big data security the perfect storm

Big Data Security - The Perfect Storm

The Perfect Storm 1991It was the storm of the century, boasting waves over one hundred feet high a tempest created by so rare a combination of factors that meteorologists deemed it "the perfect storm."

When it struck in October 1991, there was virtually no warning.

*: http://books.wwnorton.com/books/detail.aspx?ID=5102

2

The Perfect Storm

3

SecurityAnalysis

CustomerSupport

CustomerProfiles

Sales &Marketing

SocialMedia

BusinessImprovement

Big Data

Regulations& Breaches Increased

profits

Increased profits

Increased profits

Increased profits

Increased profits

Increased profits

Perfect storm

4

More DataWeakerSecurity

IncreasedRegulations

Breach orAudit Fail

($$$)

The Perfect Storm

Big Data is a Time Bomb based on how things are coming together

Big Data deployment is growing fast, rushing into it

• ROI in focus

• Security is not part of Strategy

Shortage in Big Data skills• People don’t know what they are doing

Big Data Security solutions are not effective

General shortage in Security skills

5

Mankind Created Data

Source: IBM

0

5000

10000

15000

20000

25000

30000

35000

40000

2005 2010 2015 2020 Year

Data(exabyte)

6

What is Big Data?

7

What is Big Data?

Source: IBM 0307_Guardium_Final-.pdf

8

What Happens in an Internet Minute?

9

Source: Intel

Four Dimensions of Big Data

Source: IBM 0307_Guardium_Final-.pdf

10

Big Data Sources

Source: IBM

11

Business-driven Outcomes

Source: IBM

12

How is Big Data Different?

13

How is Big Data Different?

Why It’s Different Architecturally: • Shared’ data

• Inter-node communication

• No separate archive – all data is online

• No Security – breaches go undetected

Why It’s Different Operationally: • Insider data access

• Authentication of applications and nodes

• Audit and logging

Source: Securosis SecuringBigData_FINAL.pdf

14

What is The Problem Big Data Security?

15

Big Data and The Insider Threat

16

Many Ways to Hack Big Data

Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase

18

HDFS(Hadoop Distributed File System)

MapReduce (Job Scheduling/Execution System)

Hbase (Column DB)

Pig (Data Flow) Hive (SQL) Sqoop

ETL Tools BI Reporting RDBMS

Avr

o (S

eria

lizat

ion)

Zoo

keep

er

(Coo

rdin

atio

n)

Hackers

PrivilegedUsers

UnvettedApplications

OrAd Hoc

Processes

The Big Data platform may not

be secure,but your

Informationcan be secure.19

A Changing Threat

Landscape

20

21

New York Times about China Attack on US

*: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

22

One Single Sample: The Chinese APT1 group Compromised 141 companies in 20 industries

Stole hundreds of terabytes of data

Technology blueprints, Proprietary manufacturing processes,

Test results, Business plans, Pricing documents, Partnership agreements, Emails

23

Source: http://www.verizonbusiness.com/Products/security/dbir/, http://en.wikipedia.org/wiki/Timeline_of_events_involving_Anonymous

Dominating “hacktivism”

Attacks by Anonymous include• 2012: CIA and Interpol • 2011: Sony, Stratfor and HBGary Federal

http://www.verizonbusiness.com/Products/security/dbir/

http://en.wikipedia.org/wiki/Timeline_of_events_involving_Anonymous

http://en.wikipedia.org/wiki/File:Anonymous_at_Scientology_in_Los_Angeles.jpg

24

http://public.dhe.ibm.com/common/ssi/ecm/en/wgl03027usen/WGL03027USEN.PDF

25

DataLossBD - Incidents Over Time - Increasing


26 http://public.dhe.ibm.com/common/ssi/ecm/en/wgl03027usen/WGL03027USEN.PDF

Breakout of Security Incidents by Country

27

*: % of Escalated Alerts


Ranking Volume and Type of Security Incidents*

28

*: % of Escalated Alerts


Security Incidents - Malicious Code*

What is the Cost of A Breach?

29

Cost of Data Breach per RecordIndependently Conducted by Ponemon Institute LLC March 2012

30

http://www.symantec.com/content/en/us/about/media/pdfs/b-ponemon-2011-cost-of-data-breach-global.en-us.pdf

31

How are Breaches Discovered?

Unusual system behavior or performance

Log analysis and/or review process

Financial audit and reconciliation process

Internal fraud detection mechanism

Other(s)

Witnessed and/or reported by employee

Unknown

Brag or blackmail by perpetrator

Reported by customer/partner affected

Third-party fraud detection (e.g., CPP)

Notified by law enforcement

0 10 20 30 40 50 60 70

By percent of breaches . Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/

%

What is the Trend in

Regulations?

32

Regulations: Be Proactive in Protecting Data

33

HIPAA Omnibus - Penalties if PHI isn’t encrypted

34

http://www.diagnosticimaging.com/physicians-experts-make-case-secure-data-exchange-himss13

Regulations: Be Proactive in Protecting Data

Big Data must prepare for the changing landscape

• Trend: Encryption requirements are increasing

PCI DSS, US State Laws

Health Data Regulations • Need for Data Segmentation (tokenization,

encryption or masking)

• Extra Sensitive Data (drug abuse, HIV codes, sex abuse and more)

Ponemon Institute “Big Data Analytics in Cyber Defense”

• 61 percent will solve pressing security issues

• Only 35 percent currently have security solutions

35

Balancing security and data insight

Tug of war between security and data insight

Big Data is designed for access, not security

Privacy regulations require de-identification which creates problems with privileged users in an access control security model

Only way to truly protect data is to provide data-level protection

Traditional means of security don’t offer granular protection that allows for seamless data use

36

The Solution is

Finally Here37

38

The Solution - Preventing Misuse of Data

Hackers

PrivilegedUsers

UnvettedApplications

Ad Hoc

Processes

Application

DataProtection

Policy

User

Data Misuse Prevention

Attackers

Administrators

Issued Patents

Selective Data Protection

39

Support Business Applications

2 %

8%

90%

PAN

6 digits clear

4 digits clear

6 digits encoded

98 %Applicationtransparent

2 % Applicationchanges

AccessRight Level

Risk

TraditionalAccessControl

IMore

ILess

High

Low

How can we handle the Risk with Big Data?

40

Data Tokens

CreativityHappens

At the edge

Small Data Big Data

41

Securing the Data Flow

HDFS(Hadoop Distributed File System)

MapReduce (Job Scheduling/Execution System)

Hbase (Column DB)

Pig (Data Flow) Hive (SQL) Sqoop

ETL Tools BI Reporting RDBMS

Legacy Systems Big Data Legacy Systems

42

Support Data Classification and Analytics

Secured Data Fields (encoded)

Encrypted FileData in Clear

Application

43

Big Data

The Process of Automating Security for Big Data

Discover sensitive data

ImplementSolution

Control usage of sensitive

data

Understand

Secure

Monitor

Lock down sensitive data

Integrate

SUMMARY

44

Big Data Security Problem - Summary

Traditional security solutions cannot bridge the gaps between

1. Data breach protection and compliance

2. Provide powerful analysis and data insight

3. Utilize the power of a big data environment.

45

Proactive Data Protection for Big Data

Know your data flow• Protect the data flow - including legacy systems

Protecting your data now could save big time and $ in retroactive security later

• Breaches and audits are on the rise – Organizations that fail to act now risk losing their hard earned investments.

Granular data protection is cost effective • Addressing regulations and data breaches• Data available for analytics and other usage

• Provide separation of duties for administrative functions

Catch abnormal access to data• Including (compromised) insider accounts

46