SlideShare a Scribd company logo

ASGARD Splunk Conf 2016

K
Keith Kraus

The document discusses using interactive event graphs and Spark to scale security investigations. It describes how Graphistry uses event graphs visualized through GPUs to provide scalable views of relationships and patterns across billions of events. An example is given of using this approach for incident response by constructing an event graph to analyze the spread of a botnet outbreak.

1 of 26
Downloaded 12 times
Copyright  ©  2016  Splunk  Inc.   Scaling  Security  Inves<ga<ons  With   Interac<ve  Event  Graphs  &  Spark   Leo  Meyerovich   CEO/Co-­‐founder,  Graphistry   Joshua  PaKerson   Principal  Data  Scien<st,  Accenture  Tech  Labs  
36 Billion Alerts Per Year 100 Million Alerts Per Day 3 Billion Alerts Per Month How do we scale visibility around any individual alert? Alert counts from one enterprise security team ?
TALK:  Architecture  &  Prac<ce  Of  Visualizing  Events  @  Scale   Splunk/Spark/Graphistry  à  Security  Event  Graphs   Fraud: Tracking Embezzlers Hunting: Daily Anomalies Shadow IT: Auditing Dropbox Ops: Outage Root CauseBotnet Deconstruction IR: Killchain Analysis
QUICK  DEMO   4  
About  Graphistry   5   Mission   Look  and  work  across  event  systems  with  one  intelligent  layer   Investigator BETA   •  Inves<ga<on  <er  with  Splunk  connector   •  Increase  visibility  &  automa<on  in  inves<ga<ons   •  Handle  increasingly  large  and  diverse  data  sources   Founding Team   Spun  out  of  UC  Berkeley  parlab  in  2014   Core Technology   Smart  &  scalable  visual  querying  powered  by     GPUs,  language  design,  and  unsupervised  learning  
Silicon  Valley   • Digital  Experiences   • Ar<ficial  Intelligence   • Pla`orms  &  Systems     Washington  DC   •  Security     Dublin   • Ar<ficial  Intelligence   Sophia  An8polis   • Industry  Innova<on  (FS  &  Resources)     Beijing   • Industrial  Internet   Bangalore   • Soeware  Engineering   Tel-­‐Aviv   • Security   For more than 20 years, Accenture Labs has served as the tip of the spear for technology innovation at Accenture. Over  the  last  5  years  Accenture  Labs  has:   •  Supported  300+  client  engagements  and  hosted  1100+  client  workshops       •  Published  200+  thought  leadership  pieces,  filed  110+  patent  applica<ons,  and  garnered  350+  Tier-­‐1  media  hits   Accenture  Labs:  Expanding  Global  Presence   6 Copyright © 2016 Accenture All rights reserved.
Agenda   7   ASGARD  End-­‐to-­‐End  Architecture     Big  data  rethink  with  Splunk,  Spark,  &  Graphistry     Hun<ng  Demo:  Notebooks  for  anomaly  analysis     Visual  Science:  Event  graphs  for  scalable  views  (+  GPUs!)     Incident  Response  Demo:  Botnet  outbreak      
Who  Visually  Analyzes  &  How?   8 Escalation Chain Freeform Notebooks Premade Playbooks Search Apps Workflow automation SOC “triage” Response “dig” Forensics & Hunting “dig deep” Today’s Topic
Accenture  ASGARD:  Rethinking  Cyber  Security  Analy<cs  Hun<ng   9   Enable  Incubate  Discover   Intellectual asset licensing Joint Ventures Products in- sourced for scale up Intellectual assets insourced for development Insourced ideas & technologies Out  to   Market   Scale ASGARD   Streaming   Storage   Analy8cs   Visualiza8on   Interac8on   Copyright © 2016 Accenture All rights reserved.
Accenture  Labs  ASGARD  Pla`orm   10 Copyright © 2016 Accenture All rights reserved. Ingest Event Processing Storage NotebooksQuery Layer Data Sources Visual Tier SQL Streaming py FIRST  DEPLOYMENT   •  100-­‐400M  events/day   GOALS   •  Scalable   •  Interac8ve,  Real-­‐Time   •  Affordable   THEMES   •  OSS  Distributed  In-­‐Memory   •  GPUs   •  Events/Graphs  
ASGARD  Accelera<on  Benchmarks   11   Everyday  Scenario   Time   Period   Without   ASGARD   With   ASGARD   ASGARD’s  Speed   Improvement   1 Network  communica<on  lookup,  from  one  host  (IP)  to   mul<ple  hosts  (IPs)   1  Day   3h  20m  13s   1m  44s   114  Times  Faster   1  Week   Not  Feasible   4m  05s   2 Failed  logon  aKempts  lookup  for  ac<ve  directory   1  Day   18m  26s   1m  37s   10  Times  Faster   1  Week   2h  13m  45s   3m  10s   41  Times  Faster   3 Looking  for  malware  (exe)  in  the  Symantec  logs   1  Day   3h  24m  36s   1m  37s   125  Times  Faster   1  Week   Not  Feasible   1m  37s   4 Proxy  Logs  Lookup  (looking  for  specific  domain)   1  Day   4h  30m  13s   2m  54s   92  Times  Faster   1  Week   Not  Feasible   1m  09s  
Building  For  The  Long-­‐term:  Innova<on  Cycle   12 Customize,     create,  and  iterate   DATA SCIENCE ARCHITECTUREArchitecture Data Visualization Analytics Copyright © 2016 Accenture All rights reserved.
Hun<ng  Demo  (5min):  Notebook  For  Daily  Anomalies   13  
Agenda   ASGARD  End-­‐to-­‐End  Architecture     Big  data  rethink  with  Splunk,  Spark,  &  Graphistry     Hun<ng  Demo:  Notebooks  for  anomaly  analysis     Visual  Science:  Event  graphs  for  scalable  views  (+  GPUs!)     Incident  Response  Demo:  Botnet  outbreak   14  
Why  Graph  Visualiza<ons?   15  
GOAL:  Security  Visualiza<on  For  The  Data  Era     Scale  visuals  to  modern  enterprises     1  million  devices  under  management     Billions  of  events  between  them     Reveal  paKerns  &  outliers       Explore  at  speed  of  thought     Code  less;  easily  pivot  &  drill     Responsive:  10ms  –  1s   16 Relevant   Interac<ve  
Lists  Do  Not  Visually  Scale     Text  search  is  a  great   star<ng  point!   17   Do  not  scale   Do  not  see  the  30K+   events  nor  the  IPs,   users,  nor  how     they  relate…  
Bar  Charts  Hide  Rela<onships   18 ? •  Good  for  summaries!   •  But  not:  rela<onships,     paKerns,  outliers   •  But  not:  individual  items  
Event  Graphs:  A  Key  Missing  View   19 Unified  Model   •  Describes  en<<es  &  links,  e.g.,  events   •  Mul<purpose:  connect,  see,  interact     Visual   •  Spot  rela<onships,  paKerns,  outliers   •  Inspect  individual  items   •  Work  at  enterprise  scale  
Different  Graphs  for  Different  Scales,  Ques<ons   20   Uni   Ex:  Network  mapping   “What  services  use  this?”   ip ip Hyper   Ex:  Incident  Response   “Did  this  escalate?”   ip user  event   event   user   Mul<   Ex:  SSH  trails   “Is  a  user  crossing  zones?”   ip user   user  ip ip
Graphistry’s  GPU  Pla`orm:   Scale  &  Accelerate  The  Visual  Analy<cs  Tier   21 Optimized networking GPU analysis & MLGPU rendering (No JavaScript!) GovCloud
GPUs:  Accelerate  Every  Component  10X+   Interac<ve  Rendering   1+  million  en<<es:  100X+  over  D3.js     Meaningful  Viz:  Layout  &  ML   Smart  clustering,  coloring,  sizing:  50X+  over   Gephi     Interac<ve  Analy<cs   Quickly  drill  down:     1  NVidia  Tesla  K80  =  ~9  TFLOPS     22  
Sample  Speedup:  Interac<ve  Clustering     60X  more  data  than  Gephi     Itera<ve  clustering:  pure  GPU     GPU  in  server  via     Node-­‐OpenCL,  Nvidia  Docker     23   0.1 1 10 100 500K 1.0M 1.5M Graph Size: # Nodes + # Edges 20 Frames per second
Demo:  Botnet  Inves<ga<on  (7min)   24  
Lessons  Learned   ASGARD     •  Rethink  security  pla`orm  for  scale,  speed,  cost   •  Innova<on  process  for  next-­‐gen  SIEM  flow     Graphistry   •  Event  graphs:  unify  tools;  explore  behavior  at  scale   •  Inves<ga<on  <er:  increase  visibility  &  streamline  pivots  
THANK  YOU   We’re  hiring  engineers  +  seeking  innova<on  partners!   Leo Meyerovich info@graphistry.com Joshua Patterson joshua.patterson@accenture.com G R A P H I S T RY
Ad

