Slide 1

Copyright NIKSUN 2014 Using Big Data Analytics To Thwart Cyber Threats Shivank Dua

Slide 2

Slide 2 Copyright NIKSUN 2014

Slide 3

Slide 3 Copyright NIKSUN 2014

Slide 4

Slide 4 Hacking ~ 52% Threat Actions Malware ~ 40% Physical ~ 35% Social ~ 29% Verizon USSS 2013 DBIR Misuse ~ 13% Error ~ 2% Copyright NIKSUN 2014

Slide 5

Exponential Growth in Malware Slide 5 Copyright NIKSUN 2014

Slide 6

An Approach Based on Detection Theory Slide 6 Copyright NIKSUN 2014 EffectivenessEffectiveness

Slide 7

+ An Approach Based on Event Collection Slide 7 Copyright NIKSUN 2014 EffectivenessEffectiveness Create a Database for all Security Data

Slide 8

How Can We Increase Effectiveness? Slide 8 Copyright NIKSUN 2014 KnownKnown KnownKnownUnknownUnknown UnknownUnknownUnknownUnknown KnownKnown

Slide 9

Effectiveness Increases If We Can Slide 9 Copyright NIKSUN 2014 Make More of the Unknown Known

Slide 10

In The Meantime Slide 10 Copyright NIKSUN 2014 Exponential Growth in 4 Vs VolumeVelocityVarietyVariability Exponential Growth in 4 Vs Volume Velocity Variety Variability

Slide 11

Use Distributed Data Warehousing to Handle Increasing Volume Slide 11 Copyright NIKSUN 2014 Global Command & Control Regional Data Warehouse Local Data Warehouse Regional Data Warehouse Local Data Warehouse

Slide 12

Use Parallel Proc. to Handle Exponential Growth in Velocity Slide 12 Copyright NIKSUN 2014 Optimizing the Pipeline Micro Analytic Modules Atomic Results Produce Partial Results & Update Update Incrementally Molecular Results Aggregate Results Aggregate Results From Multiple Micro To Macro Modules Elemental Results Analytic Module

Slide 13

A Library of Analytic Modules & Malleable Rules Handle Variety Slide 13 Copyright NIKSUN 2014 Link Layer Analytic Module Network Layer Analytic Module Session Layer Analytic Module Application Layer Analytic Module Enterprise Level Analytic Module

Slide 14

Handles Variability Slide 14 Copyright NIKSUN 2014

Slide 15

Slide 15 Copyright NIKSUN 2014 EffectivenessEffectiveness

Slide 16

Slide 16 Copyright NIKSUN 2014 Case Study

Slide 17

Slide 17 Copyright NIKSUN 2014 Phishing & Data Leakage

Slide 18

Slide 18 Copyright NIKSUN 2014

Slide 19

Slide 19 Copyright NIKSUN 2014 Total Balance Due: $928.52

Slide 20

Slide 20 Copyright NIKSUN 2014

Slide 21

Slide 21 Copyright NIKSUN 2014

Slide 22

Slide 22 Copyright NIKSUN 2014

Slide 23

Slide 23 Copyright NIKSUN 2014

Slide 24

Slide 24 Copyright NIKSUN 2014 Targets Identified Summary Zombies Identified & Method of Breach New Vulnerability Identified New Malware Identified Exfiltration Identified

Slide 25

Slide 25 Copyright NIKSUN 2014 Case Study

Slide 26

Slide 26 Copyright NIKSUN 2014 Client Hit by DDoS Attacks from Iran As Has Been Widely Reported Several times a week the bank experienced DoS attacks Brought Down Their Network Brought Down Customer Portal Quickly Caused Financial Losses / Damage To Reputation Call Centers Were Lighting Up w/ Customer Complaints

Slide 27

Slide 27 Copyright NIKSUN 2014 HTTPS Port Carrying non- HTTPS curl Traffic

Slide 28

Slide 28 Copyright NIKSUN 2014 "GET /signon.php? df58ce7h HTTP/1.1 " 200 "- "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/2011020

Slide 29

Slide 29 Copyright NIKSUN 2014 Law Enforcement received all the data and a complete analysis within hours Summary The Denial of Service (DoS) attacks were traced back to the Middle East Consisted of a large number of geographically dispersed servers which flooded the client networks and crippling the application delivery servers with malformed requests

Slide 30

Slide 30 Copyright NIKSUN 2014 Significantly Reduce Response Time Big Data Analytics Can Provide Actionable Intelligence Provide Accurate Analytics Effectively Thwart Cyber Threats

Slide 31

NIKSUN: Helping You Know the Unknown Visit us at www.niksun.com orwww.niksun.com email to info@niksun.cominfo@niksun.com For additional information: Slide 31 Copyright NIKSUN 2014