation tier HDFS storage Unstructured and structured data Real time Micro batch Mega batch SQL NoSQL SQL SQL MapReduce Query interfaces Real-time ingestion Micro batch ingestion Batch ingestion Real-time insights Interactive insights Batch insights IAM SIEM GRC Network Images Social Email SIEM AD Video HR
9 BIM Examples – SIEM, GRC and Detection of Anomalous Behavior Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. 1 Out of policy access In policy but extremely abnormal access 2 3 In policy but abnormal access User tries to access what they shouldn’t GRC says “no”, notifies SIEM SIEM collates, alerts, may reduce privileges via GRC/IAM User accesses single item out of norm but in policy GRC says “yes” AB ‘but that isn’t normal’, alert to SIEM SIEM collates, alerts, may reduce privileges via GRC/IAM User accesses multiple areas out of ordinary but in policy GRC says “yes” AB ‘this is the ONLY person EVER to do this!’ alert to SIEM Shutdown of user access + manager alerts
10 Investigate BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Ingest both Extendable common platform for whole business, not just security network and wider business information at scale. Ingest Store  Store for both near real time and long term analysis.  Create insight into possible anonymous behavior. Analyze Surface  Surface insight to management tools with context.  Take automated action based on risk and potential impact of anomaly. Act automatically  For final action and improve algorithms. GRC, SIEM, Investigator Use Identity and Access management to reduce/remove rights automatically Alert management Real time, batch, based on business need, swap and switch without re-engineering or recoding Ingest as many events as practical for long term analysis Ensure closed loop How do we build this approach?
11 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Typical Use Cases  Visualizing heat maps of issues across an organization by business unit or profile  Profiling systems or devices for indicators of risk, highlighting places where an alert needs to prioritized over others because of its likelihood of affecting the business  Spotting a compromised host when a particular IP address or user exhibits multiple suspicious characteristics over a week-long period  Providing investigative context after an alert gets triggered to determine the cause or impact of an issue, e.g. if the user downloaded an executable prior to the alert, or the IP accessed a critical asset after triggering the alert  Detecting lateral movement based on active data by using graph analytics to profile user behavior and peers’ behaviors.
12 BIM Sources Action tier SQL Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Business Data Lake Architecture Ingestion tier Insights tier Unified operations tier System monitoring System management Unified data management tier Data mgmt. services MDM RDM Audit and policy mgmt. Workflow management Processing tier In-memory MPP database Distillation tier HDFS storage Unstructured and structured data Real time Micro batch Mega batch SQL NoSQL SQL MapReduce Query interfaces Real-time ingestion Micro batch ingestion Batch ingestion Real-time insights Interactive insights Batch insights IAM SIEM GRC Network Images Social Email SIEM AD Video HR
13 BIM Provide platform for future defense capability Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Advanced Machine Learning Advanced Automation Anticipate Attacks Enhance through federated sharing of threats Automated quarantine of resources
14 BIM Machine Learning Algorithms  ARIMA  Principal Component Analysis  Topic Modeling (Parallel LDA)  Decision Trees  Ensemble Learners (Random  Support Vector Machines  Conditional Random Field (CRF)  Clustering (K-means)  Cross Validation. Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. MADlib in-database functions Predictive Modeling Library Generalized Linear Models  Linear Regression  Logistic Regression  Multinomial Logistic Regression  Cox Proportional Hazards  Regression  Elastic Net Regularization  Sandwich Estimators (Huber white, clustered, marginal effects). Matrix Factorization  Singular Value Decomposition (SVD). (PCA)  Association Rules (Affinity Analysis, Market Basket) Forests) Linear Systems  Sparse and Dense Solvers. Descriptive Statistics  Sketch-based Estimators • CountMin (Cormode- Muthukrishnan) • FM (Flajolet-Martin) • MFV (Most Frequent Values)  Correlation  Summary. Support Modules  Array Operations  Sparse Vectors  Random Sampling  Probability Functions.
www.capgemini.com/bdl www.pivotal.io/big-data/businessdatalake The information contained in this presentation is proprietary. Copyright © 2014 Capgemini. All rights reserved. Rightshore® is a trademark belonging to Capgemini. About Capgemini With almost 140,000 people in over 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2013 global revenues of EUR 10.1 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience™, and draws on Rightshore®, its worldwide delivery model.

