SlideShare une entreprise Scribd logo

Visualizing Threats: Network Visualization for Cyber Security

Cambridge Intelligence
Cambridge Intelligence

How Cyberflow Analytics have used KeyLines’ network visualization functionality to develop the next generation of cyber security analytics platform – built for the scope and scale of the Internet of Things.

Technologie
1  sur  35
Télécharger pour lire hors ligne
Visualizing*Threats:* KeyLines*for*Cyber*Security* Corey*Lanum,*Cambridge*Intelligence* Louie*Gasparini,*CyberFlow*AnalyCcs*
Part%1%'%Network%Visualiza3on% •  Why*connected*data?* •  Going*beyond*network*charts* •  Protect,*detect,*invesCgate* •  VisualizaCon*and*analysis*techniques* ** Agenda* Part%2%–%CyberFlow%Analy3cs% •  Using*KeyLines*to*build*a*GUI* •  Cyber*security*and*the*IoT* •  Network*visualizaCon*for*beLer** cyber*security*
IntroducCon*to*KeyLines* KeyLines*is*a*powerful*SDK*for*building*network** visualizaCon*web*applicaCons:* •  Rapid*development* •  Full*customizaCon* •  Unrivalled*compaCbility* •  Simple*deployment* •  Easy*maintenance* •  Powerful*funcConality*
A*wide*variety*of*use*cases* Intelligence*/*security* Law*enforcement* Business*Intelligence*AnCRfraud* Sales*/*MarkeCng*/*CRM* IT*management* Cyber*security* Compliance* +*others* •  Compliance* •  AML*/*KYC* •  PharmaceuCcals* •  Data*discovery* •  Process*management,*etc…*
Data*at*the*heart*of*Cyber*Security* Keeping*bad*actors*out*of* networks* * Finding*bad*actors*already*in* your*network* * PostRaLack*forensics*to*close* the*loopholes* * Data%is%your%best%weapon% % Cyber&Security&Opera/ons&Center&
Why*network*visualizaCon?* Understanding%connected%data% * * * * * % % * * * * * •  What*depends*on*what?* •  What*is*normal*network*behavior?* •  Where*are*the*vulnerabiliCes?* % Network%visualiza3on%is%the%most%intui3ve%way%to%answer%these%ques3ons.%
Protect*
Detect*
InvesCgate*
InvesCgate*
Techniques:*Dynamic*networks*
Techniques:*Mapping*
Security & The Industrial Internet of Things ! Network Security ! Smart Buildings ! Smart Factories ! Smart Cities ! Policy Violations! Continuous Threat Monitoring ! Segmentation ! Operational ! Security (OpSec)! Advanced ! Security Threats! Limit the Attack Surface! Network segmentation & containment! Machine learn normal behavior of ! client, server & protocol traffic. ! Identify ANY new behavior! Identify ANY change in existing ! behavior ! Maintain Security Hygiene! Identify, reprimand poor security hygiene! Fix misconfigured devices, identify ! Employee ‘jump drive, chrome sticks ! Unknown wi-fi edge devices, Employee ! network scans, Peer-to-Peer Apps (TOR) & other protocol misuse! Operational Anomalies! Identify and alert on operational anomalies ! in network traffic, direction, size, timing etc. ! Recognize unusual server communications patterns, SNMP event storms, new activities or unusual SCADA traffic! Advanced Threats! Identify, alert and build case management ! tools on advanced security threats, ! including port scanning, protocol tunneling or suspicious protocols, new connections to SCADA sensors, data exfiltration!
High Velocity Data -> Streaming Analytics ! •  Real-time, unstructured, data-in-motion! •  Operational information flow ! •  Complexity: volume, performance, timing! Big Data Pools -> Traditional Analytics ! •  Batch processing, structured, data-at-rest! •  Historical transactions and events! •  Complexity: size of data pools! Streaming Real-Time Analytics! Analytics Positioning ! Traditional Big Data Analytics ! What happened?! Why did it happen?! What might happen? ! How can we make it happen?! ! by looking at old, historic data! ! Descriptive, Diagnostic, ! Predictive, Prescriptive ! Analytics ! ! ! CyberFlow Streaming Analytics ! What’s happening?! Why is it happening?! How is it happening?! Where is it happening? ! Who’s making it happen?! !
‘Anomalytics’ ! Solution outline Continuous Data Monitoring! & Machine Learning via network tap or span port! Apply multiple ‘stereoscopic’! machine learning algorithms and policy framework in real time ! Provides Continuous, Contextual Awareness & Anomaly Detection across all connected IP Devices! Monitor ! Machine Learn ! ‘Anomalytics’ ! Solution: Continuous machine learning analytics that provides real-time infrastructure anomaly detection and contextual awareness of all IP connected devices, thus providing for better business intelligence, operational intelligence and active situational awareness. !
•  Firewalls •  SIEM •  Anti-Virus Target Maintains it was PCI-DSS Compliant at the time of the breach. Fazio Mechanical Our system and security measures are in Full Compliance with HVAC industry practices. How could this occur? •  IPS •  Industry Compliance •  PCI-DSS Compliance Targeted!