Recommended

RAPIDS: GPU-Accelerated ETL and Feature Engineering
RAPIDS: GPU-Accelerated ETL and Feature EngineeringRAPIDS: GPU-Accelerated ETL and Feature Engineering
RAPIDS: GPU-Accelerated ETL and Feature Engineering
Keith Kraus
 
GPU-Accelerating UDFs in PySpark with Numba and PyGDF
GPU-Accelerating UDFs in PySpark with Numba and PyGDFGPU-Accelerating UDFs in PySpark with Numba and PyGDF
GPU-Accelerating UDFs in PySpark with Numba and PyGDF
Keith Kraus
 
RAPIDS – Open GPU-accelerated Data Science
RAPIDS – Open GPU-accelerated Data ScienceRAPIDS – Open GPU-accelerated Data Science
RAPIDS – Open GPU-accelerated Data Science
Data Works MD
 
Rapids: Data Science on GPUs
Rapids: Data Science on GPUsRapids: Data Science on GPUs
Rapids: Data Science on GPUs
inside-BigData.com
 
Accelerating Data Science With GPUs
Accelerating Data Science With GPUsAccelerating Data Science With GPUs
Accelerating Data Science With GPUs
iguazio
 
Open Source RAPIDS GPU Platform to Accelerate Predictive Data Analytics
Open Source RAPIDS GPU Platform to Accelerate Predictive Data AnalyticsOpen Source RAPIDS GPU Platform to Accelerate Predictive Data Analytics
Open Source RAPIDS GPU Platform to Accelerate Predictive Data Analytics
inside-BigData.com
 
Performance Analysis of Apache Spark and Presto in Cloud Environments
Performance Analysis of Apache Spark and Presto in Cloud EnvironmentsPerformance Analysis of Apache Spark and Presto in Cloud Environments
Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks
 
