Presentation is loading. Please wait.

Presentation is loading. Please wait.

Our Solutions Focus: Threat Detection and Investigation

Published byPatricia Singleton Modified over 6 years ago

Similar presentations

Presentation on theme: "Our Solutions Focus: Threat Detection and Investigation"— Presentation transcript:

1 Our Solutions Focus: Threat Detection and Investigation
Start

2 Progression of LigaData
2016 2015 Threat Detection and Investigation Solutions Integration and development of full suite of solution components 2014 Crystalized Architecture & Tech Stack Extended Lambda Architecture Launched Kamanja Engagements Fraud Compliance Risk Surveillance Cyber Security

3 Threat Detection and Investigation Process
There’s a pattern here… Detect Investigate Ingest Applies to: Unauthorized Trades Credit Card Fraud Financial Crime Insider Threats Cyber Threats Learn

4 Use Case: Unauthorized Trades
Interactive Analysis Risk Reporting Exploratory Dashboards Real-Time Threat Monitoring Behaviour Pattern Risk Scoring Abnormal Trade Behaviours Detect Investigate Ingest Structured and Unstructured Sources Trade Data Control Data P&L Counterparty Data E-communications HR data Learn Developing Algorithms Risk Models Unsupervised outlier detection

5 Use Case: Credit Card Fraud
Interactive Analysis Incident, customer, merchant, and geo-based drill-through and investigation Real-Time Transaction Authorization & Monitoring Model-based transaction scoring Rules-based authorization Detailed decision data for auditing Detect Investigate Ingest Streaming and Batch Sources Transactional Data FICO scores Web activity App activity IVR Learn Developing Algorithms Scoring Models Profiling Models

6 Use Case: Financial Crime
Interactive Analysis Link analysis on customers, payments, and transactions Social media and geo analytics Real-Time Threat Monitoring Payments screen Customer screen Transaction monitoring Watchlist filter Risk assessment Detect Investigate Ingest First- and Third- Party Sources Payments, transactions, customer information, reference data Court orders, fraud data, social media Learn Developing Algorithms Machine learning Logistic regression Dimension redux Alert prioritization

7 Use Case: Insider Threats
Interactive Analysis Risk Reporting Compliance dashboard Admin & Threshold management screens Real-Time Threat Monitoring Unusual access behavior Pattern recognition Terminated user login threat Detect Investigate Ingest Machine and Master Data Sources Application logs HR data Reference metadata Learn Developing Algorithms User and segment pattern models ”Joiner” and “Leaver” models Outlier detection models

8 Use Case: Cyber Threats
Interactive Analysis Deep incident drill-through Time series and correlation analysis Graph and geo analysis Real-Time Threat Monitoring Matching related incidents Transforming and scoring incidents Pattern analysis Detect Investigate Ingest Streaming/Batch Structured/Unstructured First-/Third-Party Machine/Master Sources Web and server logs eCommunications FS-ISAC, malware signatures HR Data Learn Developing Algorithms Supervised learning for higher SNR Unsupervised learning for outlier detection Let’s dig in…

9 The Cyber Security Landscape
90MM 70% Cyber attacks go undetected The Wall Street Journal estimated the cost of cyber crime in the US was $100 Billion Lloyds estimated that cyber attacks cost businesses $400 Billion Juniper research predicts the rapid digitization of consumers will increase the cost of cyber attacks to $2.1 Trillion According to the Wall Street Journal, BofAML reported there were 90MM cyber attacks in 2015 of which 70% went undetected

10 Historic Approach to Cyber Security: Flu Shot Defense
Company Updates Security with New Protocols New Cyber Attack Developed Security Protocols Updated Patient Takes Vaccine New Flu Strain Attacks Patient New Flu Vaccine Developed A vaccine for last year’s viruses may not help this year

11 New Approach to Cyber Security: Gene Therapy Defense
Organization Adopts Advanced Detection and Investigation Capabilities Patient Undergoes Gene Therapy Organization Immediately Defends Against Attack Organization Attacked by New Cyber Threat Patient’s Immune System Fights Off Flu New Flu Strain Attacks Patient

12 Next Advance in Cyber Security: Collective Immune System
Watch this space…

13 What are “Advanced Detection and Investigation Capabilities”?
Immediate Detection Powerful Investigation tools Effective Interfaces to manually configure rules Machine-Learning to create and adapt algorithms Fast Productionization of new algorithms Scalability to complex models and “Three Vs” of data What other capabilities do you require?

14 The LigaData Solution The Pattern The Architecture

15 Solution Architecture for Detection & Investigation Implementing the Extended Lambda Architecture
INGESTION DETECTION FOUNDATION INVESTIGATION Data and Concept Models Case Management Continuous Decisioning Graph Analysis & Visualization Data Ingestion Data Lake Models Dashboarding & Drill-Through Model Development & Execution Search Data Store Access & Control User Interface Reporting & Drill-Through Monitoring Models

16 Solution Architecture for Detection & Investigation Implementing the Extended Lambda Architecture
INGESTION DETECTION FOUNDATION INVESTIGATION Data and Concept Models Case Management Continuous Decisioning Graph Analysis & Visualization Data Ingestion Data Lake Models Dashboarding & Drill-Through Model Development & Execution Search Data Store Access & Control User Interface Reporting & Drill-Through Monitoring Models

17 Continuous Decisioning
Immediate Detection Investigation Tools Effective Interfaces Machine-Learning Fast production Scalability Soonest possible detection of potential threats An efficient way to operationalize new detection algorithms (minimize time from data science to market) The ability to apply the most sophisticated algorithms to the most amount of streaming and historical data Ability to quickly and easily update detection algorithms with human-generated rules (coming soon)

