SlideShare une entreprise Scribd logo

NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức

Security Bootcamp
Security Bootcamp

This document discusses using big data analytics to improve upon traditional SIEM (Security Information and Event Management) solutions for network security monitoring. It notes that SIEMs have performance limits, cannot handle large varieties of data, and lack real-time correlation and analysis abilities. Big data solutions using the Hadoop ecosystem can overcome these issues through security analytics techniques like classification, correlation, clustering, affinity grouping, aggregation, and statistical analysis applied to large magnitudes of network and system data. This would allow for behavior-based anomaly detection rather than solely signature-based detection and anomaly detection of user network access. The document suggests network security managers can build their own "next-gen" network security monitoring systems using these big data analytics techniques.

Présentations et discours publics
1  sur  17
Télécharger pour lire hors ligne
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS Nguyen Minh Duc Security BootCamp 2014 Oct 2014
Sad but True
Rules, signatures or not ?
Rules, signatures or not ?
Rules, signatures or not ?
• Security Information and Event Management Ok, we’ve already got a SIEM
• Performance Limits Galore • Data Variety Troubles • Real-Time Correlation, Not Data Mining • Analysis? Where Is That? SIEM Challenges Today Source: Gartner
So we need a more powerful tool Big Data
Why Big Data ?
Hadoop ecosystem
Security analytics is the process of performing analysis on magnitudes of data, adding context to the information collected and then deriving answers and actionable knowledge • Classification: Allows events to be grouped into like sets for context. • Correlation: Real-time & historical associations can be recognized, providing context and relational understanding. • Clustering: Data point similarity detection across large collections provides a straightforward, yet confident, way to derive true understanding of many events. • Affinity Grouping: Similar to clustering, but this can take the context of each data point as it pertains to users, systems, attacks and their interactions. Provides excellent context between multiple, seemingly disparate, data points. • Aggregation: Allows a high level view of large amounts of data, distilling often complex sets into simple numerical quantities, e.g. Did this bad event happen often enough in an hour to be of concern? • Statistical Analysis: Provides methods for dealing with uncertainty within the data sets yielding a confidence for comprehension. Security Analytics with Big Data Source: HP
• Behavior-based anomaly detection vs signature-based detection Security Analytics with Big Data
• Anomaly detection of user’s network resource access Security Analytics with Big Data
Build your own “next-gen” NSM?
Build your own “next-gen” NSM?
Thanks Nguyen Minh Duc FPT Technology Innovation Dept minhduc@fpt.com.vn

Recommandé

SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
Security Bootcamp
 
Network Security
Network SecurityNetwork Security
Network Security
United Nations Development Program
 
Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016
Amgad Magdy
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
Femi Ashaye
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security Services
TicTac Data Recovery
 
Managing security risks in today's digital era
Managing security risks in today's digital eraManaging security risks in today's digital era
Managing security risks in today's digital era
Singtel
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 

Recommandé

SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
Security Bootcamp
 
Network Security
Network SecurityNetwork Security
Network Security
United Nations Development Program
 
Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016Healthcare info tech systems cyber threats ABI conference 2016
Healthcare info tech systems cyber threats ABI conference 2016
Amgad Magdy
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
Femi Ashaye
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security Services
TicTac Data Recovery
 
Managing security risks in today's digital era
Managing security risks in today's digital eraManaging security risks in today's digital era
Managing security risks in today's digital era
Singtel
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
Spanning Cloud Apps
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
Securelogy
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
What is Security Orchestration?
What is Security Orchestration?What is Security Orchestration?
What is Security Orchestration?
Siemplify
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Lancope, Inc.
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
Fujitsu Middle East
 
ePlus Next-Generation Firewalls
ePlus Next-Generation FirewallsePlus Next-Generation Firewalls
ePlus Next-Generation Firewalls
ePlus
 
13 Tips for Cloud Security
13 Tips for Cloud Security13 Tips for Cloud Security
13 Tips for Cloud Security
Peak 10
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Data mining in Cyber security
Data mining in Cyber securityData mining in Cyber security
Data mining in Cyber security
PsychoCryGaming
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016
Sarah Bark
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
Anton Chuvakin
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Panda Security
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
Minh Le
 
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuyHướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Security Bootcamp
 
Thu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitageThu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitage
Security Bootcamp
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
Security Bootcamp
 
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nướcĐặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Security Bootcamp
 

Contenu connexe

Tendances

Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
Fujitsu Middle East
 

Tendances (18)

How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
 
What is Security Orchestration?
What is Security Orchestration?What is Security Orchestration?
What is Security Orchestration?
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
ePlus Next-Generation Firewalls
ePlus Next-Generation FirewallsePlus Next-Generation Firewalls
ePlus Next-Generation Firewalls
 