Observing Intraday Indicators Using Real-Time Tick Data on Apache Superset an...
Observing Intraday Indicators Using Real-Time Tick Data on Apache Superset an...Observing Intraday Indicators Using Real-Time Tick Data on Apache Superset an...
Observing Intraday Indicators Using Real-Time Tick Data on Apache Superset an...
DataWorks Summit
 
GPU 101: The Beast In Data Centers
GPU 101: The Beast In Data CentersGPU 101: The Beast In Data Centers
GPU 101: The Beast In Data Centers
Rommel Garcia
 
Very large scale distributed deep learning on BigDL
Very large scale distributed deep learning on BigDLVery large scale distributed deep learning on BigDL
Very large scale distributed deep learning on BigDL
DESMOND YUEN
 
State of the Art Robot Predictive Maintenance with Real-time Sensor Data
State of the Art Robot Predictive Maintenance with Real-time Sensor DataState of the Art Robot Predictive Maintenance with Real-time Sensor Data
State of the Art Robot Predictive Maintenance with Real-time Sensor Data
Mathieu Dumoulin
 
Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...
Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...
Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...
Mathieu Dumoulin
 
Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...
Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...
Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...
VMware Tanzu
 
The Potential of GPU-driven High Performance Data Analytics in Spark
The Potential of GPU-driven High Performance Data Analytics in SparkThe Potential of GPU-driven High Performance Data Analytics in Spark
The Potential of GPU-driven High Performance Data Analytics in Spark
Spark Summit
 
On-Prem Solution for the Selection of Wind Energy Models
On-Prem Solution for the Selection of Wind Energy ModelsOn-Prem Solution for the Selection of Wind Energy Models
On-Prem Solution for the Selection of Wind Energy Models
Databricks
 
MapR and Machine Learning Primer
MapR and Machine Learning PrimerMapR and Machine Learning Primer
MapR and Machine Learning Primer
Mathieu Dumoulin
 
What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3
DataWorks Summit
 
CEP - simplified streaming architecture - Strata Singapore 2016
CEP - simplified streaming architecture - Strata Singapore 2016CEP - simplified streaming architecture - Strata Singapore 2016
CEP - simplified streaming architecture - Strata Singapore 2016
Mathieu Dumoulin
 
Distributed Deep Learning on Hadoop Clusters
Distributed Deep Learning on Hadoop ClustersDistributed Deep Learning on Hadoop Clusters
Distributed Deep Learning on Hadoop Clusters
DataWorks Summit/Hadoop Summit
 
Conviva spark
Conviva sparkConviva spark
Conviva spark
Geetanjali G
 
Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...
Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...
Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...
Databricks
 
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Databricks
 
Blue Pill/Red Pill: The Matrix of Thousands of Data Streams
Blue Pill/Red Pill: The Matrix of Thousands of Data StreamsBlue Pill/Red Pill: The Matrix of Thousands of Data Streams
Blue Pill/Red Pill: The Matrix of Thousands of Data Streams
Databricks
 
Sherlock: an anomaly detection service on top of Druid
Sherlock: an anomaly detection service on top of Druid Sherlock: an anomaly detection service on top of Druid
Sherlock: an anomaly detection service on top of Druid
DataWorks Summit
 
Present & Future of Greenplum Database A massively parallel Postgres Database...
Present & Future of Greenplum Database A massively parallel Postgres Database...Present & Future of Greenplum Database A massively parallel Postgres Database...
Present & Future of Greenplum Database A massively parallel Postgres Database...
VMware Tanzu
 
GOAI: GPU-Accelerated Data Science DataSciCon 2017
GOAI: GPU-Accelerated Data Science DataSciCon 2017GOAI: GPU-Accelerated Data Science DataSciCon 2017
GOAI: GPU-Accelerated Data Science DataSciCon 2017
Joshua Patterson
 
Spark, spark streaming & tachyon
Spark, spark streaming & tachyonSpark, spark streaming & tachyon
Spark, spark streaming & tachyon
Johan hong
 
Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...
Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...
Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...
Databricks
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
Splunk
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
Splunk
 
Ad

More Related Content

What's hot (20)

GPU 101: The Beast In Data Centers
GPU 101: The Beast In Data CentersGPU 101: The Beast In Data Centers
GPU 101: The Beast In Data Centers
Rommel Garcia
 
Very large scale distributed deep learning on BigDL
Very large scale distributed deep learning on BigDLVery large scale distributed deep learning on BigDL
Very large scale distributed deep learning on BigDL
DESMOND YUEN
 
State of the Art Robot Predictive Maintenance with Real-time Sensor Data
State of the Art Robot Predictive Maintenance with Real-time Sensor DataState of the Art Robot Predictive Maintenance with Real-time Sensor Data
State of the Art Robot Predictive Maintenance with Real-time Sensor Data
Mathieu Dumoulin
 
Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...
Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...
Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...
Mathieu Dumoulin
 
Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...
Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...
Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...
VMware Tanzu
 
The Potential of GPU-driven High Performance Data Analytics in Spark
The Potential of GPU-driven High Performance Data Analytics in SparkThe Potential of GPU-driven High Performance Data Analytics in Spark
The Potential of GPU-driven High Performance Data Analytics in Spark
Spark Summit
 
On-Prem Solution for the Selection of Wind Energy Models
On-Prem Solution for the Selection of Wind Energy ModelsOn-Prem Solution for the Selection of Wind Energy Models
On-Prem Solution for the Selection of Wind Energy Models
Databricks
 
