BigData and (in)security Considerations

(1)

BigData and

(2)

2

Most Organizations are

reengineering

the way they do business.

Powerful Mobile

Computing

Devices

Fast, Widespread

Wireless/Wireline IP

Networks

Cloud

Computing

Amazing Applications

That Change Our World

(3)

Government/Education Interactions

Finance Communities Compliance Communities Demand Communities Compliance Payment & Settlement Fulfillment Revenue Logistics Service Providers Brokers Carriers Suppliers/ Distributors Banks & Credit Escrow/ Endowments Agents Student Finance Regulatory Authorities Government Authorities Industry Standards Organizations Retailers Consumers Parents/ Students Constituents Education Distributors, Vendors Partners IT/Software IT Standards Community Financial Investment Management Industry/Education/ Government Organizations Your Organization Marketing Legal

Security

Logistics & Facilities Communities

(4)

4

Computing Power

On Demand

Application Platform

On Demand

Utility

Computing

Managed Hosting

Replication & Storage

Collocation

Smartphone &

Laptop Back‐up

Virtual Cloud

Global Geographic

Diversity

Domestic Geographic

Diversity

Cloud & Hosting Services

Security

Private

Cloud

Technology Diversity

(5)

5 Application Hosting & Pro Services Application Hosting & Pro Services Application Hosting & Pro Services Application Management Application Management Content Acceleration Content Delivery Network Digital Signage Video Management WebSphere Hosting & Services

Application Services

eCommerce Application Hosting & Pro Services

Security

Business Application Mobilization Middleware Software as a Service Enablement Application Hosting & Pro Services

Security

(6)

6 Internet Access Local & Long Distance Telepresence Domestic MPLS Wireless WAN Remote Access Web & Audio Conferencing Web & Email Security Firewall, Bandwidth, & Mobile Security as a Service Network Sourcing Unified Communications

Network Services

Integrated Voice & Data Legacy Data Networking Global MPLS

Security

(7)

7 Global Mobile Compatibility

Mobility Services

Business Applications Simultaneous Voice & Data SmartPhones Tablets Laptops & Netbooks Mobile Commerce Mobile Device Management Fixed Mobile Convergence Mobile Productivity Solutions Machine‐to‐Machine Legacy Cell Phones _{Global Wi‐Fi} Access Mobile Resource Management Mobile Messaging

$

Security

Mobility Explosion

(8)

Connect To Your World Putting all of the Pieces Together Data Warehouse Custom Hardware Solutions Application Acceleration 3rd _Party Mobile Apps Equipment Staging, Cabling, and Wiring PCI Customer Data Protection Regulatory Compliance

Application Consulting _{Mobility Consulting}

SAS 70 / SSAE 16 / ISAE 3402 Network Architecture Assistance Firewall Assessments Assess Security Risk Of Evolving Application-based Mobile Technologies Security Event Management Network Consulting Incident Response & Forensics Cloud Strategy Disaster Recovery Strategy eCommerce Strategy Software Implementation, Enhancements & Upgrades Custom Application Development Network Integration Systems Integration Protecting Interests

Cloud & Hosting Consulting

Mobilize Everything Rise Above the Cloud Unlock Your Applications ISO 27001/2

Sarbanes-OxleyGLB RFID Supply Chain Logistics WWWAN Architecture Assistance Telemetry Solution Development Your GovEd Organization

Security

(9)

$ecurity

BigData

BigData and

(10)

(11)

Concerns are real – not FUD

Alaska Department of Health and Social Services

the state Medicaid agency, has agreed to pay the U.S. Department of

Health and Human Services’ (HHS) $1,700,000 to settle possible

HIPAA violations. Alaska DHSS has also agreed to take corrective

action to properly safeguard the electronic protected health

information (ePHI) of their Medicaid beneficiaries

Utah Department of Health

March 30, approximately 780,000 Medicaid patients & recipients of the

Children's Health Insurance Plan had personal information stolen after a

hacker from Eastern Europe accessed the Utah Department of Technology

Service's server.