Recommandé

Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMostafa Elgamala
 
Machine learning
Machine learningMachine learning
Machine learningRajib Kumar De
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Machine Learning
Machine LearningMachine Learning
Machine LearningKumar P
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Priyanka Aash
 
Decision tree
Decision treeDecision tree
Decision treeR A Akerkar
 
Machine Learning
Machine LearningMachine Learning
Machine LearningDarshan Ambhaikar
 
Insider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBAInsider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBALucas Ko
 

Recommandé

Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMostafa Elgamala
 
Machine learning
Machine learningMachine learning
Machine learningRajib Kumar De
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Machine Learning
Machine LearningMachine Learning
Machine LearningKumar P
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Priyanka Aash
 
Decision tree
Decision treeDecision tree
Decision treeR A Akerkar
 
Machine Learning
Machine LearningMachine Learning
Machine LearningDarshan Ambhaikar
 
Insider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBAInsider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBALucas Ko
 
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine LearningRahul Jain
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Machine learning ppt
Machine learning pptMachine learning ppt
Machine learning pptRajat Sharma
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Introduction Artificial Intelligence a modern approach by Russel and Norvig 1
Introduction Artificial Intelligence a modern approach by Russel and Norvig 1Introduction Artificial Intelligence a modern approach by Russel and Norvig 1
Introduction Artificial Intelligence a modern approach by Russel and Norvig 1Garry D. Lasaga
 
Applications in Machine Learning
Applications in Machine LearningApplications in Machine Learning
Applications in Machine LearningJoel Graff
 
Artificial Intelligence, Machine Learning and Deep Learning
Artificial Intelligence, Machine Learning and Deep LearningArtificial Intelligence, Machine Learning and Deep Learning
Artificial Intelligence, Machine Learning and Deep LearningSujit Pal
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber SecurityRishi Kant
 
Web crawler
Web crawlerWeb crawler
Web crawlerpoonamkenkre
 
Machine learning
Machine learningMachine learning
Machine learningeonx_32
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Machine learning ppt.
Machine learning ppt.Machine learning ppt.
Machine learning ppt.ASHOK KUMAR
 
machine learning
machine learningmachine learning
machine learningsoundaryasarya
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Feed forward ,back propagation,gradient descent
Feed forward ,back propagation,gradient descentFeed forward ,back propagation,gradient descent
Feed forward ,back propagation,gradient descentMuhammad Rasel
 
Handwritten Character Recognition
Handwritten Character RecognitionHandwritten Character Recognition
Handwritten Character RecognitionConstantine Priemski
 
Anomaly detection Workshop slides
Anomaly detection Workshop slidesAnomaly detection Workshop slides
Anomaly detection Workshop slidesQuantUniversity
 
Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)
Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)
Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)Vishal Bamba
 
Ti cs
Ti csTi cs
Ti csYaqueline Milagros
 

Contenu connexe

Tendances

Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine LearningRahul Jain
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Machine learning ppt
Machine learning pptMachine learning ppt
Machine learning pptRajat Sharma
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Introduction Artificial Intelligence a modern approach by Russel and Norvig 1
Introduction Artificial Intelligence a modern approach by Russel and Norvig 1Introduction Artificial Intelligence a modern approach by Russel and Norvig 1
Introduction Artificial Intelligence a modern approach by Russel and Norvig 1Garry D. Lasaga
 
Applications in Machine Learning
Applications in Machine LearningApplications in Machine Learning
Applications in Machine LearningJoel Graff
 
