BigData and (in)Security Considerations - SCGMIS offers A Defense-in-Depth: Approach to Security....
Transcript of BigData and (in)Security Considerations - SCGMIS offers A Defense-in-Depth: Approach to Security....
BigData and (in)Security Considerations
2
Most Organizations are reengineeringthe way they do business.
Powerful Mobile Computing Devices
Fast, Widespread Wireless/Wireline IP Networks
Cloud Computing
Amazing ApplicationsThat Change Our World
Technology Trends Reshaping Business
Government/Education Interactions
FinanceCommunities
Compliance Communities
DemandCommunities
Compliance
Payment &Settlement
Fulfillment
Revenue
Logistics Service
Providers
Brokers
Carriers
Suppliers/ Distributors
Banks & Credit
Escrow/Endowments Agents
Student Finance
Regulatory Authorities
Government Authorities
Industry Standards
OrganizationsRetailers
ConsumersParents/StudentsConstituents
Education Distributors,
Vendors Partners
IT/Software
IT Standards Community
Financial Investment
Management
Industry/Education/ Government
Organizations
Your Organization
Marketing
Legal
Security
Logistics & Facilities
Communities
4
Computing PowerOn Demand
Application PlatformOn Demand
UtilityComputing
Managed Hosting
Replication & Storage
Collocation
Smartphone &Laptop Back‐up
Virtual Cloud
Global Geographic Diversity
Domestic Geographic Diversity
Cloud & Hosting Services
Security
Private Cloud
Technology Diversity
5
Application Hosting &Pro Services
Application Hosting &Pro Services
ApplicationHosting &Pro Services
ApplicationManagement
Application Management
Content Acceleration
Content DeliveryNetwork
Digital Signage
Video Management
WebSphereHosting &Services
Application Services
eCommerce Application
Hosting & Pro Services
Security
Business ApplicationMobilization Middleware
Software as aServiceEnablement
Application Hosting &Pro Services
Security
Vendor and Partner Choices
6
Internet Access
Local & Long Distance
Telepresence
DomesticMPLS
Wireless WAN
Remote Access
Web & Audio Conferencing
Web & Email Security
Firewall, Bandwidth, & Mobile Security
as a ServiceNetwork Sourcing
UnifiedCommunications
Network Services
Integrated Voice & Data
Legacy DataNetworking
GlobalMPLS
Security
Access and Communications Choices
7
Global MobileCompatibility
Mobility Services
Business Applications
Simultaneous Voice & Data
SmartPhones
Tablets
Laptops & Netbooks
Mobile Commerce
Mobile Device Management
Fixed Mobile Convergence
Mobile ProductivitySolutions
Machine‐to‐Machine
Legacy Cell Phones Global Wi‐Fi
Access
Mobile ResourceManagement
Mobile Messaging
$
Security
Mobility Explosion
Connect To Your WorldPutting all of
the Pieces Together
Data Warehouse
Custom Hardware Solutions
Application Acceleration
3rd Party Mobile Apps
Equipment Staging, Cabling, and Wiring
PCI
Customer Data Protection
Regulatory Compliance
Application Consulting Mobility Consulting
SAS 70 / SSAE 16 / ISAE 3402
Network Architecture Assistance
Firewall Assessments
Assess Security Risk Of Evolving Application-based Mobile Technologies
Security Event Management
Network Consulting
Incident Response &
Forensics
Cloud Strategy
Disaster Recovery Strategy
eCommerce Strategy
Software Implementation, Enhancements &
UpgradesCustom Application Development
Network Integration
Systems Integration
Protecting Interests
Cloud & Hosting Consulting
Mobilize Everything
Rise Above the Cloud
Unlock Your Applications
ISO 27001/2
Sarbanes-OxleyGLB
RFID Supply Chain
Logistics
WWWAN Architecture Assistance
Telemetry Solution
DevelopmentYour GovEd
Organization
Security
Mandates and More
$ecurity
BigData
BigData and (in)Security Considerations
The threat Landscape is changing
Concerns are real – not FUDAlaska Department of Health and Social Services the state Medicaid agency, has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $1,700,000 to settle possible HIPAA violations. Alaska DHSS has also agreed to take corrective action to properly safeguard the electronic protected health information (ePHI) of their Medicaid beneficiaries
Utah Department of Health March 30, approximately 780,000 Medicaid patients & recipients of the Children's Health Insurance Plan had personal information stolen after a hacker from Eastern Europe accessed the Utah Department of Technology Service's server.