18 Solution Architecture for Detection & Investigation Implementing the Extended Lambda Architecture
INGESTION DETECTION FOUNDATION INVESTIGATION Data and Concept Models Case Management Continuous Decisioning Graph Analysis & Visualization Data Ingestion Data Lake Models Dashboarding & Drill-Through Model Development & Execution Search Data Store Access & Control User Interface Reporting & Drill-Through Monitoring Models

19 Model Development Immediate Detection Investigation Tools Effective Interfaces Machine-Learning Fast production Scalability Support for all tools of choice of data scientists is a necessity

20 Solution Architecture for Detection & Investigation Implementing the Extended Lambda Architecture
INGESTION DETECTION FOUNDATION INVESTIGATION Data and Concept Models Case Management Continuous Decisioning Graph Analysis & Visualization Data Ingestion Data Lake Models Dashboarding & Drill-Through Model Development & Execution Search Data Store Access & Control User Interface Reporting & Drill-Through Monitoring Models

21 Graph Analysis Pros Limitations Very fast joins Link analysis
Immediate Detection Investigation Tools Effective Interfaces Machine-Learning Fast production Scalability Pros Very fast joins Link analysis Powerful Visualization Limitations Scale of data

22 Solution Architecture for Detection & Investigation Implementing the Extended Lambda Architecture
INGESTION DETECTION FOUNDATION INVESTIGATION Data and Concept Models Case Management Continuous Decisioning Graph Analysis & Visualization Data Ingestion Data Lake Models Dashboarding & Drill-Through Model Development & Execution Search Data Store Access & Control User Interface Reporting & Drill-Through Monitoring Models

23 Dashboarding and Search
Immediate Detection Investigation Tools Effective Interfaces Machine-Learning Fast production Scalability Pros Scale of data Very fast queries Useful visualization Limitations No joins

24 Solution Architecture for Detection & Investigation Implementing the Extended Lambda Architecture
INGESTION DETECTION FOUNDATION INVESTIGATION Data and Concept Models Case Management Continuous Decisioning Graph Analysis & Visualization Data Ingestion Data Lake Models Dashboarding & Drill-Through Model Development & Execution Search Data Store Access & Control User Interface Reporting & Drill-Through Monitoring Models

25 Reporting and Drill-Through
Immediate Detection Investigation Tools Effective Interfaces Machine-Learning Fast production Scalability Addresses use cases not well supported by graph DBs or indexed document (NoSQL) DBs. Key Point: duplication of data is required to meet the functional and non-functional requirements of different use cases. Hence, so is governance.

26 Solution Architecture for Detection & Investigation Implementing the Extended Lambda Architecture
INGESTION DETECTION FOUNDATION INVESTIGATION Data and Concept Models Case Management Continuous Decisioning Graph Analysis & Visualization Data Ingestion Data Lake Models Dashboarding & Drill-Through Model Development & Execution Search Data Store Access & Control User Interface Reporting & Drill-Through Monitoring Models

27 Key Takeaways Threat Detection and Investigation use cases are increasing in # and importance Addressed by a solution architecture featuring primarily open source technologies LigaData is building and integrating the components to deliver the complete stack

28 Thank you!

Download ppt "Our Solutions Focus: Threat Detection and Investigation"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
© 2013 IBM Corporation October 4, 2013 IT Analytics and Big Data IBM Solutions Paul Smith (Smitty) Service Management Architect.

© 2013 IBM Corporation October 4, 2013 IT Analytics and Big Data IBM Solutions Paul Smith (Smitty) Service Management Architect.
Hadoop in the Wild CMSC 491 Hadoop-Based Distributed Computing Spring 2015 Adam Shook.

Hadoop in the Wild CMSC 491 Hadoop-Based Distributed Computing Spring 2015 Adam Shook.
Clementine Server Clementine Server A data mining software for business solution.

Clementine Server Clementine Server A data mining software for business solution.
Introduction to Building a BI Solution 권오주 OLAPForum www.olapforum.com.

Introduction to Building a BI Solution 권오주 OLAPForum
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Governance, Risk, and Compliance Bill Greene Senior Industry Director.

Governance, Risk, and Compliance Bill Greene Senior Industry Director.
Technology Capabilities. Market Research + Tech Capabilities Datamatics has in-house capabilities to deliver Technical expertise. Our clients rely on.

Technology Capabilities. Market Research + Tech Capabilities Datamatics has in-house capabilities to deliver Technical expertise. Our clients rely on.
Opening Keynote Presentation An Architecture for Intelligent Trading  Alessandro Petroni – Senior Principal Architect, Financial Services, TIBCO Software.

Opening Keynote Presentation An Architecture for Intelligent Trading  Alessandro Petroni – Senior Principal Architect, Financial Services, TIBCO Software.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
Contextual Security Intelligence Suite™ Preventing Data Breaches without Constraining Business.

Contextual Security Intelligence Suite™ Preventing Data Breaches without Constraining Business.
Some Great Open Source Intrusion Detection Systems (IDSs)

Some Great Open Source Intrusion Detection Systems (IDSs)
Hadoop in the Wild CMSC 491 Hadoop-Based Distributed Computing Spring 2016 Adam Shook.

Hadoop in the Wild CMSC 491 Hadoop-Based Distributed Computing Spring 2016 Adam Shook.
Business Insights Play briefing deck.

Business Insights Play briefing deck.
Energy Management Solution

Energy Management Solution

Similar presentations

Ads by Google