•  Abnormal communications with a partner VPN •  Internal Pivoting and Data Movement •  Access to POS Terminals •  Linking events together •  Data Transfer from POS terminals to a central staging server •  FTP from DMZ server to Internet server controlled by Rescator What was missed? Targeted!
FlowScape! Internal Threat Detection
Internet! WAN! Unified Network ! Security Policy! Console! ! LAN! Network Edge! Wireless! LAN! Network Core! Data! Center! Remote! Offices and! Branches! Virtual Machines! Lateral Movement!
Wireless! LAN! Network Core! ! LAN! Network Edge!
Network Sensor • Smart Packet Inspection • Device on Demand Deep Packet Inspection • 10 Gigabit Ethernet Connection • Tap or Span Port - Passive Connection • Appliance or VM Image !!Net!Sensor! WAN! ! LAN! Network Edge! Wireless! LAN! Network Core! Network Sensor! !!Net!Sensor! !!Net!Sensor! !!Net!Sensor!
Clusters of activity form an APT case!Automatically Group Events into a Case!
M111!M10!M4!M3!M2! Flowscape: Anomalytic Processes, Engines & Models M6!M5! M8!M7!M1! M9! M..! Multi-Behavioral, Real-Time, Contextual Analytical Algorithm Models ! Device ! Packets! Device ! Payloads! Session in ! Progress! IP X ! IP Pairs! Server! by Port! Port! Activity! IP X! Port! IP X IP! X Port! Client ! Port! Server ! IP X Port! Protocol ! Anomalies! Other …! Anomaly Fusion & Machine Learning Engine! Threat Assessment Visualization ! ! Policy Frameworks ! ‘Anomalytics’ ! Continuous CyberFlow Machine Learning! ‘Anomalytics’ ! TM! Confidential - Not for distribution!
Finding unknown threats & reducing false positives Analytical Engines ! Behavioral Models! Self Organizing Maps ! Binocular Fusion ! StereoscopicFusion! Tuning & Policy Engine ! “Anomalytics” - event/case manager ! ContinuousReal-TimeAnalyticsusingbehavioralselforganizingmaps! Payload ! Server by Port! IP X IP X Port! Protocol Anomalies! Client Port! Automation of Clustering ! Breach Behaviors! ! Confidential - Not for distribution!
Cyberflow Analytics: Patent Pending Research ! Binocular Fusion ‘SOM’ Modeling for Anomaly Detection! Reduction of n-space anomalies detection !Clustering analytics using “Self Organizing Maps”! Cluster Machine Learning using ‘SOM’ !
Customer Case Study! Network Topology! Data Center •  FlowScape was installed in data center at the Environmental Services Department, where most domains pass through to go external! •  SPAN ports were configured to collect raw packets from Cisco switches! •  FlowScape providers Real Time analytics and dashboards! Infrastructure •  1200+ network devices! •  12,000+ workstations! •  1000+ servers ! •  500+ printers! ! Customer Benefits! •  Customer spends $600/infected device @100/month = $720K/year! •  FlowScape reduces detection and recovery by 50% saving the customer an estimated $360K/year!
Machine Learning Day 1! Events! Steady State! Painting the network topology ! ! Machine learning all traffic! “everything is new” ! ! Fireworks! ! Machine Learn! Command & Control Events! Good vs Bad events ! (Security Scan vs DDoS)! ‘Anomalytics’! ! Real-time continuous! Anomaly detection !
Clusters of activity form an APT case!Smart City Case Study! FlowScape is deployed in large Custiomer Network Deployment - 1200+ network devices, 12,000+ workstations, 1000+ servers, 500+ printers…! Custom IoT Server Apps ! Backup Servers! SNMP agents! DNS Servers! NetBIOS traffic !
Clusters of activity form an APT case!Smart City Case Study! Detection of BitTorrent and other anomalies – non-standard high risk communication that is not normally found on the network – BYOD VPN connection! 19 19!Confidential - Not for distribution!
Clusters of activity form an APT case!Smart City Case Study! Cyber Security Breach: Sality Botnet Command & Control Attack! 20 http://www.pcworld.com/article/2139460/sality-malware-growing-old-takes-on-a-new-trick.html 1. attacker scan's internet to find specific (home) router models 2. attempt login using default credentials 3. If successful, change router's DNS server to attacker controlled DNS 4. Route user to compromised servers 5. Once user downloads malware cover tracks by changing router's DNS to 8.8.8.8 (google DNS) 20!
Clusters of activity form an APT case!Smart City Case Study! Cyber Security Breach Activity, Malware/MetaSploit from Croatia! Confidential - Not for distribution!
Clusters of activity form an APT case!Smart City Case Study! FlowScape Detection of Cyber Breach activity that their current Security tools did not catch: •  They weren't able to catch/aggregate bittorrent users w/ Palo Alto.! •  They weren't able to catch the Onion Tor traffic with current security tools! •  They missed the Sality Botnet which was a BYOD remote device coming in through VPN! •  Palo Alto did not detect compromised device and they were informed of the breach by an outside agency (e.g. FBI)! •  Palo Alto missed port 137 to India !
Any*QuesCons?* @Cambridgeintel* CambridgeRIntelligence.com* corey@cambridgeRintelligence.com* louie@cyberflowanalyCcs.com* *