MapR and Machine Learning Primer
MapR and Machine Learning PrimerMapR and Machine Learning Primer
MapR and Machine Learning Primer
Mathieu Dumoulin
 
What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3
DataWorks Summit
 
CEP - simplified streaming architecture - Strata Singapore 2016
CEP - simplified streaming architecture - Strata Singapore 2016CEP - simplified streaming architecture - Strata Singapore 2016
CEP - simplified streaming architecture - Strata Singapore 2016
Mathieu Dumoulin
 
Distributed Deep Learning on Hadoop Clusters
Distributed Deep Learning on Hadoop ClustersDistributed Deep Learning on Hadoop Clusters
Distributed Deep Learning on Hadoop Clusters
DataWorks Summit/Hadoop Summit
 
Conviva spark
Conviva sparkConviva spark
Conviva spark
Geetanjali G
 
Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...
Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...
Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...
Databricks
 
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Databricks
 
Blue Pill/Red Pill: The Matrix of Thousands of Data Streams
Blue Pill/Red Pill: The Matrix of Thousands of Data StreamsBlue Pill/Red Pill: The Matrix of Thousands of Data Streams
Blue Pill/Red Pill: The Matrix of Thousands of Data Streams
Databricks
 
Sherlock: an anomaly detection service on top of Druid
Sherlock: an anomaly detection service on top of Druid Sherlock: an anomaly detection service on top of Druid
Sherlock: an anomaly detection service on top of Druid
DataWorks Summit
 
Present & Future of Greenplum Database A massively parallel Postgres Database...
Present & Future of Greenplum Database A massively parallel Postgres Database...Present & Future of Greenplum Database A massively parallel Postgres Database...
Present & Future of Greenplum Database A massively parallel Postgres Database...
VMware Tanzu
 
GOAI: GPU-Accelerated Data Science DataSciCon 2017
GOAI: GPU-Accelerated Data Science DataSciCon 2017GOAI: GPU-Accelerated Data Science DataSciCon 2017
GOAI: GPU-Accelerated Data Science DataSciCon 2017
Joshua Patterson
 
Spark, spark streaming & tachyon
Spark, spark streaming & tachyonSpark, spark streaming & tachyon
Spark, spark streaming & tachyon
Johan hong
 
Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...
Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...
Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...
Databricks
 
GPU 101: The Beast In Data Centers
GPU 101: The Beast In Data CentersGPU 101: The Beast In Data Centers
GPU 101: The Beast In Data Centers
Rommel Garcia
 
Very large scale distributed deep learning on BigDL
Very large scale distributed deep learning on BigDLVery large scale distributed deep learning on BigDL
Very large scale distributed deep learning on BigDL
DESMOND YUEN
 
State of the Art Robot Predictive Maintenance with Real-time Sensor Data
State of the Art Robot Predictive Maintenance with Real-time Sensor DataState of the Art Robot Predictive Maintenance with Real-time Sensor Data
State of the Art Robot Predictive Maintenance with Real-time Sensor Data
Mathieu Dumoulin
 
Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...
Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...
Converged and Containerized Distributed Deep Learning With TensorFlow and Kub...
Mathieu Dumoulin
 
Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...
Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...
Pivotal Greenplum: Postgres-Based. Multi-Cloud. Built for Analytics & AI - Gr...
VMware Tanzu
 
The Potential of GPU-driven High Performance Data Analytics in Spark
The Potential of GPU-driven High Performance Data Analytics in SparkThe Potential of GPU-driven High Performance Data Analytics in Spark
The Potential of GPU-driven High Performance Data Analytics in Spark
Spark Summit
 
On-Prem Solution for the Selection of Wind Energy Models
On-Prem Solution for the Selection of Wind Energy ModelsOn-Prem Solution for the Selection of Wind Energy Models
On-Prem Solution for the Selection of Wind Energy Models
Databricks
 
MapR and Machine Learning Primer
MapR and Machine Learning PrimerMapR and Machine Learning Primer
MapR and Machine Learning Primer
Mathieu Dumoulin
 
What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3
DataWorks Summit
 
CEP - simplified streaming architecture - Strata Singapore 2016
CEP - simplified streaming architecture - Strata Singapore 2016CEP - simplified streaming architecture - Strata Singapore 2016
CEP - simplified streaming architecture - Strata Singapore 2016
Mathieu Dumoulin
 
Distributed Deep Learning on Hadoop Clusters
Distributed Deep Learning on Hadoop ClustersDistributed Deep Learning on Hadoop Clusters
Distributed Deep Learning on Hadoop Clusters
DataWorks Summit/Hadoop Summit
 
Conviva spark
Conviva sparkConviva spark
Conviva spark
Geetanjali G
 
Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...
Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...
Debugging Big Data Analytics in Apache Spark with BigDebug with Muhammad Gulz...
Databricks
 
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Databricks
 
Blue Pill/Red Pill: The Matrix of Thousands of Data Streams
Blue Pill/Red Pill: The Matrix of Thousands of Data StreamsBlue Pill/Red Pill: The Matrix of Thousands of Data Streams
Blue Pill/Red Pill: The Matrix of Thousands of Data Streams
Databricks
 
Sherlock: an anomaly detection service on top of Druid
Sherlock: an anomaly detection service on top of Druid Sherlock: an anomaly detection service on top of Druid
Sherlock: an anomaly detection service on top of Druid
DataWorks Summit
 
Present & Future of Greenplum Database A massively parallel Postgres Database...
Present & Future of Greenplum Database A massively parallel Postgres Database...Present & Future of Greenplum Database A massively parallel Postgres Database...
Present & Future of Greenplum Database A massively parallel Postgres Database...
VMware Tanzu
 
