SlideShare a Scribd company logo

Get Started with Cloudera’s Cyber Solution

Cloudera, Inc.
Cloudera, Inc.

Cloudera empowers cybersecurity innovators to proactively secure the enterprise by accelerating threat detection, investigation, and response through machine learning and complete enterprise visibility. Cloudera’s cybersecurity solution, based on Apache Spot, enables anomaly detection, behavior analytics, and comprehensive access across all enterprise data using an open, scalable platform. But what’s the easiest way to get started? Join Cloudera, StreamSets, and Arcadia Data as we show you first hand how we have made it easier to get your first use case up and running. During this session you will learn: Signs you need Cloudera’s cybersecurity solution How StreamSets can help increase enterprise visibility Providing your security analyst the right context at the right time with modern visualizations 3 things to learn: Signs you need Cloudera’s cybersecurity solution How StreamSets can help increase enterprise visibility Providing your security analyst the right context at the right time with modern visualizations

1 of 26
1© Cloudera, Inc. All rights reserved. Getting Started with Cloudera's Cyber Solution
2© Cloudera, Inc. All rights reserved. 1,000,000,000,000+ [ events per day ]
3© Cloudera, Inc. All rights reserved. Many CISO’s Have A Data Platform Challenge Security Data Storage Layer Data Governance Network Application SIEM (Signature and Correlation) Splunk (Search, Descriptive Analytics) Endpoint User Threat Intelligence 1. Storage costs limit visibility 2. Analytic costs limit insight 3. Analytic techniques insufficient to detect advanced threats 4. Investigation is a complicated, time consuming process Expensive, Proprietary, Stove Piped Archived/ Tape /Dev/ Null
4© Cloudera, Inc. All rights reserved. Advantages of Cloudera’s Platform for Cyber Cloud-Native & On-Premise Go Beyond Basic Analytics • Share data across multiple analytic processing engines • Simple search, SQL, Python, R, Scala Data Flexibility • Faster, more agile, full- fidelity data acquisition • Data portability: Open data model and open storage Cost-Effective Scalability • Elastic scale on-prem or in the cloud • Cloud-native pay-per-use and transience • Proven at big data scale Hybrid • Runs across multi-clouds & on- prem • Multi-storage over S3, HDFS, Kudu, Isilon, DSSD, etcShared Data
5© Cloudera, Inc. All rights reserved. Optimizing a SIEM with Cloudera PackagedApplications Analytic Processing (Spark, Impala, Solr) Management, Governance,Security (ClouderaManager,Cloudera Navigator) Data and Analytic Management Cloudera Data Hub Open Source Custom Apache Spot Open Data Models (HDFS, Hbase, Kudu) Ingestion (StreamSets) (On premise or Cloud) SIEM Sources Threat Intelligence Network User Endpoint
6© Cloudera, Inc. All rights reserved. Support multiple workloads with community defined Open Data Models Endpoint User Network DIVERSE DATA SOURCES SINGLE ACCESS Source: Momentum Partners Cybersecurity Snapshot April 2016
7© Cloudera, Inc. All rights reserved. A community approach to fighting cyber threats.
8© Cloudera, Inc. All rights reserved. Many applications on one shared data set and architecture Visualization & machine learning applications can share common data set & infrastructure CustomPackaged Open source is developing out machine learning (e.g. network threat detection) Open Source Build custom applications & analytics using Cloudera without having to buy new infrastructure