South Carolina Department of Revenue Breach

$25m and climbing. Employee opened a phishing email on a personal

machine… infected a thumb drive… inserted thumb drive in DOR PC… low and

slow extraction of data from DOR data base

SC DOR no longer allows employees to use state machines for personal use..

Can not access during lunch or after work.

(12)

Concerns are seen early by BigData

12

BigData Advisory – Cisco Security Advisory

Cisco ASA5500 Series

Cisco ASA 5500 Series

Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst

6500 Series ASA Services Module (Cisco ASASM) contain a

vulnerability that may allow an unauthenticated, remote

attacker to cause the reload of the affected device.

Protect Alert Increased scan sources on port

135/tcp

Increase scanning on port 135/TCP. Port 135/TCP is

commonly associated with “epmap” to manage services like

Exchange, AD, DHCP, DNS and WINS. The current scanning

activity appears to be an attempt to identify open DCE/RPC

Locator Services to target vulnerable systems for malicious

purposes. Several malware (Randex, Spybot, Sdbot and

Ircbot) are know to use 135/tcp.

(13)

With BigData…

BigData Resources that benefit Gov/Ed

Organizations:



Extremely (elastic) Large Network



Resources: Teams and Organizations with

Expertise



Full-time/part-time security professionals

with training and credentials



Benefit from real-time knowledge-base

and tools

Page 13

(14)



33 petabytes of data traffic per day on average –

(peta = 1 million gigbytes)



Wireless subscribers – >150M – not simply cell

phones… Hand-held computers



BigData has large Wi-Fi network view with

hundreds of thousands of WiFi hotspots around

world.



BD has more than one billion devices connected to

its network at any given time



Billions of IP flows go through a BigData

analysis DB per hour on average.

What BigData Sees/Monitors

(15)

With BigData behind you:



Correlation of your events with a large

threat intelligence databases in the

world



Proactive signatures



Custom tools for early detection



Resources for mitigation



BigData offers a unique global view

of traffic & threats that can not be

replicated.

(16)

Viewing Internet Activity …

Through a BigData Portal.

Using BigData Engines (Monitoring, Correlating,

Trafficking, etc.) to support mitigation and

(17)

HOW BigData Identifies Vulnerabilities

Correlation Across Network, Servers &

Applications

Page 17

Real-Time Alerts

& Alarms with

Severity & Likely

Source

Profiling Engine

“What You Expect as Normal”

Security

Professionals

• Normalized Database

of Alerts

• 24 x 7 monitoring

• Documented process

• Moving terabytes of

data worldwide

• Protection against

many security events

Correlation Engine

Monitoring Engine

“What you Actually See”

Security Analysis

(Profile/Anomaly Based)

2 8 4 2 1 7 2 0 5 2 2 8

(18)

18 Non-targeted _servers

DDoS Defense Diversion Overview

2842 17 20 5 2 2 8

Scrubbing Complex

IP Network

2. Activate

Scrubbing

Complex

BGP announcement

1.2.3.4/32

Targeted servers 1.2.3.4/24

3. Withdraw routes to

alternate ISP

1. BigData

Partner Detects

DDoS attack

(19)

19 Non-targeted _servers

DDoS Defense Diversion Overview

2842 17 20 5 2 2 8

Scrubbing Complex

IP Network

Targeted servers 1.2.3.4/24

6. Scrubbed Legitimate

Traffic Flows back to

targeted devices

4. Scrubber Identifies

and filters the

malicious traffic

3. Divert only the

Target’s traffic to

Scrubber

(20)

BigData

(21)

Service Support Model / Flow

Real-Time

Alerts & Alarms

with Severity &

Likely Source

• IDS Alarms • Firewall Logs • DLP Alarms • Netflow • Proxy Logs • Server Alarms • Internet Alarms • DDOS Detection • VPN Logs • Honey Pots • Monitoring Engines • Correlation Engines • Flow Analysis

(22)