South Carolina Department of Revenue Breach$25m and climbing. Employee opened a phishing email on a personal machine… infected a thumb drive… inserted thumb drive in DOR PC… low and slow extraction of data from DOR data base SC DOR no longer allows employees to use state machines for personal use.. Can not access during lunch or after work.
Concerns are seen early by BigData
12
BigData Advisory – Cisco Security Advisory Cisco ASA5500 Series Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device.
Protect Alert Increased scan sources on port 135/tcpIncrease scanning on port 135/TCP. Port 135/TCP is commonly associated with “epmap” to manage services like Exchange, AD, DHCP, DNS and WINS. The current scanning activity appears to be an attempt to identify open DCE/RPC Locator Services to target vulnerable systems for malicious purposes. Several malware (Randex, Spybot, Sdbot and Ircbot) are know to use 135/tcp.
With BigData…
BigData Resources that benefit Gov/Ed Organizations: Extremely (elastic) Large Network Resources: Teams and Organizations with
Expertise Full-time/part-time security professionals
with training and credentials Benefit from real-time knowledge-base
and tools
Page 13
33 petabytes of data traffic per day on average –(peta = 1 million gigbytes)
Wireless subscribers – >150M – not simply cell phones… Hand-held computers
BigData has large Wi-Fi network view with hundreds of thousands of WiFi hotspots around world.
BD has more than one billion devices connected to its network at any given time
Billions of IP flows go through a BigDataanalysis DB per hour on average.
What BigData Sees/Monitors
14
With BigData behind you: Correlation of your events with a large
threat intelligence databases in the world
Proactive signatures Custom tools for early detection Resources for mitigation BigData offers a unique global view
of traffic & threats that can not be replicated.
15
Viewing Internet Activity …Through a BigData Portal.
Using BigData Engines (Monitoring, Correlating, Trafficking, etc.) to support mitigation and prevention of penetrations.
HOW BigData Identifies Vulnerabilities Correlation Across Network, Servers & Applications
Page 17
Real-Time Alerts & Alarms with
Severity & Likely Source
Profiling Engine“What You Expect as Normal”
SecurityProfessionals
• Normalized Databaseof Alerts
• 24 x 7 monitoring• Documented process• Moving terabytes of
data worldwide• Protection against
many security eventsCorrelation Engine
Monitoring Engine“What you Actually See”
Security Analysis (Profile/Anomaly Based)
2 8 4 2
1 7 2 0
52 2
8
Network Security GNOC
18Non-targeted
servers
DDoS Defense Diversion Overview
2842
17 20
52 2
8
Scrubbing Complex
IP Network
2. ActivateScrubbing Complex
BGP announcement1.2.3.4/32
Targeted servers
1.2.3.4/24
3. Withdraw routes to alternate ISP
1. BigDataPartner DetectsDDoS attack
19Non-targeted
servers
DDoS Defense Diversion Overview
2842
17 20
52 2
8
Scrubbing Complex
IP Network
Targeted servers
1.2.3.4/24
6. Scrubbed Legitimate Traffic Flows back to targeted devices
4. Scrubber Identifiesand filters the malicious traffic
3. Divert only the Target’s traffic to Scrubber
BigData
BigData
BigData
Service Support Model / Flow
Real-Time Alerts & Alarms with Severity &
Likely Source
• IDS Alarms• Firewall Logs • DLP Alarms• Netflow• Proxy Logs
• Server Alarms• Internet Alarms • DDOS Detection • VPN Logs• Honey Pots
• Monitoring Engines• Correlation Engines• Flow Analysis
Service Support Model / Flow
Real-Time Alerts & Alarms with Severity &
Likely Source
Security Analysis (Profile/Anomaly Based)
SecurityProfessionals
Global Network Security
• IDS Alarms• Firewall Logs • DLP Alarms• Netflow• Proxy Logs
• Server Alarms• Internet Alarms • DDOS Detection • VPN Logs• Honey Pots
• Monitoring Engines• Correlation Engines• Flow Analysis
Service Support Model / Flow
Real-Time Alerts & Alarms with Severity &
Likely Source
Security Analysis (Profile/Anomaly Based)
SecurityProfessionals
BigData Network Security GNOC
• IDS Alarms• Firewall Logs • DLP Alarms• Netflow• Proxy Logs
• Server Alarms• Internet Alarms • DDOS Detection • VPN Logs• Honey Pots
• Monitoring Engines• Correlation Engines• Flow Analysis
Security InformationMitigation PlanSecurity Support
Security Event Threat Management System
Customer Information Flow
25
IDS FW LogsCustomerIntranetData
Flow data Registry
BigData IP BackboneFeeds
OthersOthersOthers
InternetBasedIntelligence
CustomerPortal
Alarm
s
Data Collection Analysis
CorrelatedAlerts
Cus
tom
erN
otifi
catio
n
Customer IntranetFeeds
OthersOthersOthers
Page 26
Security Event & Threat Analysis
Notification of prioritized events based on their risk to the company and
the ability to mitigate them.