Artificial Intelligence, Machine Learning and Deep Learning
Artificial Intelligence, Machine Learning and Deep LearningArtificial Intelligence, Machine Learning and Deep Learning
Artificial Intelligence, Machine Learning and Deep LearningSujit Pal
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber SecurityRishi Kant
 
Machine learning
Machine learningMachine learning
Machine learningeonx_32
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Machine learning ppt.
Machine learning ppt.Machine learning ppt.
Machine learning ppt.ASHOK KUMAR
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Feed forward ,back propagation,gradient descent
Feed forward ,back propagation,gradient descentFeed forward ,back propagation,gradient descent
Feed forward ,back propagation,gradient descentMuhammad Rasel
 
Anomaly detection Workshop slides
Anomaly detection Workshop slidesAnomaly detection Workshop slides
Anomaly detection Workshop slidesQuantUniversity
 

Tendances (20)

Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine Learning
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Machine learning ppt
Machine learning pptMachine learning ppt
Machine learning ppt
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Introduction Artificial Intelligence a modern approach by Russel and Norvig 1
Introduction Artificial Intelligence a modern approach by Russel and Norvig 1Introduction Artificial Intelligence a modern approach by Russel and Norvig 1
Introduction Artificial Intelligence a modern approach by Russel and Norvig 1
 
Applications in Machine Learning
Applications in Machine LearningApplications in Machine Learning
Applications in Machine Learning
 
Artificial Intelligence, Machine Learning and Deep Learning
Artificial Intelligence, Machine Learning and Deep LearningArtificial Intelligence, Machine Learning and Deep Learning
Artificial Intelligence, Machine Learning and Deep Learning
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber Security
 
Web crawler
Web crawlerWeb crawler
Web crawler
 
Machine learning
Machine learningMachine learning
Machine learning
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Machine learning ppt.
Machine learning ppt.Machine learning ppt.
Machine learning ppt.
 
machine learning
machine learningmachine learning
machine learning
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
 
Feed forward ,back propagation,gradient descent
Feed forward ,back propagation,gradient descentFeed forward ,back propagation,gradient descent
Feed forward ,back propagation,gradient descent
 
Handwritten Character Recognition
Handwritten Character RecognitionHandwritten Character Recognition
Handwritten Character Recognition
 
Anomaly detection Workshop slides
Anomaly detection Workshop slidesAnomaly detection Workshop slides
Anomaly detection Workshop slides
 

En vedette

Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)
Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)
Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)Vishal Bamba
 
07) selection of pmc
07) selection of pmc07) selection of pmc
07) selection of pmcspandane
 
04) amenities
04) amenities04) amenities
04) amenitiesspandane
 
TRIALS BY DEADLY FIRE PROPOSAL
TRIALS BY DEADLY FIRE PROPOSALTRIALS BY DEADLY FIRE PROPOSAL
TRIALS BY DEADLY FIRE PROPOSALAmin Dewji
 
84 behaviour therapy for would be bridegroom
84 behaviour therapy for would be bridegroom84 behaviour therapy for would be bridegroom
84 behaviour therapy for would be bridegroomspandane
 
Dumping ground court order pil 217 of 2009
Dumping ground court order pil 217 of 2009Dumping ground court order pil 217 of 2009
Dumping ground court order pil 217 of 2009spandane
 
Vivah bandhan
Vivah bandhanVivah bandhan
Vivah bandhanspandane
 
Short film proposal
Short film proposalShort film proposal
Short film proposalLoren98
 
Human Resource Management System
Human Resource Management SystemHuman Resource Management System
Human Resource Management SystemSahil Jindal
 
Human Resource Management System
Human Resource Management SystemHuman Resource Management System
Human Resource Management SystemAdam Waheed
 
HUMAN MOTION DETECTION AND TRACKING FOR VIDEO SURVEILLANCE
HUMAN MOTION DETECTION AND TRACKING FOR VIDEO SURVEILLANCEHUMAN MOTION DETECTION AND TRACKING FOR VIDEO SURVEILLANCE
HUMAN MOTION DETECTION AND TRACKING FOR VIDEO SURVEILLANCEAswinraj Manickam
 

