Enterprise Security Solutions and Big Data Liwei Ren, Ph.D Sr. Architect, Data Security Research, Trend Micro June 22, 2013, Dalian, China Classification 6/23/2013
Copyright 2011 Trend Micro Inc.
1
About Trend Micro and myself • Trend Micro™ (趨勢科技) – A global security software company with headquarters in Japan and US, and R&D centers around the world. – 5000+ employees in more than 30 countries – Pioneer in cloud security with Deep Security™
• Liwei Ren(任力偉), Ph.D – Specialized in data security, differential compression, and practical algorithms. – 10+ academic publications in mathematics – 16 US patents in DLP, differential compression, and OSS – Co-founder of a Silicon Valley DLP startup company Provilla • Successful exit in 2007
– Quite a few academic seminars for mathematical modeling and practical algorithms in universities of both Asia and US. Copyright 2011 Trend Micro Inc.
2
Agenda • My View of Big Data
• { Big data, Security } • Big Data Analytics for Security Solutions
• Security of Big Data • Big Security Data
• Summary
Classification 6/23/2013
Copyright 2011 Trend Micro Inc.
3
My View of Big Data • The whole world is talking about BIG DATA!
Copyright 2011 Trend Micro Inc.
My View of Big Data • What is big data about then? – Big data is
BIG, just simple as that!
• Wikipedia’s definition: It refers to a collection of data sets (structured and unstructured) so large and complex that it becomes difficult to process using conventional tools. • The challenges include capture, curation, storage, search, sharing, analysis, visualization, and transport.
– One may refer it to big data analytics as well. – Some people would equal big data to Hadoop, NoSQL, Splunk & the sort. – Those are just frameworks or management platforms for supporting big data process & analysis.
Copyright 2011 Trend Micro Inc.
My View of Big Data • What is big data analytics? – In short, big data analytics is the process of examining large amounts of data of various types to uncover hidden patterns, unknown correlations and other useful information. – A Big data analytics task is implemented on a Big Data platform • with cost-effective distributed computing power and clustering capability.
Copyright 2011 Trend Micro Inc.
My View of Big Data • Two keywords about big data:
Cheap
Distributed Computing
• Another summary: – Democracy of distributed computing
Copyright 2011 Trend Micro Inc.
My View of Big Data • What are the areas with big data analytics? – Various applications in many vertical markets. – Examples: • Customer behavior analysis & advertisements – Amazon, Linkedin, Google, Facebook, eHarmony and etc.
• Data-driven scientific research • Patient insight analysis • Financial fraud detection • Cyber-threat analysis • Just name a few
Classification 6/23/2013
Copyright 2011 Trend Micro Inc.
8
My View of Big Data • Big data process and analysis require a generic platform of distributed computing with low cost: – The architecture includes a distributed file system : HDFS, GFS, Amazon S3, CloudStore; and other tools. – It also includes capability of node clustering • Examples of FS and tools: • Hadoop • BigQuery • NoSQL
Classification 6/23/2013
Copyright 2011 Trend Micro Inc.
9
My View of Big Data Big Data Challenges & Opportunities (
Classification 6/23/2013
curtsey of Bloomberg Ventures
Copyright 2011 Trend Micro Inc. 10
):
My View of Big Data • Why so complicated? – Simplicity is the beauty!
• 3 Dimensions of Big Data Challenges: – Process & analysis – Storage – Transport
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 11
My View of Big Data • 3 Dimensions of Big Data Opportunities: – Analytics in many verticals – Storage – Transport
• Last year, I discussed solutions for big data storage and transport!
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 12
{ Big Data, Security }
Why bother? I am a security professional, what else can I work for being relevant to this great BIG DATA movement? Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 13
{ Big Data, Security }
Why not Big Data Security? – Damn good for security professionals
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 14
{ Big Data, Security } • RSA Conference US 2013 – Theme: Security in Knowledge: Mastering data. Securing the world. – Keynote Speech : Big Data Transforms Security • RSA Executive Chairman • Arthur Coviello, Jr.
“….Big Data is more than just a whole lot of data. It's the ability to extract meaning: to
sort through the masses of data elements to find the hidden pattern, the unexpected correlation, the surprising connection….” Big Data provides possibilities for new security solutions. Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 15
{ Big Data, Security } • Many security technologies face challenges of processing huge amounts of data. • Examples: – – – – – –
SIEM Anti-APT solutions Malware analysis & detection Data leak prevention Cloud security …
• A big data framework provides processing power with distributed computing capability: – powered by clusters of cheap “commodity” computers.
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 16
{ Big Data, Security } We can identify security problems relevant to big data: 1.
2. 3.
Big Data Analytics for Security Solutions : big data framework provides power to solve security problems that process huge amount of data. Big Data Security: Both big data and the framework need to be protected. Big Security Data : The modern SIEM products collect BIG security event Data from various existing security products that need to be processed and analyzed efficiently and effectively.
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 17
Big Data Analytics for Security Solutions • Modern threat detection systems apply various data analysis techniques to process security event data: – Rule based correlation – Various anomaly detection algorithms
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 18
Big Data Analytics for Security Solutions • Problems with this category of security systems: 1. 2. 3.
Performance Scalability Analytic usability • Interact, query, and visualize the volume of data in a timely and manageable manner.
Big Data Platform is a rescue !
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 19
Big Data Analytics for Security Solutions •
The leaders are: –IBM – RSA – ArgSight/HP –
Splunk
–Trend Micro • Smart Protection Network platform • Together with Deep Discovery appliance
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 20
Big Data Security • Big Data platform is a system consisting of many components – A system has security vulnerabilities – New security techniques need to be invented to handle these security holes
• Big Data is simply data… however, not period yet: • Big data has its own data security issues due to the sheer volume
• Traditional data security technologies need to be reevaluated: • DLP (Data loss prevention) • Encryption • DAM ( Database Activity Monitoring) • … Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 21
Big Data Security • Take DLP as an example: – Data at rest: • Finding a needle in Haystack? O my.
– Data in use • Handling more and more data rich applications is a nightmare for a DLP system… it is killing me!
– Data in motion • Can those network DLP appliances process fast enough to catch up with ever increasing volume of data streams? • Can those network DLP appliances catch up the increasing number of application protocols? • I am so depressed… stressful… I want to quit this field!
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 22
Big Security Data Big Security Data is the huge volume of event log generated from various modern security products in enterprise networks.
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 23
Big Security Data • They creates issues in the era of big data : – – – –
Storage eDiscovery processes Volume of data poses challenges for a SIEM system. …
– This is a burden for IT staffs.
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 24
Summary & Conclusions • We draw a view of what big data is about. • We identify and define 3 problems relevant to big data and security: 1.
Big data analytics for security solutions •
2. 3.
Big data provides intelligence.
Big data security Big security data •
Big data is a burden !
• There are numerous solutions for the first one • The solutions of 2nd and 3rd problems are open for better solutions. – Would you help me to solve them, please?
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 25
Questions?
Thank You! You can contact me via:
•
[email protected] • http://www.linkedin.com/in/drliweiren
Classification 6/23/2013
Copyright 2011 Trend Micro Inc. 26
