Big Data Presentation 04Nov2013
Transcript of Big Data Presentation 04Nov2013
-
8/13/2019 Big Data Presentation 04Nov2013
1/27
2013 MetricStream, Inc. All Rights Reserved.
GRC Big Data
November 2013
-
8/13/2019 Big Data Presentation 04Nov2013
2/27
2013 MetricStream, Inc. All Rights Reserved.
From Integrated to Pervasive GRC
Widespread and rapid
adopt ion of new
technologies (e.g. ,
mobi le, soc ial )
Increas ing regulatorypressures and Board /
Management
accountabi l i t y
Represents internally developed solutions Represents vendor solutions
First Generation Second Generation
Third Generation Fourth Generation
ExpandingGRC
App
lications
2003 2013 ?
Sarbanes-Oxley (SOX) enacted fol lowing s er ies of
acco unt ing scandals (Enron, Tyco, WorldCom)Global financ ial cr is is
S i loes lead to grea ter
r isk and inef f ic ient use
of resource s
Audit / Finance
(Sarbanes-Oxley)Audit / Finance
IT GRC
Audit / Finance
IT GRC
Legal
Quality
Management
Compliance
Management
IT GRC
Legal
Quality
Management
Notable disasters inc lude Deepwater Hor izon and Fukushim a
Risk
Management
Standalone, largely
ad hoc, in ternally
developed solut ion s
Si loed vendor and
internally develop ed
poin t so lu t ions
Integr ated GRCplat form solut ion s
Pervasi ve GRC
Audit / Finance
IT GRC
Legal
Quality
Management
Compliance
Management
Risk
Management
Vendor RiskManagement
Social GRC
Long-Tail Apps
Comprehensive&Unified
Analytics
Cloud GRC
Com
monDataModel;CustomizableP
latform
-
8/13/2019 Big Data Presentation 04Nov2013
3/27
2013 MetricStream, Inc. All Rights Reserved.
Product Vision
GRC Platform Infrastructure
Aggregator of structured and unstructured data Analytics for risk intelligence and contextual analysis
Orchestrator of native and non-native apps
Best-in-Class Core Apps
Federated architecture, integrated taxonomy Fully-packaged apps
Highly configurable with AppStudio by customers
and partners
Enable Long Tail of Apps Technology and ecosystem collaboration
GRC Intelligence
Aggregated and native content capabilities
-
8/13/2019 Big Data Presentation 04Nov2013
4/27
2013 MetricStream, Inc. All Rights Reserved.
Pervasive GRC: Data Sources and Types
MetricStream
-
8/13/2019 Big Data Presentation 04Nov2013
5/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data The New Trend in Analytics
Size of data
Complexity
and Effort
in deriving
intelligence
Unstructured data sets such
as social media feeds,
location data, news feeds
Structured data sets
such as ERP
transaction data and
metadata, standard
XML feeds from websources etc.
Big datasets
Big data analytics
Small datasets
Traditional data analytics
Key Attributes:
Approximate results, but quickly
Processing very large volume of data
Filtering relevant data
Key Attributes: Exact results
Number crunching
Incremental data sizes
-
8/13/2019 Big Data Presentation 04Nov2013
6/27
2013 MetricStream, Inc. All Rights Reserved.
GRC: A Big Data Problem
Multiple GRC Data Sources, Event Co-relations
Content and Standards Library ERP, SCM, Content Management applications
Network Frontiers/UCF, NIST NVD, Cloud Security
Alliance, SharedAssessments.org
SAP, Oracle, i2, Ariba, JD Edwards, EMC, Documentum,
OpenText, Sharepoint
Threat , Vulnerability, Logs, SIEMS, Operations and Asset Management
nCircle, Nessus , Qualys, Symantec, McAfee, Arcsight,
Splunk, BigFix, eEye
HP Asset Manager, BMC Remedy
SIEM, Log Management, Application Intelligence Risk Models
LogLogic, ArcSight, Splunk Market and Credit Risk Models, RiskMetrics, RMA
Segregation of Duties, CCM, Transaction Monitoring Risk and Framework Content
CrossIdeas , Engiweb Security, Greenlight, Mantaz,
Actimize, MES systems
ORX, Gold; American Banking, OCEG, IIA, ISO, D&B,
Configuration Management Regulatory Content sources
Qualys, nCircle Configuration Compliance Manager(CCM), eEye Retina CS
Lexis, Factiva, Complinet, Reuters, FDA, State RegsComplianceOnline - > 1000 sources
Data Loss, EndPoint, Mobile, Application Security Smart Grid and Green Data centers
Verdasys, Sophos, Veracode, Lookout, Symantec Cisco, SilverSpring
Social Media Sources News Feeds
Facebook, Twitter, Linkedin www.iss.net, xssed.com
http://www.iss.net/http://www.iss.net/ -
8/13/2019 Big Data Presentation 04Nov2013
7/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data: A Effective Risk Management Tool
Trends predictSuper Cyclone in
India
90% ofManufacturing
Plants impacted
No supply till plantsrestored
Anticipate, Countersupply disruptionwith remedial plan
and publish it
Stock stable
Super Cyclone inIndia
90% ofManufacturing
Plants impacted
No supply till plants
restored
News of disruption
in supply
Stock volatile
10.13 10.30