En vedette (12)

Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)
Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)
Customer Intelligence_ Harnessing Elephants at Transamerica Presentation (1)
 
Ti cs
Ti csTi cs
Ti cs
 
07) selection of pmc
07) selection of pmc07) selection of pmc
07) selection of pmc
 
04) amenities
04) amenities04) amenities
04) amenities
 
TRIALS BY DEADLY FIRE PROPOSAL
TRIALS BY DEADLY FIRE PROPOSALTRIALS BY DEADLY FIRE PROPOSAL
TRIALS BY DEADLY FIRE PROPOSAL
 
84 behaviour therapy for would be bridegroom
84 behaviour therapy for would be bridegroom84 behaviour therapy for would be bridegroom
84 behaviour therapy for would be bridegroom
 
Dumping ground court order pil 217 of 2009
Dumping ground court order pil 217 of 2009Dumping ground court order pil 217 of 2009
Dumping ground court order pil 217 of 2009
 
Vivah bandhan
Vivah bandhanVivah bandhan
Vivah bandhan
 
Short film proposal
Short film proposalShort film proposal
Short film proposal
 
Human Resource Management System
Human Resource Management SystemHuman Resource Management System
Human Resource Management System
 
Human Resource Management System
Human Resource Management SystemHuman Resource Management System
Human Resource Management System
 
HUMAN MOTION DETECTION AND TRACKING FOR VIDEO SURVEILLANCE
HUMAN MOTION DETECTION AND TRACKING FOR VIDEO SURVEILLANCEHUMAN MOTION DETECTION AND TRACKING FOR VIDEO SURVEILLANCE
HUMAN MOTION DETECTION AND TRACKING FOR VIDEO SURVEILLANCE
 

Similaire à Detection of Anomalous Behavior

Customer Insights Prozess
Customer Insights ProzessCustomer Insights Prozess
Customer Insights ProzessCapgemini
 
Big Data - Amplifying Security Intelligence
Big Data - Amplifying Security IntelligenceBig Data - Amplifying Security Intelligence
Big Data - Amplifying Security IntelligenceIBM Danmark
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big riskIBM Sverige
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_referencesMaarten Werff
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
Security and Audit for Big Data
Security and Audit for Big DataSecurity and Audit for Big Data
Security and Audit for Big DataNicolas Morales
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEMThomas Springer
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousPriyanka Aash
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
Real-Time Analytics for Industries
Real-Time Analytics for IndustriesReal-Time Analytics for Industries
Real-Time Analytics for IndustriesAvadhoot Patwardhan
 

Similaire à Detection of Anomalous Behavior (20)

Customer Insights Prozess
Customer Insights ProzessCustomer Insights Prozess
Customer Insights Prozess
 
Big Data - Amplifying Security Intelligence
Big Data - Amplifying Security IntelligenceBig Data - Amplifying Security Intelligence
Big Data - Amplifying Security Intelligence
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 
InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
Security and Audit for Big Data
Security and Audit for Big DataSecurity and Audit for Big Data
Security and Audit for Big Data
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoft
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEM
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
Real-Time Analytics for Industries
Real-Time Analytics for IndustriesReal-Time Analytics for Industries
Real-Time Analytics for Industries
 

Plus de Capgemini

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022Capgemini
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Capgemini
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Capgemini
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022Capgemini
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Capgemini
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022Capgemini
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Capgemini
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですCapgemini
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Capgemini
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Capgemini
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Capgemini
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Capgemini
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021Capgemini
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Capgemini
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Capgemini
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Capgemini
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Capgemini
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Capgemini
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020Capgemini
 

Plus de Capgemini (20)

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020
 

Dernier

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Dernier (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