Service Support Model / Flow

Real-Time

Alerts & Alarms

with Severity &

Likely Source

Security Analysis

(Profile/Anomaly Based)

Security

Professionals

Global Network Security

(23)

Service Support Model / Flow

Real-Time

Alerts & Alarms

with Severity &

Likely Source

Security Analysis

(Profile/Anomaly Based)

Security

Professionals

BigData Network Security GNOC

Security Information

Mitigation Plan

Security Support

(24)

(25)

Customer Information Flow

25

IDS FW Logs

Customer

Intranet

Data

Flow data Registry

BigData IP Backbone

Feeds

Others_Others Others

Internet

Based

Intelligence

Customer

Portal

Alarms

Data Collection

Analysis

Correlated

Alerts

Customer Notification

Customer Intranet

Feeds

Others_Others Others

(26)

Page 26

Security Event & Threat Analysis

Notification of

prioritized events

based on their risk

to the company and

the ability to

mitigate them.

mitigation plan

provided as part of

BigData determined

critical and

actionable alerts

Custom Periodic

Threat Analysis

Report identifying

threats that may

effect your business

(27)

27

Security – Protecting different data different ways. E-Mail concerns are different then Denial of Service Concerns

Data requirements and exposure can effect all parts

of your organization. Protection where needed – Defense-in-Depth approach to

securely protect your business.

Passing packets, or augmenting your team

through services is Defense-in-Depth. Protection where you need it - when you

need it.

24x7

Always on - always available BigData Network Operating Center and Security Solution

teams - There when you need them.

BigData Security Solutions

A Defense-in-Depth Approach: Many types of data share the same cable

SMTP E-Mail

Telenet – Data connections

HTTP / HTTPS Web Browsers and Secure Web Pages

Business Applications

VPN – Site-to-Site

and Users IPSec NAT-T, SSL, etc. Token (hard or soft) FTP - File Transfer

(28)

28

Secure E-Mail Gateway (SEG)

Protecting Against Inbound Threats, While

Delivering Outbound Policy Enforcement, Disaster

Recovery, and Archiving Of E-mail Data

Put the Moat outside your business

- Where it belongs

• BigData Network-based solution

blocking spam, viruses, and other

inbound e-mail malware threats with

an additional layer of protection

against loss of sensitive information

and services.

• DLP – Data Loss Protection

• PII – Personal Identifiable

Information

• Disaster Recovery Support for months

with

mail-•

bagging in the event of expected or

unexpected e-mail downtime. access to

these e-mails during outage

• Multi-layered e-mail filtering protection

• Encryption features to support your

(29)

(30)

Page 30

Stop New and Known Malware at the Internet Level

• Inbound / Outbound Real-Time Scanning across multiple, correlated detection

technologies

• Zero-Day concerns dynamically identified by working with massive amounts of Web

Data

Processes

Outbreak Intelligence using proprietary,

proactive, heuristics technology

• Proactively identify threats, rapidly

develop heuristics, and test these

against real data.

• Ensuring accuracy, effectiveness

and immediate protection.

• Anywhere+

- Same protection / enforcement for roaming assets (laptops) when away from office.

BigData Web Security

(31)

31 31

World Class Security NOC

•

Physical Redundancy

•

Documented Operational

Security Procedures

•

24x7 monitoring and management

State of the art systems

that monitor and manage

thousands of devices

•

Systems that collect terabytes

of data

•

Correlate thousands of

security events

Top Notch Security Expertise

•

CCNP, CCIE, GCIA, CISSP, MCSE,

and Unix certified professionals

•

Strong Security Skills –

Incident Handling and Intrusion

Detection

•

In depth understanding of TCP/IP

•

Years of experience

BigData =

World Class Security Operations

Global Network Security GNOC

Lead in Industry

Standards of Excellence

(32)

Page 32

SOLUTION:

Move the Moat Outside the Castle.

Michael Light, Emerging Technologies Consultant

[email protected]

– 843.814.7935

32