For things that are dearest, most important and valuable to us, we come up with ways to protect them. Insurance policies, laws, to even safe deposit boxes and the hiring of security guards are all means to safeguard whatever deemed precious to us. The introduction of General Data Protection Regulation (GDPR) protects valuable personal information of all individuals within the European Union, as the power of data is beyond imagination in present time. A timely case in point is the recent turmoil at Facebook. The data of more than 50 million Facebook users was harvested by a UK-based data mining company, Cambridge Analytica, to build psychographic profiles that were later utilized by the Trump campaign during the 2016 election for voter identifications, targeted advertisement campaigns, voter behavior predictions, and more. The result? Let’s just say the power of data is well recognized.
FUNDAMENTAL TO GDPR IS CYBERSECURITY
The compliance to the GDPR requires a comprehensive data governance strategy, and the associated challenges and solutions are perfectly summed up in our recent white paper. While the regulation is extensive and complex in its requirements, fundamental to GDPR compliance is cybersecurity. Specifically, under the regulation, entities are under legal obligation to notify the supervisory authority as well as all individuals deemed impacted adversely by a data breach, within a maximum of 72 hours after becoming aware of the attack. This extends the conversation from a narrow focus on threat prevention mechanisms, such as firewalls and endpoint security, to a broader vision that includes the complementary additions of threat detection and response. As cyber criminals become more sophisticated at figuring out standardized security and evading defenses, a shift from “reactive” to “proactive” cybersecurity strategy with the aid of technology advancement is imperative.
BUILDING PROACTIVE DETECTION AND RESPONSE SYSTEM
Gaining that “one-step-ahead” advantage against intruders is not an easy task: organizations need to utilize and analyze all data made available to them. In order to do that, they need a complete security data platform that provides the following capabilities:
- Real-time data ingestion from diverse telemetry data sources, including security endpoint devices, machine generated logs, intrusion detection system (IDS), network data, and threat intelligence feeds.
- Scalable data management and storage that deliver the desired cost and performance combination, such as a Hadoop-based data lake built out for security purposes.
- Streaming event processing engine that powers:
- data enrichment that adds contextual information to raw data
- user profiling that defines what normal behavior looks-like based on statistic models
- the detection, alerting, and prioritization of anomalies based on machine learning algorithms
- Platform extensibility that advances with the evolving needs and attacks in cybersecurity, such as pluggable data science models or software upgrades.
A BEST-OF-BREED APPROACH
To effectively combat cyber threats, companies need to employ a best-of-breed approach that centers around the best available modern technologies in big data, advanced analytics, and machine learning. Also is the need for a future-proof solution that is able to evolve with the elevating sophistication of cyber-attacks. Based on these criteria, the Hortonworks Cybersecurity Platform (HCP) powered by Apache Metron, is precisely engineered to visualize diverse, streaming security data at scale to aid enterprises in real-time detection and response to threats, with the incorporation of below core components:
- Apache Metron – a next generation SOC (security operations center) data analytics and response application that integrates a variety of open source big data technologies into a centralized tool for security monitoring and analysis. It is built out as a threat detection platform based on machine learning algorithms and anomaly detection that can be applied in real-time as events are streaming in, with the capabilities for log aggregation, full packet capture indexing, advanced behavioral analytics and data enrichment, while applying current threat-intelligence information to security telemetry within a single platform.
- Hortonworks Data Platform (HDP) – powered by Apache Hadoop, HDP is a secured, enterprise-grade big data platform that provides not only a cost-effective way to store enriched telemetry data for long periods of time, but also the corpus of data required to do feature engineering that powers discovery analytics.
- Hortonworks DataFlow (HDF) – HDF has full featured data collection capabilities that are streaming data agnostic and integrated with over 220 processors. With ingestion flows customized for the security platform, HDF enables Metron to ingest and process diverse streaming data feeds at scale, inclusive of security data feeds, logs, network metadata, and more.
PREPARE FOR WHAT THE FUTURE HOLDS
Last but not least, and maybe the most important of all, the extensibility of Hortonworks Cybersecurity Platform makes it a promising long-term solution that scales with future demands. As a 100% open-source platform, HCP expands on the company’s commitment to an open approach to software development that spurs innovation, by leveraging the knowledge, expertise, and continuous commitments from the established open-source community. Moreover, Metron provides a pluggable framework to add new custom parsers for new data sources, new enrichment services to provide more contextual info to the raw streaming data, pluggable extensions for threat intel feeds, and the ability to customize the security dashboards. Machine learning and other models can also be plugged into the real-time streams providing huge extensibility, which is crucial in ensuring progressive success in this never-ending battle against cyber criminals.
To learn more, please visit:
This content is not intended to constitute legal advice. Readers should consult with their legal counsel regarding compliance with GDPR and other laws and regulations applicable to their particular situation and intended use of any Hortonworks products and services.
Let’s block ads! (Why?)