10.3514.35
10.10 10.30
10.35Next
day
-
8/13/2019 Big Data Presentation 04Nov2013
8/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data Risk Analysis A Product Reputation Use Case
Social Media site
PostingsCall center transcripts Customer Support
Emails Internal data & reports
Identifythe key datasources for gathering the
Product reputation andquality feedback
Aggregate & Processthedata using Hadoop DFS
and MapReduce framework
Detectthe risks usingnatural language processingbased rules, keywords andauthor profiles and influence
Informthe relevantstakeholders through trend
analysis reports anddashboards
Hadoop DFS
Store the complete data in a Distributed File system
Create risk detection
rules based on key
words, repetition
frequency & Authorinfluence
Analyze the product
feedback data based
on the rules on a real-time basis
Reduce the data to highlight
the key product & brand
reputation risks and their
causes
Create trend analysis dashboards to highlight key product feedback categories and risks
and causes highlighted based on the analysis
-
8/13/2019 Big Data Presentation 04Nov2013
9/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data Risk AnalysisVendor Due Diligence Use Case
Big DataAnalytics
Unstructured data sets :
News feeds, SocialMedia comments
External databases:
Exports registry, PEPDatabase ,
Rating Agency Databases
Internal databases:
Vendor information,
Credit and Paymentinformation
AggregateReal time and Up-to-date Vendor Due diligence and Assessment
information
Correlatethe vendor data against key identified risks for accurate risk scoring
and assessment
Managecompliance to FCPA, UK Bribery Act & OECD Convention etc.
-
8/13/2019 Big Data Presentation 04Nov2013
10/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data Risk AnalysisIT-GRC Use Case
Aggregatethe vulnerabilitybulletins across websites e.g.
www.xssed.com, www.iss.net etc
Analyzethe feeds based on thetext analytics based rules and ITAsset library
Highlightthe risks & vulnerabilitiesbased on the asset library as well
as the rules engine Correlatethe Product and CVE details withthe internal IT asset libraries and highlight
potential risks and vulnerabilities
http://www.xssed.com/http://www.xssed.com/http://www.xssed.com/ -
8/13/2019 Big Data Presentation 04Nov2013
11/27
2013 MetricStream, Inc. All Rights Reserved.
Situational Awareness for BCP
Track Social Media platforms like:Twitter
FacebookPinterest
Google (Google +, Youtube, Crisis Map etc.)
Correlate Information with Organizational Assets /
Facilities / Risks
Trigger / Update Incident Management Workflows &
Notifications
Real-Time Reports &
Dashboards
Leverage Social Media for
Communications During
Emergencies
-
8/13/2019 Big Data Presentation 04Nov2013
12/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data Risk Analysis Other Use Cases
Fraud, AML Trader and Broker Compliance
Brand and Reputation risk management
Vendor Due-Diligence
Product Feedback & Complaints management
Increased supply chain visibility
Vendor Due-Diligence
Customer Feedback & Complaints management
Reputation management
Vendor Due-Diligence
Customer Feedback & Complaints management
Reputation management
-
8/13/2019 Big Data Presentation 04Nov2013
13/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data and MetricStream GRC Solutions
Identify
Identify thekey risks
Identify the
informationsources
Aggregate
Aggregatedata acrossstructured andunstructured
data sourcesusing Big dataaggregation &analysis
Detect
Auto detectionof riskindicatorsusing rules
Risk scoreassessment ofdata toprioritize
Inform
Actionableinformationbased onvisual reports
Alerts andNotificationsfor keystakeholders
Remedy
Manage theremediationactionsthrough pre-
set ERMworkflows
Provide organizations with a plug and play solution to align
the Big Data risk detection, analysis, mitigation as well as
continuous monitoring with the integrated enterprise GRC
framework of the organization.
MetricStream Big Data
Risk Detection Framework
MetricStream Enterprise Risk
Management Framework
-
8/13/2019 Big Data Presentation 04Nov2013
14/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data: Solving the Key Challenge
How to channelize the data
to right stakeholder?
How can the situation be
mitigated in real-time?How to filter Voice from
Noise in the Big Data?
Hadoop DFS based framework to allow aggregation of contentacross data sources
Ability to handle both structured and unstructured content
Aggregate data across big data
sources
Advanced text analytics based on custom rules to identify text
patterns and indicators of risk. Risk analysis and scoring mechanism to prioritize the identified
data.
