© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Security Risk and Challenge under the Big Data

惠普企業安全

2014 年 9 月

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2

高企業風險 + 高級攻擊者 = 更多的攻擊

國家資助 LulzSec 魯茲安全

Anonymous

(匿名)

雲/大數據 虛擬化 移動/BYOD

攻擊 2400萬次 4000萬次 9500萬次 1億100萬次 1億3000萬次

新技術

今日的威脅環境

駭客行動主義者

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3

客戶總是需要對應安全挑戰

今日，安全已被董事會

提上討論議程

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4

目前的方法所存在的問題

雲 1000+ 安全供應商

虛擬

大數據

太多的數據

太多的單點產品

沒有可整合的智慧型解化解決方案

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5

首席安全官關心的主要問題

雲/巨量數據的安全風險

資料來源： 《2012 年全球訊息安全調查狀態》，羅兵咸用倒會計師事務所、CIO 雜誌、CSO雜誌，2011 年 9 月

執行供應商站點安全政策的能力

供應商站點的特許存取控制

培訓和 IT 稽核

您的資料與別人資料太過於接近

恢復數據的能力

需通過不可信任的網路進行存取

供應商法規遵循能力

供應商能否持續存在

稽核廠商的能力

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6

巨量數據下的挑戰

• 企業門著重於基礎建設

• 專注在建置大數據架構 (Network, Server, Stroage, Virtualization..)

• 產生數據的數據源來至各方

• 使用數據的用戶，有各種方式存取

• 安全議題，非建構者的首要考量

• 在架構中，提供傳統的防護措施

• 捨棄掉高負荷的安全控管措施 (agent base)

• 忽略大數據下的本質 – 應用 (Application)

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7

目前的大數據下的挑戰

雲 1000+ 安全供應商

虛擬

物理

太多的數據

太多的單點產品

沒有可整合的智慧型解化解決方案

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8

我們需要怎麼做。。。

保護最重要的訊息

採用智慧型管理

實現完整的可視性

回歸到基礎問題

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

惠普巨量數據 雲安全解決方案

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10

安全服務

營運 應用程序

保護關鍵數據，加密存儲

建立完整的可見性 ，覆蓋所有應用程序和系統

分析監測應用和營運中的漏洞，以瞭解風險

具備出色的應對能力， 防禦漏洞被利用

監測人員、流程和技術三個領域的安全有效性和風險， 並不斷改進

訊息與數據

安全智能平台

惠普安全智能平台

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11

11

Internet

大數據應用 AP

後台系統

大數據下安全防護

• 一： 建構基礎安全防護

• 網路層的防禦, OS 層監控等

• 二：建立安全可視圖

• 快速收集各種安全訊息

• 導入 Threat Intelligence

• 三：建立應用安全規範與監測

• 對 AP 建立即時性的安全監控

• 四：建立自動防禦措施

• 即時阻斷應用程序，或連線

• 五：建立可重複的自動安全檢測

• 服務，或導入黑盒檢測

大數據 - 安全措施

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

SOC 與 巨量數據應用

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13

ArcSight and Hadoop Integration

HP ArcSight Big Data Strategy

Creating the super highways

Advanced storage and retrieval with CORRv4 (ESM 6.0C)

Smart plug-in for data extraction to Hadoop

Run as batch process with high EPS

Ecosystem will continue to be built out and utilize ArcSight security

expertise to provide new capabilities for security data analysis

Further insight into security events using open source machine learning algorithms

Pattern discovery across large data sets utilizing statistical analysis

Anomaly detection and predictive analysis for security threat posture assessment

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14

HP ArcSight Hadoop

Hadoop Integration

Scenario

• Real-Time analytics on CORR-Engine

• Forwarding from CORR-Engine to Hadoop (Super Highway)

• Hadoop as the long term storage & batched analytics (ML algorithm)

• Batched analytics feed back to ESM

Hadoop CORR-

Engine 100K EPS 100K EPS

Real-Time Analytics

Event Enrichment

Archiving

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15

Hadoop HP ArcSight

Hadoop Integration

Scenario

• Batch analytics on Hadoop

• Forwarding from Hadoop to CORR-Engine

• Full-Text search, reporting, indexing on CORR-Engine

Hadoop

CORR-Engine 100k EPS

Full-Text Search

Reporting

Indexing

Batch Analytics

CORR-Engine

CORR-Engine 100k EPS

100k EPS

…

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

目前開放的議題 非結構化數據分析與 SOC

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17

HP ArcSight ESM and Autonomy IDOL

HP Autonomy

IDOL

HP ArcSight

ESM

Unstructured data Structured data

Alerts ESM to targeted negative

sentiment communications and threat

intelligence

IDOL provides additional business

context for suspicious communications

CEF

API query

Display to analyst the full content of

communications and threat intelligence

HTTP

S

• Email, files

• Social Media, Chat Sessions

• Websites, Audio/Video

• Security Devices (FW, IDS, etc.)

• Identity & Access Management

• Applications

CEF

HTTPS

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18

Social media monitoring for insider threats

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19

Data loss monitoring in-action

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20

Data loss monitoring in-action

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21

Trends in big data

• Coming to a SOC near you!

• Will enhance (but not replace) SIEM technology

• Will be leveraged for network, user, and fraud monitoring

• Will eventually become predictive

• Will increase need to hire resources trained in data analytics

Today’s Challenge: Knowing what to look for

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22

HP big data security intelligence

Social media monitoring for

enhanced threat intelligence

Gain visibility into unstructured

“big data”

Leverage business context to

identify data losses and exposures

– Intellectual property, Sensitive information,

Customer data

– Email, social media posts, file transfers

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

快速建立系統的 KPI

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Q & A

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

謝謝各位的時間！