Recommandé

AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
 
Building powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLinesBuilding powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLinesCambridge Intelligence
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0Raffael Marty
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware lyLisa Young
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
 

Recommandé

AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
 
Building powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLinesBuilding powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLinesCambridge Intelligence
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0Raffael Marty
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware lyLisa Young
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AIDexterJanPineda
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damentalSatria Ady Pradana
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
 
Supercharged graph visualization for cyber security
Supercharged graph visualization for cyber securitySupercharged graph visualization for cyber security
Supercharged graph visualization for cyber securityCambridge Intelligence
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Visualizing NoSQL databases as networks
Visualizing NoSQL databases as networksVisualizing NoSQL databases as networks
Visualizing NoSQL databases as networksCambridge Intelligence
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNorth Texas Chapter of the ISSA
 
Visualizing the neo4j graph database with key lines
Visualizing the neo4j graph database with key linesVisualizing the neo4j graph database with key lines
Visualizing the neo4j graph database with key linesCambridge Intelligence
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...Forcepoint LLC
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 

Contenu connexe

Tendances

How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
 
Supercharged graph visualization for cyber security
Supercharged graph visualization for cyber securitySupercharged graph visualization for cyber security
Supercharged graph visualization for cyber securityCambridge Intelligence
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Visualizing NoSQL databases as networks
Visualizing NoSQL databases as networksVisualizing NoSQL databases as networks
Visualizing NoSQL databases as networksCambridge Intelligence
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Visualizing the neo4j graph database with key lines
Visualizing the neo4j graph database with key linesVisualizing the neo4j graph database with key lines
Visualizing the neo4j graph database with key linesCambridge Intelligence
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...Forcepoint LLC
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 

