Softnix Security Data Lake

Security Data Lake Leveraging Big Data Platform
to build stronger cyber defense
Rujirapong Ritwong
CEO, Co-founder
Softnix Technology

You Can’t Protect
What You Can’t See

IT Security need to
Visibility

(source : www.fbi.gov)
Unauthorized access
to data system
Data leakage / loss
72 %
(source : www.fbi.gov)

Way to increase your visibility

Definition
• Security Data Lake is Data Lake
appearing in the security field.
• Data Lake is a method of storing
data within Big Data system
• Security Data Lake central
location where all security data
• Similar Log Management, SIEM

Traditional Security Management
• SIEM are security monitor, log management acted as
the data store for security data.
• Technologies used 15 years ago.
• Relational databases are not well suited for large
amounts of data.
• ACID- Fast writes or fast reads, but not both
• Real time correlation (rules) engine run on single
machine.
• Not build to let other products reuse.
• Expensive for explaining

How long do you currently store event
and log data for SIEM
http://go.cyphort.com/rs/181-NTN-682/images/Cyphort-Ponemon-SIEM-Report.pdf
Retention data for compliance
ISO27001 , PCI-DSS, HIPAA, FISMA, Sarbanes-Oxley (SOX)

Unknown Events Data
Credit: Hortonworks

Comparing Security Data Lake to SIEM
Security Data Lake is not a replace for SIEM
Security Data Lake Objective;
◦ data storage
◦ data processing
◦ Purpose function of a SIEM covers

Limitation of
SIEMs
Scalability
Openness

Big Data Technology
Attempting solutions to the
TWO main problems of SIEMs

2.25x
More likely
To detect threats
Within minutes
Time to detect and identify a security
incident
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-
research-report.pdf.landing.html

Report user demand for
cybersecurity analytics on the rise
the past 12 months
71%
Organizations need to report

More information: https://www.ponemon.org/local/upload/file/Big_Data_Analytics_in_Cyber_Defense_V12.pdf
82%
Big Data Platform + Security Technologies = Stronger Cyber Defense

It’s still difficult to deploy Big Data cybersecurity analytics.

What is stopping Big Data analytics
adoption ?
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html

Of organizations say it’s
impossible to leverage Big
Data analytics with
traditional system
72%
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf.landing.html

But Security Data Lake (Hadoop based) can.
29% 72% 43%
increase data
volumes more
than 100%
increase data
processing more
than 76%
increase data
access for
analytics more
than 100%
https://www.cloudera.com/content/dam/www/marketing/resources/analyst-reports/big-data-cybersecurity-analytics-
research-report.pdf.landing.html

Top Use Case
BIG DATA
Analytics

Use Case
Vodafone UK’s new
SIEM system relies on
Apache Flume and
Apache Kafka to
ingest nearly 1 million
events per second.

Open Source
Big Data for Cybersecurity
http://spot.incubator.
apache.org

Open Source
Big Data for Cybersecurity
http://metron.apache
.org

Data feed for Security Data Lake
Security Technologies Data Non Security Data
http://go.cyphort.com/rs/181-NTN-682/images/Cyphort-Ponemon-SIEM-Report.pdf

100%
All organization use Firewall bypass Can’t monitor.
It’s Big Data.
100% 100%
DNS traffic

Optimize your SIEM
Split connection setup

Security Data lake help optimize SIEM
Cost-Effectively Increase Enterprise Visibility
Analytics Flexibility
SIEM Lock-in
Deployment Flexibility

Logger Logger Cloud
for MSP
Data PlatformAuthenticator
Logger for AWS
Logger for Azure
“Big Data Platform Company”
Collector
Edge Point
All-in-one Law Compliance Security & IT Services
Monitoring by ZABBIX
Big Data Analytics

Softnix Data Platform
Big Data Analytic Platform
Any Device
Any Platform
Dashboard & VisualizeIntegration to Enterprise
Analytic System
Softnix Data Platform
Big Data Analytic Platform

Solution of Softnix Data Platform

Architecture Softnix Data Platform
Softnix Data Platform Architecture

Capability
üSupport machine data with any type
üData extraction to analytic format
üSupport data indexing and aggregation
üFull-text search or specific search
üVisualize data for human understand
üSchedule send report to email

Our Process
Collection of
Data
Data
Enrichment
Convert into
Structured
Analysis of
Data
Virtualization
of Data

Full-Text Search & Specific search
Event Detection
Data Extraction
Visualize data

Use Case:
Authentication Monitor

Use Case:
Cloud Firewall for MSP

Multiple dashboard per project

Contact Us
www.softnix.co.th
facebook.com/softnixtech
twitter.com/softnix
medium.com/@softnix
info@softnix.co.th

Softnix Security Data Lake

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Softnix Security Data Lake (20)

Recently uploaded (20)

Softnix Security Data Lake