I’m Rocky DeStefano Cloudera’s Subject Matter Expert for cybersecurity and for the majority of the last two decades I’ve explored in depth both the security vendor space and the operational side of information security for organizations in the Federal and enterprise space. My primary goal has been to detect malicious activity faster, with more accuracy and ultimately understand and communicate the impact with how the business operates. The experiences I’ve had led me to try and create solutions through technology and through leading security operations teams. I suppose it’s fair to say that my career is a product of this industry just as much as the products I’ve helped bring to market in this industry.
Cloudera’s vision for cybersecurity is to provide our customers with the best solutions spanning the entire cybersecurity analysis market whether that is custom-built applications atop of Apache Hadoop, open source solutions or through our partner’s commercial offerings. One of the more exciting aspects to me is that this can and probably should be a mixture of some/all of those options depending on the needs of your security team. Your data is ultimately your resource and it should be leveraged across the business and not locked into a single application or for a single use case. Cloudera provides the secure foundation for companies to build their data strategy around and expertly execute on that strategy. Knowing that we can offer Internet of Things (IoT) scale for ingestion, storage and analytics means we can meet the needs of the enterprise for many years to come within cybersecurity and across the entire business.
In the recent Cybersecurity Renaissance webinar we had the opportunity to discuss how Cloudera’s approach to cybersecurity has created a fundamentally more holistic and future proof approach to cybersecurity analysis for our customers. I positioned that having complete enterprise visibility in a company’s enterprise data hub is critical to performing security analysis quickly and effectively. Traditional SIEM tools were designed to handle a certain type and volume of information where an Apache Hadoop-based approach with Cloudera means you can ingest all network, endpoint, user, log, application, file/executable and contextual information in one place. The ability to have all of this varied information available at scale, means that the analytic teams finally have the data they need in a single location and are able to use all available context directly within their analytic approaches. This approach increases the fidelity of the findings, reduces the time to identify threats, supports a reduction in response time, and means the team can identify the impact of the incident to the business.
Thanks to everyone who attended the webinar for their attention and their questions to help make this discussion valuable! There were enough questions following the conversation that we thought we’d take a moment and answer a few that we didn’t have time to address. Here are some of the more popular questions that came in with my responses and where appropriate a link for additional information about that topic to help further the conversation.
Q1. Can you explain data governance from the perspective of data ownership/stewardship in Cloudera?
Apache Sentry provides policy management and Cloudera Navigator automatically maintains a full audit history and track every access attempt, right down to the user ID, IP address, and full query text. This allows you to track how data is used and changing with column-level, visual lineage to quickly identify the origin of a data set and its impact on downstream artifact
Additionally Cloudera Navigator ensures you protect all data with high-performance encryption and key management through Navigator Encrypt and Navigator Key Trustee
For more information visit: https://www.cloudera.com/products/cloudera-navigator.html and https://www.cloudera.com/products/apache-hadoop/apache-sentry.html
Q2. Topic: How does Cloudera handle ingest from sources like syslog.
Ingestion of data is obviously a key component for making use of the data within a Cloudera EDH. Apache Hadoop was designed to be able to ingest many forms of data easily and at scale. Just take a look at what our customers are doing themselves, Vodafone UK created a Cloudera Enterprise-based platform that is ingesting nearly one million security events per second and it can run multiple types of analytics processing on top of that data! Additionally Cloudera has partners that facilitate ingest of information like Rocana or StreamSets to name a couple. From a cybersecurity log ingest perspective we can leverage powerful applications like Securonix or if your interests align with open source methods please keep an eye on Open Network Insights and the associated Open Data Models.
Q3. Topic: Tell me more about Open Network Insights
Open Network Insight is an advanced threat detection solution that uses big data analytics, that perform at IoT scale, in order to provide actionable insights into operational and security threats. Running on a Cloudera enterprise data hub, ONI can analyze billions of events in order to detect unknown threats, insider threats, and gain a new level of visibility into the network. ONI is an Apache 2.0 licensed product that is available as a 1.0 today. The real power of ONI in addition to machine learning, operational analytics and scalability is the flexibility that the Open Data Model’s give you. These network, user and endpoint (and expanding) data models mean you now have the ability to easily use the same data across across multiple applications spanning cybersecurity, fraud detection, IT Operations and beyond. The ONI project contributors are dedicated to building in even more scale, flexibility and analytics with each new release.
For more information visit: http://open-network-insight.org/.
Our CEO, Tom Reilly, was quoted in Datanami about the power of ONI:http://www.datanami.com/2016/05/09/oni-may-best-hope-cyber-security-now/
Austin Leahy expanding on cybersecurity and data science through ONI: http://vision.cloudera.com/open-network-insight-changing-infosec-data-science-forever/
That’s it for now, but check back regularly as I share more insight into the cybersecurity discussion and how our customers can benefit from implementing a Cloudera enterprise data hub for Cybersecurity to enhance their security analytics approach today and for the future.
- “Cybersecurity Renaissance” Webinar Recording.
- InsideBigData article from TJ Laher on his thoughts on cybersecurity.
- More information on Cloudera’s cybersecurity offering.