Recommended mitigation plan
provided as part of BigData determined
critical and actionable alerts
Custom Periodic Threat Analysis
Report identifying threats that may
effect your business
27
Security – Protecting different data different ways. E-Mail concerns are different then Denial of Service Concerns
Data requirements and exposure can effect all parts
of your organization. Protection where needed –
Defense-in-Depth approach to securely protect your
business.
Passing packets, or augmenting your team
through services isDefense-in-Depth. Protection where you need it - when you
need it.
24x7Always on - always available BigData Network Operating Center and Security Solution
teams - There when you need them.
BigData Security SolutionsA Defense-in-Depth Approach: Many types of data share the same cable
SMTPE-Mail
Telenet – Data connections
HTTP / HTTPSWeb Browsers and Secure Web Pages
Business Applications
VPN – Site-to-Site and Users IPSec NAT-T, SSL, etc.
Token (hard or soft)
FTP - File Transfer
Application Data Traffic
28
Secure E-Mail Gateway (SEG)Protecting Against Inbound Threats, While Delivering Outbound Policy Enforcement, Disaster Recovery, and Archiving Of E-mail Data
Put the Moat outside your business- Where it belongs
• BigData Network-based solution blocking spam, viruses, and other inbound e-mail malware threats with an additional layer of protection against loss of sensitive information and services.
• DLP – Data Loss Protection• PII – Personal Identifiable
Information• Disaster Recovery Support for months
with mail-• bagging in the event of expected or
unexpected e-mail downtime. access to these e-mails during outage
• Multi-layered e-mail filtering protection• Encryption features to support your
data loss prevention strategies
29
Page 30
Stop New and Known Malware at the Internet Level• Inbound / Outbound Real-Time Scanning across multiple, correlated detection
technologies• Zero-Day concerns dynamically identified by working with massive amounts of Web
Data
Processes
Outbreak Intelligence using proprietary,proactive, heuristics technology
• Proactively identify threats, rapidlydevelop heuristics, and test theseagainst real data.
• Ensuring accuracy, effectiveness and immediate protection.
• Anywhere+ - Same protection / enforcement for roaming assets (laptops) when away from office.
BigData Web Security URL Filtering, Company Policy Enforcement and Protection
3131
World Class Security NOC• Physical Redundancy• Documented Operational
Security Procedures• 24x7 monitoring and managementState of the art systems that monitor and manage thousands of devices• Systems that collect terabytes
of data• Correlate thousands of
security events Top Notch Security Expertise• CCNP, CCIE, GCIA, CISSP, MCSE,
and Unix certified professionals• Strong Security Skills –
Incident Handling and Intrusion Detection
• In depth understanding of TCP/IP• Years of experience
BigData = World Class Security Operations
Global Network Security GNOC
Lead in Industry Standards of Excellence
Industry Thought Leaders
Page 32
SOLUTION: Move the Moat Outside the Castle.
Michael Light, Emerging Technologies Consultant [email protected] – 843.814.7935
32© 2010 AT&T Intellectual Property. All rights reserved. AT&T Proprietary (Internal Use Only)
Security ConsultingSecurity Event & Threat AnalysisNetwork-Based Firewall SolutionsIntrusion Detection and Intrusion Protection SolutionsEmail & / or Web Filtering ProtectionInternet BigView & DDoS Defense
BigData offers A Defense-in-Depth: Approach to Security