ProtectWise Revolutionizes Enterprise Network Security in the Cloud with DataStax Platform
Download as PPTX, PDF2 likes1,618 views
ProtectWise has revolutionized enterprise network security with its Security DVR Platform, which combines detection, visibility, and response capabilities into a single cloud-based solution. The Platform ingests and analyzes massive amounts of network data using technologies like Cassandra, Solr, and stream processing to detect threats, gain network visibility, and power responsive analytics over days, months, and years of historical data. A demo of the Security DVR Visualizer was provided.
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with DataStax Platform
- 1. ProtectWise Revolutionizes Enterprise Network Security in the Cloud with DataStax Platform Gene Stevens Co-founder & CTO [email protected] Thank you for joining. We will begin shortly. Eric Stevens Principle Architect [email protected]
- 3. All attendees placed on mute Input questions at any time using the online interface Webinar Housekeeping
- 4. © 2015 DataStax, All Rights Reserved. 4 Founded April 2013 Based in Denver Enterprise Network Security Launched March 2015 About ProtectWise
- 5. The Enterprise Network Security Problem © 2015 DataStax, All Rights Reserved. 5 • Complex threats execute over time • Point solutions overwhelm the human ability to process • Responders don’t scale, they don’t hunt and they are outmatched • Legacy technology not built for modern problems
- 6. © 2015 DataStax, All Rights Reserved. 6 The Solution The World’s First Security DVR Platform A single solution that combines Detection, Visibility and Response
- 7. © 2015 DataStax, All Rights Reserved. 7 How It Works Egress Core Cloud Remote Ingest Secure Vault Time Machine Visualizer Network Sensors Optimized Network Replay Security DVR Platform
- 8. Time Machine Analytics © 2015 DataStax, All Rights Reserved. 8 Behavioral Analytics Machine Learning Reputation Signatures Real Time Analysis +24 hours +1 month +6 months Predictive Analysis C1 C2 C3 Collective Correlation 24 hours 1 month 6 months 1 year Automated Retrospective Analysis Network Traffic
- 9. ProtectWise Demo © 2015 DataStax, All Rights Reserved. 9 Security DVR Visualizer
- 10. Network Security and High Scalability Scale meets Security delivered as a Utility • Enterprise networks produce massive intel output • Real time workloads surge wildly • Latency is king • Infinite I/O • A high fidelity memory for the network in the cloud • Fault tolerant, distributed, asynchronous, parallel and concurrent © 2015 DataStax, All Rights Reserved. 10
- 11. Building a Memory for the Network © 2014 DataStax, All Rights Reserved. 11 A high fidelity Memory for the Network in the Cloud • Turning the network into a database which speaks IP • High fidelity emphasis on packets: the network does not lie • Haystack is inherently advantaged to being asked new questions • The bad guys are always one step ahead • Linear scale requirements • Constant response times
- 12. Building a Time Machine © 2014 DataStax, All Rights Reserved. 12 A massive State Machine in the Cloud with a comprehensive sense of time • Strong focus on time-series and time oriented views • Half a billion new records per day • Write demand increases with growth • Performance becomes more strict with growth • Retrospection fires tens of thousands of times per day • Constant time performance must be assumed • We need to be able to recall those records with consistent high performance • Shortening the OODA Loop (Observe, Orient, Decide, Act) improves analyst performance
- 13. Core Characteristics • Stream processing, not batch processing • Unbounded data processing • Out of order data • Accuracy and correctness • Not lambda architecture © 2015 DataStax, All Rights Reserved. 13 Stream Processing at Scale On massive I/O streams • Packet processing at Gigabits per second • Network shattering: destructuring at wire speed • Near real time threat detection • Data processing at millions of transactions per second
- 14. Cassandra at ProtectWise © 2015 DataStax, All Rights Reserved. 14 Why Cassandra • Time Series • Write optimized • Surge friendly • Cluster sophistication • Atypical data structures • Hot spots Use Cases • Network flows • Applications and protocols • Observations & Events • Context • Incident Response • Forensics
- 15. DSE Search at ProtectWise - Solr © 2015 DataStax, All Rights Reserved. 15 Why DSE Search • Solves data parity/synchronization issues • Very low effort to get online, lets us focus on core business • Enables query classes difficult to solve with Cassandra alone Use Cases • Open ended search of the entire haystack • Relationship graphing • Conversation tracing • Threat indicator history and performance • Incident Response • Forensics
- 16. Why Not RDBMS or Hadoop? © 2014 DataStax, All Rights Reserved. 16 Industry shift away from Batch to Stream RDBMS • Lack of horizontal linear scalability • Relational structures not core challenge Hadoop • Can’t answer questions in real time • We’re looking through history tens of thousands of times per day • An analyst can’t afford repeated multiple-second response times when investigating an incident: seconds matter
- 17. Analytics and Other Tech © 2014 DataStax, All Rights Reserved. 17 New TechFamiliar Tech Scala + Akka - pretty much everything Kafka - async message passing, offline queues Storm - Simple counters Spark - Historic schema processing Thrift - Tuple messaging, transport, RPC Node.js - Visualizer, customer APIs Impala - Offline threat research, operational validation Scala + Akka - All custom tech Swarm - Distributed packet delivery and processing, module containerization Streamy - Framework for streaming tuple processing Count Sumula - Advanced counters Broski - Threat engine, state machine Custom data formats - packet handling, binary protocols
- 18. Future Tech Graph databases - Edge walking, property distribution, relationship discovery, distance calculations Attack Prediction - Early warning system, organizational profiling, risk forecast, anticipation engine Asset Profiling - Unsupervised deep learning, baselining, behavioral profile shifts Deep Learning – Neural nets, supervised and unsupervised, retrospective propagation, layered intelligence, automated fitness © 2014 DataStax, All Rights Reserved. Company Confidential 18
- 19. Thank you! Input questions at any time using the online interface
Editor's Notes
- #6: It’s not that responders don’t hunt, it’s that they cannot hunt b/c of resource and tech constraints
- #11: Enterprise networks produce massive intel output Real time workloads surge wildly Latency is king Remediation follows discovery Timeliness affects usefulness Batch processing has latency baked in by design Infinite I/O Can never lose data Must scale indefinitely A high fidelity memory for the network in the cloud: The network does not lie Retrospection matters Fault tolerant, distributed, asynchronous, parallel and concurrent
- #14: “Lambda Architecture” = Streaming inaccurate results; batching for accurate results Lambda is inherently hard to synchronize: two massive distributed systems meant to agree? heh
- #16: Open ended search of the entire haystack Netflow Applications and Protocols Threat detections
- #19: Unsupervised pattern analysis Supervised classification