Tendances (20)

Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber Security
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
 
Supercharged graph visualization for cyber security
Supercharged graph visualization for cyber securitySupercharged graph visualization for cyber security
Supercharged graph visualization for cyber security
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
Visualizing NoSQL databases as networks
Visualizing NoSQL databases as networksVisualizing NoSQL databases as networks
Visualizing NoSQL databases as networks
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
 
Visualizing the neo4j graph database with key lines
Visualizing the neo4j graph database with key linesVisualizing the neo4j graph database with key lines
Visualizing the neo4j graph database with key lines
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 

Similaire à Visualizing Threats: Network Visualization for Cyber Security

Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsdrewz lin
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modelingShantanu Mitra
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksHarry Gunns
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...ProductNation/iSPIRT
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectivePragati Rai
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 

Similaire à Visualizing Threats: Network Visualization for Cyber Security (20)

Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
Cloud security
Cloud securityCloud security
Cloud security
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 

Plus de Cambridge Intelligence

Bringing Networks to Life Using Visualization for User Engagement
Bringing Networks to Life Using Visualization for User EngagementBringing Networks to Life Using Visualization for User Engagement
Bringing Networks to Life Using Visualization for User EngagementCambridge Intelligence
 
Seeing Graphs - How to successfully visualize connected data
Seeing Graphs - How to successfully visualize connected dataSeeing Graphs - How to successfully visualize connected data
Seeing Graphs - How to successfully visualize connected dataCambridge Intelligence
 
Designing graph visualizations - unpicking the hairball
Designing graph visualizations - unpicking the hairballDesigning graph visualizations - unpicking the hairball
Designing graph visualizations - unpicking the hairballCambridge Intelligence
 

Plus de Cambridge Intelligence (7)

Dynamic networks
Dynamic networksDynamic networks
Dynamic networks
 
Bringing Networks to Life Using Visualization for User Engagement
Bringing Networks to Life Using Visualization for User EngagementBringing Networks to Life Using Visualization for User Engagement
Bringing Networks to Life Using Visualization for User Engagement
 
Making the switch to angular js
Making the switch to angular jsMaking the switch to angular js
Making the switch to angular js
 
Big Data & Graphs in Rome
Big Data & Graphs in RomeBig Data & Graphs in Rome
Big Data & Graphs in Rome
 
Seeing Graphs - How to successfully visualize connected data
Seeing Graphs - How to successfully visualize connected dataSeeing Graphs - How to successfully visualize connected data
Seeing Graphs - How to successfully visualize connected data
 
Using KeyLines to Visualize Fraud
Using KeyLines to Visualize FraudUsing KeyLines to Visualize Fraud
Using KeyLines to Visualize Fraud
 
Designing graph visualizations - unpicking the hairball
Designing graph visualizations - unpicking the hairballDesigning graph visualizations - unpicking the hairball
Designing graph visualizations - unpicking the hairball
 

Dernier

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Dernier (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Visualizing Threats: Network Visualization for Cyber Security