GOAI: GPU-Accelerated Data Science DataSciCon 2017
GOAI: GPU-Accelerated Data Science DataSciCon 2017GOAI: GPU-Accelerated Data Science DataSciCon 2017
GOAI: GPU-Accelerated Data Science DataSciCon 2017
Joshua Patterson
 
Spark, spark streaming & tachyon
Spark, spark streaming & tachyonSpark, spark streaming & tachyon
Spark, spark streaming & tachyon
Johan hong
 
Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...
Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...
Apache Spark-Based Stratification Library for Machine Learning Use Cases at N...
Databricks
 

Viewers also liked (20)

SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
Splunk
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
Splunk
 
EMC RecoverPoint Screenshots
EMC RecoverPoint ScreenshotsEMC RecoverPoint Screenshots
EMC RecoverPoint Screenshots
bhenderson
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
Splunk
 
EMC VPLEX Continuous availability and non disruptive
EMC VPLEX Continuous availability and non disruptiveEMC VPLEX Continuous availability and non disruptive
EMC VPLEX Continuous availability and non disruptive
solarisyougood
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
Splunk
 
Using the Splunk Java SDK
Using the Splunk Java SDKUsing the Splunk Java SDK
Using the Splunk Java SDK
Damien Dallimore
 
Making Pretty Charts in Splunk
Making Pretty Charts in SplunkMaking Pretty Charts in Splunk
Making Pretty Charts in Splunk
Splunk
 
Bechtel Customer Presentation
Bechtel Customer PresentationBechtel Customer Presentation
Bechtel Customer Presentation
Splunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 
Splunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better CodeSplunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better Code
Philipp Drieger
 
Emc recoverpoint technical
Emc recoverpoint technicalEmc recoverpoint technical
Emc recoverpoint technical
solarisyougood
 
Splunk資安智慧分析平台
Splunk資安智慧分析平台Splunk資安智慧分析平台
Splunk資安智慧分析平台
Ching-Lin Tao
 
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Etu Solution
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
Splunk
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
3Com 3C0VG60005-06
3Com 3C0VG60005-063Com 3C0VG60005-06
3Com 3C0VG60005-06
savomir
 
Programa apepa abril 2017
Programa apepa abril 2017Programa apepa abril 2017
Programa apepa abril 2017
apepasm
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
Splunk
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
Splunk
 
EMC RecoverPoint Screenshots
EMC RecoverPoint ScreenshotsEMC RecoverPoint Screenshots
EMC RecoverPoint Screenshots
bhenderson
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
Splunk
 
EMC VPLEX Continuous availability and non disruptive
EMC VPLEX Continuous availability and non disruptiveEMC VPLEX Continuous availability and non disruptive
EMC VPLEX Continuous availability and non disruptive
solarisyougood
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
Splunk
 
Using the Splunk Java SDK
Using the Splunk Java SDKUsing the Splunk Java SDK
Using the Splunk Java SDK
Damien Dallimore
 
Making Pretty Charts in Splunk
Making Pretty Charts in SplunkMaking Pretty Charts in Splunk
Making Pretty Charts in Splunk
Splunk
 
Bechtel Customer Presentation
Bechtel Customer PresentationBechtel Customer Presentation
Bechtel Customer Presentation
Splunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 
Splunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better CodeSplunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better Code
Philipp Drieger
 
Emc recoverpoint technical
Emc recoverpoint technicalEmc recoverpoint technical
Emc recoverpoint technical
solarisyougood
 
Splunk資安智慧分析平台
Splunk資安智慧分析平台Splunk資安智慧分析平台
Splunk資安智慧分析平台
Ching-Lin Tao
 
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Etu Solution
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
Splunk
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
3Com 3C0VG60005-06
3Com 3C0VG60005-063Com 3C0VG60005-06
3Com 3C0VG60005-06
savomir
 
Programa apepa abril 2017
Programa apepa abril 2017Programa apepa abril 2017
Programa apepa abril 2017
apepasm
 
Ad

Similar to ASGARD Splunk Conf 2016 (20)

December 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over HadoopDecember 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over Hadoop
Yahoo Developer Network
 
The Future of Data Science
The Future of Data ScienceThe Future of Data Science
The Future of Data Science
DataWorks Summit
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
Splunk
 
Cloud Experience: Data-driven Applications Made Simple and Fast
Cloud Experience: Data-driven Applications Made Simple and FastCloud Experience: Data-driven Applications Made Simple and Fast
Cloud Experience: Data-driven Applications Made Simple and Fast
Databricks
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
Splunk
 
Real-Time Analytics with Confluent and MemSQL
Real-Time Analytics with Confluent and MemSQLReal-Time Analytics with Confluent and MemSQL
Real-Time Analytics with Confluent and MemSQL
SingleStore
 
Splunk Sales Presentation Imagemaker 2014
Splunk Sales Presentation Imagemaker 2014Splunk Sales Presentation Imagemaker 2014
Splunk Sales Presentation Imagemaker 2014
Urena Nicolas
 
Critical Breakthroughs and Challenges in Big Data and Analytics
Critical Breakthroughs and Challenges in Big Data and AnalyticsCritical Breakthroughs and Challenges in Big Data and Analytics
Critical Breakthroughs and Challenges in Big Data and Analytics
Data Driven Innovation
 
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Codemotion
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Demi Ben-Ari
 