9© Cloudera, Inc. All rights reserved. Demo of Open Source Application • Setup ingestion pipelines from Spot community for Centrify, Windows, and Qualysis data • Create open data model tables • Use Cloudera Manager for StreamSets deployment • Store data in HDFS and prep for Impala queries • Install and deploy Arcadia Retail App from Spot community • Query data that resides in the open data model for ad-hoc analysis
Feeding a Cybersecurity Data Lake with StreamSets
Who is StreamSets? Enterprise Data DNA StreamSets Mission ~1,000,000 downloads 25% of the Fortune 500 Top-tier Investors Commercial Customers Across Verticals Empower enterprises to harness their data in motion. Products StreamSets Dataflow Performance Manager™ (DPM), StreamSets Control Hub (SCH), StreamSets Data Collector™ (SDC - open source), SDC Edge Strong Partner Ecosystem Open Source Success
Threats Happen in Real-Time Ready data for analysis in time to identify and stop threats in progress Data from varied data sources must integrate into the Open Data Model with zero code Be prepared to deal with data drift, a frequent risk to data ingestion efforts
StreamSets in a Cybersecurity Architecture
© 2017 StreamSets, Inc. All rights reserved. StreamSets Data Operations Platform
Benefits of StreamSets for Cyber Adaptable, change- resistant data ingest Faster time to insight and response Complete operational visibility and control
Arcadia Data. Proprietary and Confidential Getting Started with Arcadia Data and Cloudera’s Cyber Solution Tadd Wood, Sr. Data Scientist January 24, 2018
Arcadia Data. Proprietary and Confidential Ingestion Data Platform Analytics • Setup ingestion pipelines from Spot community for Centrify, Windows, and Qualys data • Create open data model tables • Use Cloudera Manager for StreamSets deployment • Store data in HDFS and prep for Impala queries • Install and deploy Arcadia Dashboards from Spot community • Query data that resides in the Open Data Model for ad-hoc analysis
Arcadia Data. Proprietary and Confidential Arcadia Visualization Engine The First Native Visual Analytics Platform for Big Data Arcadia Analytic Platform (Smart Acceleration™) On-Premises Drag-and-drop Visual Analytics & Dashboards HybridCloud Custom Data Applications BIG DATA OS Distributed execution, data storage, metadata, security IN-CLUSTER ANALYTICS ENGINE Scales linearly with cluster for speed and easier management WEB-BASED INTERFACE Drag & drop interface for visual analytics & app workflow DataPlatform
Arcadia Data. Proprietary and Confidential Incident Response 19 • Quickly drill across endpoints, users, and network • Real-time dashboards for critical metrics • Easily embed results into case management tools Network Endpoint User
Arcadia Data. Proprietary and Confidential Forensic Analysis 20 • Fast filtering across a well known set of attributes • Visuals that make time series analysis simpler • Graph visualization to understand relationships
Arcadia Data. Proprietary and Confidential Threat Hunting 21 • Integrate with machine learning workflows and outputs • Full access to your raw events • Ad-hoc data exploration
Arcadia Data. Proprietary and Confidential Run scripts to set up the Open Data Model tables for importing cybersecurity-related data. Download Arcadia Instant. https://www.arcadiadata.com/product/instant Use the example dashboards with Arcadia Instant. To Get Started with Arcadia Data on Cybersecurity
Arcadia Data. Proprietary and Confidential Walkthrough and Demo
Arcadia Data. Proprietary and Confidential To get started after this webinar, go here: https://www.arcadiadata.com/cyber Visit that page to get links for: ▪ Downloading Arcadia Instant ▪ Spot ODM Setup ▪ Spot Dashboards Summary of Our Cybersecurity Solution
25© Cloudera, Inc. All rights reserved. Q&A Learn more at cloudera.com/cybersecurity
26© Cloudera, Inc. All rights reserved. Thank you