  • 2. Part%1%'%Network%Visualiza3on% •  Why*connected*data?* •  Going*beyond*network*charts* •  Protect,*detect,*invesCgate* •  VisualizaCon*and*analysis*techniques* ** Agenda* Part%2%–%CyberFlow%Analy3cs% •  Using*KeyLines*to*build*a*GUI* •  Cyber*security*and*the*IoT* •  Network*visualizaCon*for*beLer** cyber*security*
  • 6. Why*network*visualizaCon?* Understanding%connected%data% * * * * * % % * * * * * •  What*depends*on*what?* •  What*is*normal*network*behavior?* •  Where*are*the*vulnerabiliCes?* % Network%visualiza3on%is%the%most%intui3ve%way%to%answer%these%ques3ons.%
  • 13.
  • 14. Security & The Industrial Internet of Things ! Network Security ! Smart Buildings ! Smart Factories ! Smart Cities ! Policy Violations! Continuous Threat Monitoring ! Segmentation ! Operational ! Security (OpSec)! Advanced ! Security Threats! Limit the Attack Surface! Network segmentation & containment! Machine learn normal behavior of ! client, server & protocol traffic. ! Identify ANY new behavior! Identify ANY change in existing ! behavior ! Maintain Security Hygiene! Identify, reprimand poor security hygiene! Fix misconfigured devices, identify ! Employee ‘jump drive, chrome sticks ! Unknown wi-fi edge devices, Employee ! network scans, Peer-to-Peer Apps (TOR) & other protocol misuse! Operational Anomalies! Identify and alert on operational anomalies ! in network traffic, direction, size, timing etc. ! Recognize unusual server communications patterns, SNMP event storms, new activities or unusual SCADA traffic! Advanced Threats! Identify, alert and build case management ! tools on advanced security threats, ! including port scanning, protocol tunneling or suspicious protocols, new connections to SCADA sensors, data exfiltration!
  • 15. High Velocity Data -> Streaming Analytics ! •  Real-time, unstructured, data-in-motion! •  Operational information flow ! •  Complexity: volume, performance, timing! Big Data Pools -> Traditional Analytics ! •  Batch processing, structured, data-at-rest! •  Historical transactions and events! •  Complexity: size of data pools! Streaming Real-Time Analytics! Analytics Positioning ! Traditional Big Data Analytics ! What happened?! Why did it happen?! What might happen? ! How can we make it happen?! ! by looking at old, historic data! ! Descriptive, Diagnostic, ! Predictive, Prescriptive ! Analytics ! ! ! CyberFlow Streaming Analytics ! What’s happening?! Why is it happening?! How is it happening?! Where is it happening? ! Who’s making it happen?! !
  • 16. ‘Anomalytics’ ! Solution outline Continuous Data Monitoring! & Machine Learning via network tap or span port! Apply multiple ‘stereoscopic’! machine learning algorithms and policy framework in real time ! Provides Continuous, Contextual Awareness & Anomaly Detection across all connected IP Devices! Monitor ! Machine Learn ! ‘Anomalytics’ ! Solution: Continuous machine learning analytics that provides real-time infrastructure anomaly detection and contextual awareness of all IP connected devices, thus providing for better business intelligence, operational intelligence and active situational awareness. !
  • 17. •  Firewalls •  SIEM •  Anti-Virus Target Maintains it was PCI-DSS Compliant at the time of the breach. Fazio Mechanical Our system and security measures are in Full Compliance with HVAC industry practices. How could this occur? •  IPS •  Industry Compliance •  PCI-DSS Compliance Targeted!
  • 18. •  Abnormal communications with a partner VPN •  Internal Pivoting and Data Movement •  Access to POS Terminals •  Linking events together •  Data Transfer from POS terminals to a central staging server •  FTP from DMZ server to Internet server controlled by Rescator What was missed? Targeted!
  • 20. Internet! WAN! Unified Network ! Security Policy! Console! ! LAN! Network Edge! Wireless! LAN! Network Core! Data! Center! Remote! Offices and! Branches! Virtual Machines! Lateral Movement!
  • 22. Network Sensor • Smart Packet Inspection • Device on Demand Deep Packet Inspection • 10 Gigabit Ethernet Connection • Tap or Span Port - Passive Connection • Appliance or VM Image !!Net!Sensor! WAN! ! LAN! Network Edge! Wireless! LAN! Network Core! Network Sensor! !!Net!Sensor! !!Net!Sensor! !!Net!Sensor!