Architecting an Open Source AI Platform 2018 edition
Architecting an Open Source AI Platform 2018 editionArchitecting an Open Source AI Platform 2018 edition
Architecting an Open Source AI Platform 2018 edition
David Talby
 
1 Introduction to Microsoft data platform analytics for release
1 Introduction to Microsoft data platform analytics for release1 Introduction to Microsoft data platform analytics for release
1 Introduction to Microsoft data platform analytics for release
Jen Stirrup
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Demi Ben-Ari
 
Tour de France Azure PaaS 6/7 Ajouter de l'intelligence
Tour de France Azure PaaS 6/7 Ajouter de l'intelligenceTour de France Azure PaaS 6/7 Ajouter de l'intelligence
Tour de France Azure PaaS 6/7 Ajouter de l'intelligence
Alex Danvy
 
Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenz...
Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenz...Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenz...
Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenz...
HostedbyConfluent
 
Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?
Guido Schmutz
 
Architecting for change: LinkedIn's new data ecosystem
Architecting for change: LinkedIn's new data ecosystemArchitecting for change: LinkedIn's new data ecosystem
Architecting for change: LinkedIn's new data ecosystem
Yael Garten
 
Strata 2016 - Architecting for Change: LinkedIn's new data ecosystem
Strata 2016 - Architecting for Change: LinkedIn's new data ecosystemStrata 2016 - Architecting for Change: LinkedIn's new data ecosystem
Strata 2016 - Architecting for Change: LinkedIn's new data ecosystem
Shirshanka Das
 
Splunk live london_grs
Splunk live london_grsSplunk live london_grs
Splunk live london_grs
jenny_splunk
 
Google Cloud Platform: Prototype ->Production-> Planet scale
Google Cloud Platform: Prototype ->Production-> Planet scaleGoogle Cloud Platform: Prototype ->Production-> Planet scale
Google Cloud Platform: Prototype ->Production-> Planet scale
Idan Tohami
 
December 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over HadoopDecember 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over Hadoop
Yahoo Developer Network
 
The Future of Data Science
The Future of Data ScienceThe Future of Data Science
The Future of Data Science
DataWorks Summit
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
Splunk
 
Cloud Experience: Data-driven Applications Made Simple and Fast
Cloud Experience: Data-driven Applications Made Simple and FastCloud Experience: Data-driven Applications Made Simple and Fast
Cloud Experience: Data-driven Applications Made Simple and Fast
Databricks
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
Splunk
 
Real-Time Analytics with Confluent and MemSQL
Real-Time Analytics with Confluent and MemSQLReal-Time Analytics with Confluent and MemSQL
Real-Time Analytics with Confluent and MemSQL
SingleStore
 
Splunk Sales Presentation Imagemaker 2014
Splunk Sales Presentation Imagemaker 2014Splunk Sales Presentation Imagemaker 2014
Splunk Sales Presentation Imagemaker 2014
Urena Nicolas
 
Critical Breakthroughs and Challenges in Big Data and Analytics
Critical Breakthroughs and Challenges in Big Data and AnalyticsCritical Breakthroughs and Challenges in Big Data and Analytics
Critical Breakthroughs and Challenges in Big Data and Analytics
Data Driven Innovation
 
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Codemotion
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Demi Ben-Ari
 
Architecting an Open Source AI Platform 2018 edition
Architecting an Open Source AI Platform 2018 editionArchitecting an Open Source AI Platform 2018 edition
Architecting an Open Source AI Platform 2018 edition
David Talby
 
1 Introduction to Microsoft data platform analytics for release
1 Introduction to Microsoft data platform analytics for release1 Introduction to Microsoft data platform analytics for release
1 Introduction to Microsoft data platform analytics for release
Jen Stirrup
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Demi Ben-Ari
 
Tour de France Azure PaaS 6/7 Ajouter de l'intelligence
Tour de France Azure PaaS 6/7 Ajouter de l'intelligenceTour de France Azure PaaS 6/7 Ajouter de l'intelligence
Tour de France Azure PaaS 6/7 Ajouter de l'intelligence
Alex Danvy
 
Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenz...
Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenz...Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenz...
Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenz...
HostedbyConfluent
 
Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?
Guido Schmutz
 
Architecting for change: LinkedIn's new data ecosystem
Architecting for change: LinkedIn's new data ecosystemArchitecting for change: LinkedIn's new data ecosystem
Architecting for change: LinkedIn's new data ecosystem
Yael Garten
 
Strata 2016 - Architecting for Change: LinkedIn's new data ecosystem
Strata 2016 - Architecting for Change: LinkedIn's new data ecosystemStrata 2016 - Architecting for Change: LinkedIn's new data ecosystem
Strata 2016 - Architecting for Change: LinkedIn's new data ecosystem
Shirshanka Das
 
Splunk live london_grs
Splunk live london_grsSplunk live london_grs
Splunk live london_grs
jenny_splunk
 
Google Cloud Platform: Prototype ->Production-> Planet scale
Google Cloud Platform: Prototype ->Production-> Planet scaleGoogle Cloud Platform: Prototype ->Production-> Planet scale
Google Cloud Platform: Prototype ->Production-> Planet scale
Idan Tohami
 
Ad

Recently uploaded (20)

Reagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptxReagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptx
AlejandroOdio
 
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Journal of Soft Computing in Civil Engineering
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
charlesdick1345
 
fluke dealers in bangalore..............
fluke dealers in bangalore..............fluke dealers in bangalore..............
fluke dealers in bangalore..............
Haresh Vaswani
 