13 Tips for Cloud Security
13 Tips for Cloud Security13 Tips for Cloud Security
13 Tips for Cloud Security
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Data mining in Cyber security
Data mining in Cyber securityData mining in Cyber security
Data mining in Cyber security
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 

En vedette

Thu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitageThu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitage
Security Bootcamp
 
Chu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustChu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trust
Security Bootcamp
 
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hungThu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Security Bootcamp
 
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Security Bootcamp
 
Dataguise & MapR: Action Items for the Financial Industry
Dataguise & MapR: Action Items for the Financial IndustryDataguise & MapR: Action Items for the Financial Industry
Dataguise & MapR: Action Items for the Financial Industry
MapR Technologies
 

En vedette (20)

Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuyHướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
 
Thu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitageThu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitage
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
 
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nướcĐặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
 
Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm
Triển khai Modsecurity vào hệ thống NMS - Quan Minh TâmTriển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm
Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm
 
Chu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustChu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trust
 
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCNXây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
 
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hungThu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
 
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC InfosecTình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
 
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
 
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình ThắngKhai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
 
Phan Phú Thuận - VNCERT
Phan Phú Thuận - VNCERTPhan Phú Thuận - VNCERT
Phan Phú Thuận - VNCERT
 
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàngVõ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
 
Dataguise & MapR: Action Items for the Financial Industry
Dataguise & MapR: Action Items for the Financial IndustryDataguise & MapR: Action Items for the Financial Industry
Dataguise & MapR: Action Items for the Financial Industry
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Anomaly detection in deep learning (Updated) English
Anomaly detection in deep learning (Updated) EnglishAnomaly detection in deep learning (Updated) English
Anomaly detection in deep learning (Updated) English
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 

Similaire à NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức

FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the Cloud
Amazon Web Services
 
HITRUST CSF in the Cloud
HITRUST CSF in the CloudHITRUST CSF in the Cloud
HITRUST CSF in the Cloud
OnRamp
 

Similaire à NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức (20)

Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics
 
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
 
Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data” Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data”
 
FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the Cloud
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Data mining
Data miningData mining
Data mining
 
RSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference ArchitectureRSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference Architecture
 
Generating actionable consumer insights from analytics
Generating actionable consumer insights from analyticsGenerating actionable consumer insights from analytics
Generating actionable consumer insights from analytics
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
 
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for CybersecurityEmpower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
 
HITRUST CSF in the Cloud
HITRUST CSF in the CloudHITRUST CSF in the Cloud
HITRUST CSF in the Cloud
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
 

Plus de Security Bootcamp

GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
Security Bootcamp
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
Security Bootcamp
 

Plus de Security Bootcamp (20)

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - public
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Build SOC
Build SOC Build SOC
Build SOC
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
 
Securitybox
SecurityboxSecuritybox
Securitybox
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
 
Api security-present
Api security-presentApi security-present
Api security-present
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
 

Dernier

Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Delhi Call girls
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
 

Dernier (18)

Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
 

NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức

  • 1. NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS Nguyen Minh Duc Security BootCamp 2014 Oct 2014
  • 2.
  • 7. • Security Information and Event Management Ok, we’ve already got a SIEM
  • 8. • Performance Limits Galore • Data Variety Troubles • Real-Time Correlation, Not Data Mining • Analysis? Where Is That? SIEM Challenges Today Source: Gartner
  • 9. So we need a more powerful tool Big Data
  • 12. Security analytics is the process of performing analysis on magnitudes of data, adding context to the information collected and then deriving answers and actionable knowledge • Classification: Allows events to be grouped into like sets for context. • Correlation: Real-time & historical associations can be recognized, providing context and relational understanding. • Clustering: Data point similarity detection across large collections provides a straightforward, yet confident, way to derive true understanding of many events. • Affinity Grouping: Similar to clustering, but this can take the context of each data point as it pertains to users, systems, attacks and their interactions. Provides excellent context between multiple, seemingly disparate, data points. • Aggregation: Allows a high level view of large amounts of data, distilling often complex sets into simple numerical quantities, e.g. Did this bad event happen often enough in an hour to be of concern? • Statistical Analysis: Provides methods for dealing with uncertainty within the data sets yielding a confidence for comprehension. Security Analytics with Big Data Source: HP
  • 13. • Behavior-based anomaly detection vs signature-based detection Security Analytics with Big Data
  • 14. • Anomaly detection of user’s network resource access Security Analytics with Big Data
  • 15. Build your own “next-gen” NSM?
  • 16. Build your own “next-gen” NSM?
  • 17. Thanks Nguyen Minh Duc FPT Technology Innovation Dept minhduc@fpt.com.vn