  • 23. Clusters of activity form an APT case!Automatically Group Events into a Case!
  • 24. M111!M10!M4!M3!M2! Flowscape: Anomalytic Processes, Engines & Models M6!M5! M8!M7!M1! M9! M..! Multi-Behavioral, Real-Time, Contextual Analytical Algorithm Models ! Device ! Packets! Device ! Payloads! Session in ! Progress! IP X ! IP Pairs! Server! by Port! Port! Activity! IP X! Port! IP X IP! X Port! Client ! Port! Server ! IP X Port! Protocol ! Anomalies! Other …! Anomaly Fusion & Machine Learning Engine! Threat Assessment Visualization ! ! Policy Frameworks ! ‘Anomalytics’ ! Continuous CyberFlow Machine Learning! ‘Anomalytics’ ! TM! Confidential - Not for distribution!
  • 25. Finding unknown threats & reducing false positives Analytical Engines ! Behavioral Models! Self Organizing Maps ! Binocular Fusion ! StereoscopicFusion! Tuning & Policy Engine ! “Anomalytics” - event/case manager ! ContinuousReal-TimeAnalyticsusingbehavioralselforganizingmaps! Payload ! Server by Port! IP X IP X Port! Protocol Anomalies! Client Port! Automation of Clustering ! Breach Behaviors! ! Confidential - Not for distribution!
  • 26. Cyberflow Analytics: Patent Pending Research ! Binocular Fusion ‘SOM’ Modeling for Anomaly Detection! Reduction of n-space anomalies detection !Clustering analytics using “Self Organizing Maps”! Cluster Machine Learning using ‘SOM’ !
  • 27. Customer Case Study! Network Topology! Data Center •  FlowScape was installed in data center at the Environmental Services Department, where most domains pass through to go external! •  SPAN ports were configured to collect raw packets from Cisco switches! •  FlowScape providers Real Time analytics and dashboards! Infrastructure •  1200+ network devices! •  12,000+ workstations! •  1000+ servers ! •  500+ printers! ! Customer Benefits! •  Customer spends $600/infected device @100/month = $720K/year! •  FlowScape reduces detection and recovery by 50% saving the customer an estimated $360K/year!
  • 28. Machine Learning Day 1! Events! Steady State! Painting the network topology ! ! Machine learning all traffic! “everything is new” ! ! Fireworks! ! Machine Learn! Command & Control Events! Good vs Bad events ! (Security Scan vs DDoS)! ‘Anomalytics’! ! Real-time continuous! Anomaly detection !
  • 29. Clusters of activity form an APT case!Smart City Case Study! FlowScape is deployed in large Custiomer Network Deployment - 1200+ network devices, 12,000+ workstations, 1000+ servers, 500+ printers…! Custom IoT Server Apps ! Backup Servers! SNMP agents! DNS Servers! NetBIOS traffic !
  • 30. Clusters of activity form an APT case!Smart City Case Study! Detection of BitTorrent and other anomalies – non-standard high risk communication that is not normally found on the network – BYOD VPN connection! 19 19!Confidential - Not for distribution!
  • 31. Clusters of activity form an APT case!Smart City Case Study! Cyber Security Breach: Sality Botnet Command & Control Attack! 20 http://www.pcworld.com/article/2139460/sality-malware-growing-old-takes-on-a-new-trick.html 1. attacker scan's internet to find specific (home) router models 2. attempt login using default credentials 3. If successful, change router's DNS server to attacker controlled DNS 4. Route user to compromised servers 5. Once user downloads malware cover tracks by changing router's DNS to 8.8.8.8 (google DNS) 20!
  • 32. Clusters of activity form an APT case!Smart City Case Study! Cyber Security Breach Activity, Malware/MetaSploit from Croatia! Confidential - Not for distribution!
  • 33.
  • 34. Clusters of activity form an APT case!Smart City Case Study! FlowScape Detection of Cyber Breach activity that their current Security tools did not catch: •  They weren't able to catch/aggregate bittorrent users w/ Palo Alto.! •  They weren't able to catch the Onion Tor traffic with current security tools! •  They missed the Sality Botnet which was a BYOD remote device coming in through VPN! •  Palo Alto did not detect compromised device and they were informed of the breach by an outside agency (e.g. FBI)! •  Palo Alto missed port 137 to India !