Detection of Anomalous Behavior

  • 1. Detecting Anomalous Behavior with the Business Data Lake Paul Gittins & Steve Jones
  • 2. 2 BIM The new threat vectors are highly targeted Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Bad “Actors”  Organized criminals  Foreign States  Hactivists Utilities: Disrupt as a strategic asset Financial Services: Operational code, user accounts, fraud Gain access to critical Intellectual Property Traditional Security approaches wouldn’t catch Edward Snowden and can’t adapt quickly enough to new cyber-crime attacks.
  • 3. 3 The attack surface of the business has significantly increased BIM Three drivers have increased the attack surface: Data volumes, variety and velocity are increasing Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Clouds add complexity Blurred boundaries: Increased need to share data/information across the business and with 3rd parties
  • 4. 4 BIM A new approach is needed to counter the threats Detect Anomalous Behavior React Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Increased Threats Traditional tools don’t protect against “bad actors” who target IP, financial Information and strategic access. Our approach creates insight into anomalous behavior and threats within the business and surrounding ecosystem. Allows you to take appropriate action based on potential impact of threat to reduce risk.
  • 5. 5 BIM SIEM and GRC could not prevent Mr. Snowden  Right identity & access controls Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Social engineering has been a primary attack vector for large threats  Significant IP breaches are often socially engineered  Current tooling is important but insufficient: • Governance, risk and compliance (GRC) defines a set of “allowed behavior” • Identity and access management tooling provide the system level access controls based on policy • SIEM collates but does not provide insight or analytics in the right ways to identify these threats. User accessing critical systems within role GRC Edward Snowden:  In role  Logs collated his activity  Yet the assets were accessed  The NSA could not spot the anomalous behavior. SIEM
  • 6. 6 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. We need a different approach Anomalous Behavior  Traditional approaches need to be complemented – SIEM, GRC are still needed  GRC says what is approved – the tasks you can do, the gates you can go through. Abnormal Behavior Detection says whether you should have.  Extend using Anomalous Behavior Detection:  This approach: 1. Learns what is normal [the difference between approved and allowed] 2. Identifies what is anomalous and categorizes the risk 3. Alerts so you can react before it becomes a problem. New Outcomes are Possible  It is an extension of current security approaches that enables a reduction in GRC and can identify threats that GRC cannot • It shows where “allowed” is not “normal” and the scope of the deviation from the norm. • Detect social engineering attacks as well as network level detections • Minimize the exposure time and loss • Potentially predict the leakage areas ahead of the attack • This can be applied to both GRC areas (Snowden) and non-GRC areas (networks, non-controlled information) to build up a broader pattern of behavior.
  • 7. 7 Detection of Anomalous Behavior – from Insight to Action BIM Inform management Adjust policies Lockdown Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Structured data Machine learning defines “normal” across user base SIEM AD HR Unstructured data Images Social Email Video Automated response based on level of deviation and system criticality Deviation from norm triggers action Users accessing key systems within role as defined by GRC
  • 8. 8 BIM How we generate insight into anomalies to enable action By taking a Data Science approach: Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Tools: • Use of the opensource MADlib library to provide in-database functions • Leading edge tools to implement machine learning collaboratively  Methods: • Parallelized a wide variety of machine learning algorithms for optimum performance on the Business Data Lake • Agile, test-driven, customer focused  Process: • Analytical workflow aligned with business needs and optimized for speed • Supports iterative and collaborative working. Business Data Lake Sources Ingestion Action tier tier Insights tier Unified operations tier System monitoring System management Unified data management tier Data mgmt. services MDM RDM Audit and policy mgmt. Workflow management Processing tier In-memory MPP database Distillation tier HDFS storage Unstructured and structured data Real time Micro batch Mega batch SQL NoSQL SQL SQL MapReduce Query interfaces Real-time ingestion Micro batch ingestion Batch ingestion Real-time insights Interactive insights Batch insights IAM SIEM GRC Network Images Social Email SIEM AD Video HR