Mathematical foundation machine learning.pdf
Mathematical foundation machine learning.pdfMathematical foundation machine learning.pdf
Mathematical foundation machine learning.pdf
TalhaShahid49
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITYADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ijscai
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
some basics electrical and electronics knowledge
some basics electrical and electronics knowledgesome basics electrical and electronics knowledge
some basics electrical and electronics knowledge
nguyentrungdo88
 
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G..."Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
Infopitaara
 
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Journal of Soft Computing in Civil Engineering
 
15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...
IJCSES Journal
 
Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Smart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineeringSmart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineering
rushikeshnavghare94
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
π0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalizationπ0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalization
NABLAS株式会社
 
Value Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous SecurityValue Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous Security
Marc Hornbeek
 
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdffive-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
AdityaSharma944496
 
Reagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptxReagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptx
AlejandroOdio
 
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Journal of Soft Computing in Civil Engineering
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
charlesdick1345
 
fluke dealers in bangalore..............
fluke dealers in bangalore..............fluke dealers in bangalore..............
fluke dealers in bangalore..............
Haresh Vaswani
 
Mathematical foundation machine learning.pdf
Mathematical foundation machine learning.pdfMathematical foundation machine learning.pdf
Mathematical foundation machine learning.pdf
TalhaShahid49
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITYADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ijscai
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
some basics electrical and electronics knowledge
some basics electrical and electronics knowledgesome basics electrical and electronics knowledge
some basics electrical and electronics knowledge
nguyentrungdo88
 
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G..."Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
Infopitaara
 
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Structural Response of Reinforced Self-Compacting Concrete Deep Beam Using Fi...
Journal of Soft Computing in Civil Engineering
 
15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...
IJCSES Journal
 
Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Smart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineeringSmart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineering
rushikeshnavghare94
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
π0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalizationπ0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalization
NABLAS株式会社
 
Value Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous SecurityValue Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous Security
Marc Hornbeek
 
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdffive-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
AdityaSharma944496
 