Advanced Text analytics for RiskIdentification
Pre-built integration with MetricStream ERM framework
Single workflow for end-to-end handling of Big data based riskanalytics
Out-of-box integration with
MetricStream ERM
M t i St I t g ti A hit t S l bl
-
8/13/2019 Big Data Presentation 04Nov2013
15/27
2013 MetricStream, Inc. All Rights Reserved.
MetricStream Integration Architecture: ScalableAcross Structured and Unstructured Data Sources
Store data from Structured
data sources such as ERP,
DMS, XML Data feeds
Store data from unstructured data sources such
as Social Media, Email Data stores, Public
Databases
-
8/13/2019 Big Data Presentation 04Nov2013
16/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data Aggregation and Analytics Workflow
Aggregation Processing Reporting Actionizing
Integrated Data
feed management
with Internet
websites
Automatic and
advanced scraping
capabilities
Internet
Directory/Company
Registry/Litigation
record searches
Key dashboards
and reports
available for results
analysis such as
Article Risk report
Consolidated risk
dashboard
Out-of-Box
Integration with
the Issuemanagement
solution
Assignment of
the identified risk
to designated
stakeholder
Word dictionary
and risk rules
based analysis of
feeds for risk
detection
Robust rule
engine to
accommodate
fuzzy logic for
textual risk analysis
-
8/13/2019 Big Data Presentation 04Nov2013
17/27
2013 MetricStream, Inc. All Rights Reserved.
Various Big Data
Sources
Big Data Aggregation and Analytics Workflow
-
8/13/2019 Big Data Presentation 04Nov2013
18/27
2013 MetricStream, Inc. All Rights Reserved.
Big Data and Social Media Risk and Compliance Mgmt
Identify the Risks which need
to be analyzed in theorganization
1
Identify the word dictionary
that needs to be associatedwith the risk rule
2
Create the rule using one or
more of the dictionaries with
configurable parameters for
detecting risk in feeds
3
Configure the feed from a
Facebook page or Twitter
Hashtag for extraction
4
Identify the feeds which
match the rule in the channel
report
5
Take action on the article by
routing it to the Incident &
Issue management system
6
-
8/13/2019 Big Data Presentation 04Nov2013
19/27
2013 MetricStream, Inc. All Rights Reserved.
Feed Source Configuration
Ability to Configure feeds
across multiple sources
Multiple URLs from a single
social media source can be
configured
Leverage Hadoop Distributed
file system (DFS) and
MapReduce Framework for
detection and analysis
-
8/13/2019 Big Data Presentation 04Nov2013
20/27
2013 MetricStream, Inc. All Rights Reserved.
Text Analysis Configuration
Ability to handle lexicon
across multiple languages forreal time text analysis
-
8/13/2019 Big Data Presentation 04Nov2013
21/27
2013 MetricStream, Inc. All Rights Reserved.
Rule Configuration
Ability to create complicated
text analysis rules based on
to facilitate real time text
analysis and riskassessment.
-
8/13/2019 Big Data Presentation 04Nov2013
22/27
2013 MetricStream, Inc. All Rights Reserved.
Detect risky content across
articles and flag it for user to
analyze and decide on futurecourse of action.
Analyze risk content on each
article and display risk
assessment scores on each
article for prioritization
Display Author information toallow user to gauge the author
influence by the system score as
well as other configurable
parameters.
Analysis Report
-
8/13/2019 Big Data Presentation 04Nov2013
23/27
2013 MetricStream, Inc. All Rights Reserved.
Analysis Report
-
8/13/2019 Big Data Presentation 04Nov2013
24/27
2013 MetricStream, Inc. All Rights Reserved.
Issue Creation
-
8/13/2019 Big Data Presentation 04Nov2013
25/27
2013 MetricStream, Inc. All Rights Reserved.
Next Gen GRC Platform Capabilities
Big Data Analytic Capabilities
Building Technology architectures to deal with 3 Vs with support for
Hadoop and MongoDB
Building intelligent parsing and caching capabilities
Social Media Awarenessapplying rules, differences in network types
Contextual Risk Intelligence and Advanced Analytics Advanced analytics, reporting and business intelligence
Advanced AppStudio
Enabling customers and partners to extend or create applications Enabling significantly higher productivity for Services and product
development
-
8/13/2019 Big Data Presentation 04Nov2013
26/27
2013 MetricStream, Inc. All Rights Reserved.
Next Gen GRC Platform Capabilities
Multi-platform mobility support
Multiple form factors and innovations
Persisting user state across devices to preserve user experience
Location and context awareness and sensing
Cloud-based IT provisioning
Rapid deployment modelsGRC Express
Higher range of service levels
Readiness for Enterprise
Increased investments in MS Labs testing expanded for compatibilitywith browsers, servers, databases, versions, open-source
Performance in lab5,000+ concurrent users in certain applications
High availability
Multi-lingual capabilities
-
8/13/2019 Big Data Presentation 04Nov2013
27/27