  • 9. 9 BIM Examples – SIEM, GRC and Detection of Anomalous Behavior Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. 1 Out of policy access In policy but extremely abnormal access 2 3 In policy but abnormal access User tries to access what they shouldn’t GRC says “no”, notifies SIEM SIEM collates, alerts, may reduce privileges via GRC/IAM User accesses single item out of norm but in policy GRC says “yes” AB ‘but that isn’t normal’, alert to SIEM SIEM collates, alerts, may reduce privileges via GRC/IAM User accesses multiple areas out of ordinary but in policy GRC says “yes” AB ‘this is the ONLY person EVER to do this!’ alert to SIEM Shutdown of user access + manager alerts
  • 10. 10 Investigate BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved.  Ingest both Extendable common platform for whole business, not just security network and wider business information at scale. Ingest Store  Store for both near real time and long term analysis.  Create insight into possible anonymous behavior. Analyze Surface  Surface insight to management tools with context.  Take automated action based on risk and potential impact of anomaly. Act automatically  For final action and improve algorithms. GRC, SIEM, Investigator Use Identity and Access management to reduce/remove rights automatically Alert management Real time, batch, based on business need, swap and switch without re-engineering or recoding Ingest as many events as practical for long term analysis Ensure closed loop How do we build this approach?
  • 11. 11 BIM Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Typical Use Cases  Visualizing heat maps of issues across an organization by business unit or profile  Profiling systems or devices for indicators of risk, highlighting places where an alert needs to prioritized over others because of its likelihood of affecting the business  Spotting a compromised host when a particular IP address or user exhibits multiple suspicious characteristics over a week-long period  Providing investigative context after an alert gets triggered to determine the cause or impact of an issue, e.g. if the user downloaded an executable prior to the alert, or the IP accessed a critical asset after triggering the alert  Detecting lateral movement based on active data by using graph analytics to profile user behavior and peers’ behaviors.
  • 12. 12 BIM Sources Action tier SQL Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Business Data Lake Architecture Ingestion tier Insights tier Unified operations tier System monitoring System management Unified data management tier Data mgmt. services MDM RDM Audit and policy mgmt. Workflow management Processing tier In-memory MPP database Distillation tier HDFS storage Unstructured and structured data Real time Micro batch Mega batch SQL NoSQL SQL MapReduce Query interfaces Real-time ingestion Micro batch ingestion Batch ingestion Real-time insights Interactive insights Batch insights IAM SIEM GRC Network Images Social Email SIEM AD Video HR
  • 13. 13 BIM Provide platform for future defense capability Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. Advanced Machine Learning Advanced Automation Anticipate Attacks Enhance through federated sharing of threats Automated quarantine of resources
  • 14. 14 BIM Machine Learning Algorithms  ARIMA  Principal Component Analysis  Topic Modeling (Parallel LDA)  Decision Trees  Ensemble Learners (Random  Support Vector Machines  Conditional Random Field (CRF)  Clustering (K-means)  Cross Validation. Detecting Anomalous Behavior with the Business Data Lake | Steve Jones Copyright © 2014 Capgemini. All rights reserved. MADlib in-database functions Predictive Modeling Library Generalized Linear Models  Linear Regression  Logistic Regression  Multinomial Logistic Regression  Cox Proportional Hazards  Regression  Elastic Net Regularization  Sandwich Estimators (Huber white, clustered, marginal effects). Matrix Factorization  Singular Value Decomposition (SVD). (PCA)  Association Rules (Affinity Analysis, Market Basket) Forests) Linear Systems  Sparse and Dense Solvers. Descriptive Statistics  Sketch-based Estimators • CountMin (Cormode- Muthukrishnan) • FM (Flajolet-Martin) • MFV (Most Frequent Values)  Correlation  Summary. Support Modules  Array Operations  Sparse Vectors  Random Sampling  Probability Functions.
  • 15. www.capgemini.com/bdl www.pivotal.io/big-data/businessdatalake The information contained in this presentation is proprietary. Copyright © 2014 Capgemini. All rights reserved. Rightshore® is a trademark belonging to Capgemini. About Capgemini With almost 140,000 people in over 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2013 global revenues of EUR 10.1 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience™, and draws on Rightshore®, its worldwide delivery model.