Author: Mustafa Rassiwala, Director of Product Management, Security Analytics
Platfora Big Data Discovery and the Cloudera EDH for Cybersecurity combine to provide a powerful solution that addresses the major challenges that businesses face in taking on their growing security risks.
With cyber attacks growing both in frequency and sophistication, the need for enhanced cybersecurity capabilities has become an urgent priority for many organizations. Businesses are increasingly turning to big data solutions as the appropriate remedy to the growing threat. Because it handles all varieties and the largest volumes of data, Hadoop is a natural choice for organizations looking to build an enterprise security solution that can manage the widest possible range of risk.
Cloudera EDH for Cyberecurity and Platfora Big Data Discovery together address the three major security challenges that businesses face: accelerating threat mitigation, detecting advanced persistent threats, and unifying the security data platform. Platfora Big Data Discovery provides a perfect complement to the Cloudera EDHfor yberecurity, enabling fast and powerful access to Hadoop data in support of addressing these challenges.
- To detect advanced and persistent threats, Platfora’s powerful visualization capabilities drive the rapid and reliable identification of anomalies and outliers.
- Platfora’s self-service capabilities enable iterative analysis of a centralized security data environment to accelerate threat mitigation.
- Platfora’s ability to transform and connect multi-structured data for analyzing business risk supports unifying the security data platform.
Let’s take a closer look at each of these key capabilities.
Accelerating Threat Mitigation
Chief Information Security Officers (CISO’s) and their teams often lack the data and tools required for efficient incident investigation and mitigation. Information is frequently scattered among multiple systems and security analysts have to pivot across multiple data sources – ranging from network, endpoint, user behavior data, etc. to ask questions and conduct security investigations. Here’s where the Cloudera and Platfora partnership helps.
Cloudera EDH for Cyberecurity provides CISO’s and their teams a single location to analyze vast amounts of endpoint, network, cloud, and user data. By bringing all of the data together into one analytical environment, an enterprise data hub greatly speeds investigations and shortens the time required to mitigate security breaches.
Platfora’s Self Service for Analytics allows the security analyst to quickly ask and answer questions visually through its interactive Vizboards, allowing security analysts to quickly work through such a sequence and identify high-risk behavior. In fact, this extensive detective work is an iterative process, and one that requires pivoting across multiple data sources. With Platfora’s self-service and iterative capabilities, security analysts can ask multiple questions like: Who are the users making frequent connections to a non-U.S.-based server? Which users are doing this via an unusual port? Of those, which have also been associated with other odd patterns of behavior, e.g. logging in in the middle of the night?
Detecting Advanced Persistent Threats
Security Information and Event Management (SIEM) systems often fail to include all of the necessary data, or to support the full set of analytic capabilities, required to understand advanced persistent threats. As Cyber attacks become more sophisticated, deliberately working around the rules that SIEM employ to detect attacks, these systems increasingly fail to catch such threats in time.
Cloudera EDH for ecurity provides access to the full data set that need to perform the advanced analysis required to detect such threats. This broad access enables new approaches to security analytics that extend beyond traditional SIEM capabilities.
Additionally, Platfora’s ability to detect anomalies and outliers is a critical capability for performing that kind of analysis. The data points that don’t fit the normal pattern, that demonstrate that something suspicious is occurring, are there. And when performing exploratory investigation on a specific user or IP address or machine across terabytes of data, visualization is a key component for outlier detection. Platfora visualization aggregates data across terabytes of data and can represent a macro level picture for user or machine behavior through visual interactive charts. Additionally, with filtering, isolation of data points and drill-downs, security analysts can quickly identify outliers at a macro level and then drill-down to specific events.
Unifying the Security Data Platform
Up to now, businesses have not had a single, unified security data platform that can deliver cost effective, long term storage and analytics capabilities for endpoint, network, cloud, and user data.
Cloudera EDH for ecurity provides a single, scalable storage and analytics platform for complete access to endpoint, network, cloud, and user data.
Managing structured, semi-structured, and unstructured data, Platfora transforms and connects multi-structured data for analyzing risk. Platfora can parse and create structure around any kind of log or event data, enabling your business to fully leverage the Internet of Things (IoT) in performing security analytics.
Platfora enables security analysts to define schema on read, and makes it easy for them to model relationships between different log or event sources via references. With Platfora’s advanced Event References feature, security analysts can easily correlate dimension data across various kinds of fact data. For example, user data from an active directory (dimension data) can be referenced to multiple log and event sources (fact data) that contain that user reference. Security analysts can then track each user’s activity across multiple data sources sequenced by time, identifying behavioral patterns associated with different forms of risk. Platfora also provides robust ETL capabilities to create unions across logs coming from multiple devices that represent the same activity, e.g. logs from multiple firewalls.