sinfonier storm builder for security intelligence
TRANSCRIPT
Our Employees
5
• Mostly:• Telco engineers• Computer Science• Engineers• ….• Science or Scientist people
But there also space to:
6
• Lawyers• Business
administration• Economist• Psychologist • Philologist
10
üUnfortunately yet not everyone knows to codeüFortunately everyday schools are getting it should be one more basic class
But… Why we need to code?
11
June 2015 Cover• Hot topic• +- 2020 Digital natives workforce
How we are introducing code in our kids?
16
“Apache Storm is a free and open source distributed real time computation system.Storm makes it easy to reliably process unbounded streams of data, doing for realtime processing what Hadoop did for batch processing. Storm is simple, can beused with any programming language, and is a lot of fun to use! “
http://storm.apache.org/
18
• Extremely broad set of use cases• Scalable• Guarantees no data loss• Extremely robust• Fault-tolerant• Programming language agnostic
20
Le chiffonnier est un meuble àtiroirs apparu sous la Régence. Ilest destiné à ranger le linge. Ilest le plus souvent plus haut quelarge et possède généralementun marbre en guise de dessus.
21
Sinfonier is a change in the focus in respectto current solutions in the area of processinginformation in real-time. We combine aneasy-to-use interface, modular andadaptable, and we integrate it with anadvanced technological solution to allow youto do the necessary tune up suitable for yourneeds in matters of information security.
Sinfonier is borne out of the cooperation andknowledge, where any work can be re-usedand the efforts are done in improving theprocessing and collection of the newinformation which is generated.
Advantages
29
Collaborative scheme
Enable automation through actionable intelligence thanks
to a flexible integration framework
Facilitate generation,
enrichment and dissemination of
cybersecurity data
Leverage on structured
cyber security data output
normalization
Adding Knowledge: Modules
32
• Name: Your module name. Must be UpperCamelCase
• Icon: Add an image.• Entity: In order to catalog.• Type: Choose your type of module. Spout,
Bolt and Drain. Won’t be change.• Language: Java or Python• Code: Url point to Gist.github.com• Description: Describe what you module do.• Fields: Declare your parameters.
Sharing information – The need of standards
35
• TAXII™, the Trusted Automated eXchangeof Indicator Information;
• STIX™, the Structured Threat InformationeXpression; and
• CybOX™, the Cyber Observable eXpression.
https://www.us-cert.gov/Information-Sharing-Specifications-Cybersecurity
Information Sharing Specifications forCybersecurity
But really what we see lately?
ACNS
Mostly:Not standards at all…
Automated Copyright Notice System (ACNS) 2.0
20% Rejected due to missing information
ARFAbuse Reporting Format (RFC5965)
MSS
43
Security Service Portals
InformationTelefonica´s Proprietary Technology
Technology Global Local
BIG DATASecurity Analytics Sinfonier
Threats Antifraud VulnerabilitiesTicketing
InformationSecurity Alerts
Security Web Portals OB Ticketing Tool
SIEM
Availability Information
Health Supervision
Alert s
Supervision Tool
Saqqara CA/SC
Saqqara RA
Saqqara Broker
Saqqara DashboardReal Time Dashboard with:• Executive views with critical active incidents
and ticketing information• Full overview of SLA performance and security
indicators continuously available on the web portal
• Configurable dashboards according to user needs• Document Management System
GRC• Legal and regulatory compliance
management• Risk management• Business process modeling• Business continuity management• Configurable dashboards with
management metrics and indicators
…
Global Local Local Local
Local
Local
Global
Global
Cybersecurity Services Managed Security Services
Tool
s, P
roce
sses
and
Pe
ople
Real
Tim
e Pr
oces
sing
Diff
eren
tPr
esen
tati
onsThreat Detection
Antifraud
Vulnerability Management
Global
MSS
44
kafka
saqq-avail
saqq-health-alarm
saqq-ticket
saqq-security-
alarm
Select Data Source
1
saqq-ticket
Ticket_idAlarm_id
saqq-security-alarm
Alarm_id
Detectiondate
Notificationdate
BIG DATACASSANDRA
NotificationTime =
Notification date -Detection date
Process data
2 ProduceResults
3
Saqqara Dashboard
MATCH Alarm_id
In real time
Cyber Security
45
PersistenceAnalytics
Queue
Real TimeProcessing
Ingestion
InternalInformation
DataExploitationVisualization