More Related Content

Get Started with Cloudera’s Cyber Solution

  • 1. 1© Cloudera, Inc. All rights reserved. Getting Started with Cloudera's Cyber Solution
  • 2. 2© Cloudera, Inc. All rights reserved. 1,000,000,000,000+ [ events per day ]
  • 3. 3© Cloudera, Inc. All rights reserved. Many CISO’s Have A Data Platform Challenge Security Data Storage Layer Data Governance Network Application SIEM (Signature and Correlation) Splunk (Search, Descriptive Analytics) Endpoint User Threat Intelligence 1. Storage costs limit visibility 2. Analytic costs limit insight 3. Analytic techniques insufficient to detect advanced threats 4. Investigation is a complicated, time consuming process Expensive, Proprietary, Stove Piped Archived/ Tape /Dev/ Null
  • 4. 4© Cloudera, Inc. All rights reserved. Advantages of Cloudera’s Platform for Cyber Cloud-Native & On-Premise Go Beyond Basic Analytics • Share data across multiple analytic processing engines • Simple search, SQL, Python, R, Scala Data Flexibility • Faster, more agile, full- fidelity data acquisition • Data portability: Open data model and open storage Cost-Effective Scalability • Elastic scale on-prem or in the cloud • Cloud-native pay-per-use and transience • Proven at big data scale Hybrid • Runs across multi-clouds & on- prem • Multi-storage over S3, HDFS, Kudu, Isilon, DSSD, etcShared Data
  • 5. 5© Cloudera, Inc. All rights reserved. Optimizing a SIEM with Cloudera PackagedApplications Analytic Processing (Spark, Impala, Solr) Management, Governance,Security (ClouderaManager,Cloudera Navigator) Data and Analytic Management Cloudera Data Hub Open Source Custom Apache Spot Open Data Models (HDFS, Hbase, Kudu) Ingestion (StreamSets) (On premise or Cloud) SIEM Sources Threat Intelligence Network User Endpoint
  • 6. 6© Cloudera, Inc. All rights reserved. Support multiple workloads with community defined Open Data Models Endpoint User Network DIVERSE DATA SOURCES SINGLE ACCESS Source: Momentum Partners Cybersecurity Snapshot April 2016
  • 7. 7© Cloudera, Inc. All rights reserved. A community approach to fighting cyber threats.
  • 8. 8© Cloudera, Inc. All rights reserved. Many applications on one shared data set and architecture Visualization & machine learning applications can share common data set & infrastructure CustomPackaged Open source is developing out machine learning (e.g. network threat detection) Open Source Build custom applications & analytics using Cloudera without having to buy new infrastructure
  • 9. 9© Cloudera, Inc. All rights reserved. Demo of Open Source Application • Setup ingestion pipelines from Spot community for Centrify, Windows, and Qualysis data • Create open data model tables • Use Cloudera Manager for StreamSets deployment • Store data in HDFS and prep for Impala queries • Install and deploy Arcadia Retail App from Spot community • Query data that resides in the open data model for ad-hoc analysis
  • 10. Feeding a Cybersecurity Data Lake with StreamSets
  • 11. Who is StreamSets? Enterprise Data DNA StreamSets Mission ~1,000,000 downloads 25% of the Fortune 500 Top-tier Investors Commercial Customers Across Verticals Empower enterprises to harness their data in motion. Products StreamSets Dataflow Performance Manager™ (DPM), StreamSets Control Hub (SCH), StreamSets Data Collector™ (SDC - open source), SDC Edge Strong Partner Ecosystem Open Source Success
  • 12. Threats Happen in Real-Time Ready data for analysis in time to identify and stop threats in progress Data from varied data sources must integrate into the Open Data Model with zero code Be prepared to deal with data drift, a frequent risk to data ingestion efforts
  • 14. © 2017 StreamSets, Inc. All rights reserved. StreamSets Data Operations Platform
  • 15. Benefits of StreamSets for Cyber Adaptable, change- resistant data ingest Faster time to insight and response Complete operational visibility and control
  • 16. Arcadia Data. Proprietary and Confidential Getting Started with Arcadia Data and Cloudera’s Cyber Solution Tadd Wood, Sr. Data Scientist January 24, 2018
  • 17. Arcadia Data. Proprietary and Confidential Ingestion Data Platform Analytics • Setup ingestion pipelines from Spot community for Centrify, Windows, and Qualys data • Create open data model tables • Use Cloudera Manager for StreamSets deployment • Store data in HDFS and prep for Impala queries • Install and deploy Arcadia Dashboards from Spot community • Query data that resides in the Open Data Model for ad-hoc analysis
  • 18. Arcadia Data. Proprietary and Confidential Arcadia Visualization Engine The First Native Visual Analytics Platform for Big Data Arcadia Analytic Platform (Smart Acceleration™) On-Premises Drag-and-drop Visual Analytics & Dashboards HybridCloud Custom Data Applications BIG DATA OS Distributed execution, data storage, metadata, security IN-CLUSTER ANALYTICS ENGINE Scales linearly with cluster for speed and easier management WEB-BASED INTERFACE Drag & drop interface for visual analytics & app workflow DataPlatform
  • 19. Arcadia Data. Proprietary and Confidential Incident Response 19 • Quickly drill across endpoints, users, and network • Real-time dashboards for critical metrics • Easily embed results into case management tools Network Endpoint User
  • 20. Arcadia Data. Proprietary and Confidential Forensic Analysis 20 • Fast filtering across a well known set of attributes • Visuals that make time series analysis simpler • Graph visualization to understand relationships
  • 21. Arcadia Data. Proprietary and Confidential Threat Hunting 21 • Integrate with machine learning workflows and outputs • Full access to your raw events • Ad-hoc data exploration
  • 22. Arcadia Data. Proprietary and Confidential Run scripts to set up the Open Data Model tables for importing cybersecurity-related data. Download Arcadia Instant. https://www.arcadiadata.com/product/instant Use the example dashboards with Arcadia Instant. To Get Started with Arcadia Data on Cybersecurity
  • 23. Arcadia Data. Proprietary and Confidential Walkthrough and Demo
  • 24. Arcadia Data. Proprietary and Confidential To get started after this webinar, go here: https://www.arcadiadata.com/cyber Visit that page to get links for: ▪ Downloading Arcadia Instant ▪ Spot ODM Setup ▪ Spot Dashboards Summary of Our Cybersecurity Solution
  • 25. 25© Cloudera, Inc. All rights reserved. Q&A Learn more at cloudera.com/cybersecurity
  • 26. 26© Cloudera, Inc. All rights reserved. Thank you