ASGARD Splunk Conf 2016

  • 1. Copyright  ©  2016  Splunk  Inc.   Scaling  Security  Inves<ga<ons  With   Interac<ve  Event  Graphs  &  Spark   Leo  Meyerovich   CEO/Co-­‐founder,  Graphistry   Joshua  PaKerson   Principal  Data  Scien<st,  Accenture  Tech  Labs  
  • 2. 36 Billion Alerts Per Year 100 Million Alerts Per Day 3 Billion Alerts Per Month How do we scale visibility around any individual alert? Alert counts from one enterprise security team ?
  • 3. TALK:  Architecture  &  Prac<ce  Of  Visualizing  Events  @  Scale   Splunk/Spark/Graphistry  à  Security  Event  Graphs   Fraud: Tracking Embezzlers Hunting: Daily Anomalies Shadow IT: Auditing Dropbox Ops: Outage Root CauseBotnet Deconstruction IR: Killchain Analysis
  • 5. About  Graphistry   5   Mission   Look  and  work  across  event  systems  with  one  intelligent  layer   Investigator BETA   •  Inves<ga<on  <er  with  Splunk  connector   •  Increase  visibility  &  automa<on  in  inves<ga<ons   •  Handle  increasingly  large  and  diverse  data  sources   Founding Team   Spun  out  of  UC  Berkeley  parlab  in  2014   Core Technology   Smart  &  scalable  visual  querying  powered  by     GPUs,  language  design,  and  unsupervised  learning  
  • 6. Silicon  Valley   • Digital  Experiences   • Ar<ficial  Intelligence   • Pla`orms  &  Systems     Washington  DC   •  Security     Dublin   • Ar<ficial  Intelligence   Sophia  An8polis   • Industry  Innova<on  (FS  &  Resources)     Beijing   • Industrial  Internet   Bangalore   • Soeware  Engineering   Tel-­‐Aviv   • Security   For more than 20 years, Accenture Labs has served as the tip of the spear for technology innovation at Accenture. Over  the  last  5  years  Accenture  Labs  has:   •  Supported  300+  client  engagements  and  hosted  1100+  client  workshops       •  Published  200+  thought  leadership  pieces,  filed  110+  patent  applica<ons,  and  garnered  350+  Tier-­‐1  media  hits   Accenture  Labs:  Expanding  Global  Presence   6 Copyright © 2016 Accenture All rights reserved.
  • 7. Agenda   7   ASGARD  End-­‐to-­‐End  Architecture     Big  data  rethink  with  Splunk,  Spark,  &  Graphistry     Hun<ng  Demo:  Notebooks  for  anomaly  analysis     Visual  Science:  Event  graphs  for  scalable  views  (+  GPUs!)     Incident  Response  Demo:  Botnet  outbreak      
  • 8. Who  Visually  Analyzes  &  How?   8 Escalation Chain Freeform Notebooks Premade Playbooks Search Apps Workflow automation SOC “triage” Response “dig” Forensics & Hunting “dig deep” Today’s Topic
  • 9. Accenture  ASGARD:  Rethinking  Cyber  Security  Analy<cs  Hun<ng   9   Enable  Incubate  Discover   Intellectual asset licensing Joint Ventures Products in- sourced for scale up Intellectual assets insourced for development Insourced ideas & technologies Out  to   Market   Scale ASGARD   Streaming   Storage   Analy8cs   Visualiza8on   Interac8on   Copyright © 2016 Accenture All rights reserved.
  • 10. Accenture  Labs  ASGARD  Pla`orm   10 Copyright © 2016 Accenture All rights reserved. Ingest Event Processing Storage NotebooksQuery Layer Data Sources Visual Tier SQL Streaming py FIRST  DEPLOYMENT   •  100-­‐400M  events/day   GOALS   •  Scalable   •  Interac8ve,  Real-­‐Time   •  Affordable   THEMES   •  OSS  Distributed  In-­‐Memory   •  GPUs   •  Events/Graphs  
  • 11. ASGARD  Accelera<on  Benchmarks   11   Everyday  Scenario   Time   Period   Without   ASGARD   With   ASGARD   ASGARD’s  Speed   Improvement   1 Network  communica<on  lookup,  from  one  host  (IP)  to   mul<ple  hosts  (IPs)   1  Day   3h  20m  13s   1m  44s   114  Times  Faster   1  Week   Not  Feasible   4m  05s   2 Failed  logon  aKempts  lookup  for  ac<ve  directory   1  Day   18m  26s   1m  37s   10  Times  Faster   1  Week   2h  13m  45s   3m  10s   41  Times  Faster   3 Looking  for  malware  (exe)  in  the  Symantec  logs   1  Day   3h  24m  36s   1m  37s   125  Times  Faster   1  Week   Not  Feasible   1m  37s   4 Proxy  Logs  Lookup  (looking  for  specific  domain)   1  Day   4h  30m  13s   2m  54s   92  Times  Faster   1  Week   Not  Feasible   1m  09s  
  • 12. Building  For  The  Long-­‐term:  Innova<on  Cycle   12 Customize,     create,  and  iterate   DATA SCIENCE ARCHITECTUREArchitecture Data Visualization Analytics Copyright © 2016 Accenture All rights reserved.
  • 13. Hun<ng  Demo  (5min):  Notebook  For  Daily  Anomalies   13  
  • 14. Agenda   ASGARD  End-­‐to-­‐End  Architecture     Big  data  rethink  with  Splunk,  Spark,  &  Graphistry     Hun<ng  Demo:  Notebooks  for  anomaly  analysis     Visual  Science:  Event  graphs  for  scalable  views  (+  GPUs!)     Incident  Response  Demo:  Botnet  outbreak   14  
  • 16. GOAL:  Security  Visualiza<on  For  The  Data  Era     Scale  visuals  to  modern  enterprises     1  million  devices  under  management     Billions  of  events  between  them     Reveal  paKerns  &  outliers       Explore  at  speed  of  thought     Code  less;  easily  pivot  &  drill     Responsive:  10ms  –  1s   16 Relevant   Interac<ve  
  • 17. Lists  Do  Not  Visually  Scale     Text  search  is  a  great   star<ng  point!   17   Do  not  scale   Do  not  see  the  30K+   events  nor  the  IPs,   users,  nor  how     they  relate…  
  • 18. Bar  Charts  Hide  Rela<onships   18 ? •  Good  for  summaries!   •  But  not:  rela<onships,     paKerns,  outliers   •  But  not:  individual  items  
  • 19. Event  Graphs:  A  Key  Missing  View   19 Unified  Model   •  Describes  en<<es  &  links,  e.g.,  events   •  Mul<purpose:  connect,  see,  interact     Visual   •  Spot  rela<onships,  paKerns,  outliers   •  Inspect  individual  items   •  Work  at  enterprise  scale  
  • 20. Different  Graphs  for  Different  Scales,  Ques<ons   20   Uni   Ex:  Network  mapping   “What  services  use  this?”   ip ip Hyper   Ex:  Incident  Response   “Did  this  escalate?”   ip user  event   event   user   Mul<   Ex:  SSH  trails   “Is  a  user  crossing  zones?”   ip user   user  ip ip
  • 21. Graphistry’s  GPU  Pla`orm:   Scale  &  Accelerate  The  Visual  Analy<cs  Tier   21 Optimized networking GPU analysis & MLGPU rendering (No JavaScript!) GovCloud
  • 22. GPUs:  Accelerate  Every  Component  10X+   Interac<ve  Rendering   1+  million  en<<es:  100X+  over  D3.js     Meaningful  Viz:  Layout  &  ML   Smart  clustering,  coloring,  sizing:  50X+  over   Gephi     Interac<ve  Analy<cs   Quickly  drill  down:     1  NVidia  Tesla  K80  =  ~9  TFLOPS     22  
  • 23. Sample  Speedup:  Interac<ve  Clustering     60X  more  data  than  Gephi     Itera<ve  clustering:  pure  GPU     GPU  in  server  via     Node-­‐OpenCL,  Nvidia  Docker     23   0.1 1 10 100 500K 1.0M 1.5M Graph Size: # Nodes + # Edges 20 Frames per second
  • 24. Demo:  Botnet  Inves<ga<on  (7min)   24  
  • 25. Lessons  Learned   ASGARD     •  Rethink  security  pla`orm  for  scale,  speed,  cost   •  Innova<on  process  for  next-­‐gen  SIEM  flow     Graphistry   •  Event  graphs:  unify  tools;  explore  behavior  at  scale   •  Inves<ga<on  <er:  increase  visibility  &  streamline  pivots  
  • 26. THANK  YOU   We’re  hiring  engineers  +  seeking  innova<on  partners!   Leo Meyerovich [email protected] Joshua Patterson [email protected] G R A P H I S T RY