Cyber Security in Network
Centric Environment
Anvita Sharma
Middleware Architect
Red Hat
Agenda
2

NCO - Network Centric Operations

Cyber Security Challenge

Intelligence Driven Security Systems

Tools that can help

Questions
Network Centric Operations
3
Net-Centric Operations refers to participating as a part of
a complex community of people, devices, information
and services interconnected by a communications
network to optimise resource management and provide
superior information on events and conditions needed to
empower decision makers.”
“
4
NCO – Reference Model
5
What Problems are we trying to solve?
6
What Problems are we trying to solve?
7
SECURE THE NET
Cybersecurity Challenge
9
It's largely about DATA..
11
RED HAT | ADD NAME
... Machine generated data
40%
200 billions
Connected devices
by 2020
Machine data growth
by 2020
Getting DATA from MACHINES
12
RED HAT | ADD NAME
Business generated data
DATA SILOS
Getting DATA from BUSINESS
13
RED HAT | ADD NAME
Human Generated data
500M tweets/day
eq 6.5 Gbps
10B messages/day
eq 146 Gbps
64B messages/day
eq 830 Gbps
Source: eMarketer, Dec 2013
Source: eMarketer, Dec 2013
Getting DATA on/from the USERS
14
RED HAT | ADD NAME
CONVERGENCE OF FOUR DATA TRENDS
15
RED HAT | ADD NAME
More Data means More Security
Intelligence Driven Security Model
Using Big Data to confront the unprecedented information risk arising from
17

Diminishing Network Boundaries

Sophisticated Adversaries
It's largely about DATA..
Intelligence Driven Security Model
Monitoring
Systems
Diverse Data
Sources
Standardised
Views
It's largely about DATA..
Big Data
Driven
Security
Model
Analytics
Engine
Tools to
collect Data
Centralised
Storage
18
High Degree
of Integration
INTEGRATON PLATFORMS
With JBoss Fuse, You Can Integrate Everything...
MQ
ESB
MQ
partners
MQ
cloud / SaaS apps
+
MQ
HQ + integration stack
MQ
MQ
ESB
distributors
Integration beyond the Data
Center – deploy ESBs and
No longer limited to hub-and
spoke – deploy integration
Eliminate
batch deliver
devices
brokers can easily and
DATA GRID
What is a data grid?



An in-memory distributed data store designed for fast access to large
volumes of data and scalability
Commonly a complementary layer to the relational database and the
application.
Store and Compute Data/Events
Key data grid characteristics:

In-memory, distributed caching

Elastic scalability

Advanced querying

Data replication

Processing for streaming data

Transaction capabilities
22
COMPLEX EVENT PROCESSING
What is Complex Event Processing?
What is an Event?
A significant change of state at a particular point in time.
What is Complex Event Processing?
The ability to detect, correlate, abstract, aggregate or compose and react to
events.
24
RED HAT | ADD NAME
CEP and BRMS Enables:
Event Detection
From an event cloud or set of streams, select all the meaningful events and only
then:
(Temporal) Event Correlation
Ability to correlate events and facts declaring both temporal and non-temporal
constraints between them. Ability to reason over event aggregation.
Event abstraction
Ability to compose complex events from atomic events AND reason over them.
25
RED HAT | ADD NAME
Model: CEP Modes
Cloud Mode

Stream Mode
Default Mode – All facts and events are loaded
before reasoning




Many to many pattern matching by the engine
No notion of flow of time, no clock
synchronization
Events must be time-ordered
Engine synchronizes between streams
using session clock

Engine applies the notion of flow

Ordering is not required

Engine manages the event lifecycle

Event lifecycle managed by user

Sliding window option could be used

Sliding window is not needed

26
Negative patterns could be used. Ex. Fire
detected, no sprinkler turned on in 10 sec
sound alarm
RED HAT | ADD NAME
Model: Temporal Relationships
when
Shipment( $pickupTime : scheduledPickupTime )
Temporal
Relationship
not ShipmentPickup( this before $pickupTime )
then
// shipment not picked up... Action required.
end
rule “Shipment not picked up in time”
13 Operators are Supported

Event A before Event B

Event A coincides Event B

Event A meets Event B

Event A after Event B

Event A overlaps Event B

Event A metBy Event B

Event A finishes Event B

Event A overlapedBy Event B

Event A includes Event B

Event A finishedBy Event B

Event A starts Event B

Event A during Event B

Event A finishes Event B
27
RED HAT | ADD NAME
Model: CEP – Sliding Windows
Sliding window 1
Sliding window 2
Joined window
Sliding Time Window
- Reason Over events occurring next set time duration
Example: Raise alarm if avg temp reading from
sensor over last 10m is above the threshold
- Reason Over set number of events occuring
Example: Raise alarm if avg temp from last 100
sensor readings is above the threshold
rule "Sound the alarm in case temperature rises above
threshold"
when
TemperatureThreshold( $max : max )
Number( doubleValue > $max ) from accumulate(
SensorReading( $temp : temperature ) over
window:time( 10m ),
average( $temp ) )
then
// sound the alarm
end
28
Sliding Length Window
rule "Sound the alarm in case
threshold"
when
TemperatureThreshold( $max
Number( doubleValue > $max
SensorReading( $temp
window:length( 100 ),
average( $temp ) )
then
// sound the alarm
end
RED HAT | ADD NAME
temperature rises above
: max )
) from accumulate(
: temperature )
over
DATA VIRTUALIZATION AND
FEDERATION
What is Data Virtualization software?
BI Reports
Data Virtualization software
makes data that is spread across
various disparate sources;
available to applications as if it is
coming from a single dedicated
data source.
Data Virtualization
Software
SAP
RED HAT | ADD NAME
XML, CSV
& Excel files
Easy,
Real-time
Information
Access
Virtualize
Abstract
Federate
Virtual Data Source
Oracle DW
30
SOA Applications
Salesforce.com
Siloed &
Complex
Turn Data to Actionable Information
Mobile Applications
ESB, ETL
BI Reports & Analytics
SOA Applications & Portals
Data
Consumers
Design Tools
Standard based Data Provisioning
JDBC, ODBC, SOAP, REST, OData
Consume
Easy,
Real-time
Information
Access
Dashboard
Unified Virtual Database / Common Data Model
JDV
Compose
Unified Customer
View
Unified
Product View
Unified
Supplier View
Optimization
Caching
Virtualize
Abstract
Federate
Security
Connect
Native Data Connectivity
Metadata
Siloed &
Complex
Data Sources
Hadoop
31
NoSQL
Cloud Apps
Data Warehouse
& Databases
RED HAT Confidential
Mainframe
XML, CSV
& Excel Files
Enterprise Apps
Data Virtualization:
Supported Data Sources
Enterprise RDBMS:
• Oracle
• IBM DB2
• Microsoft SQL Server
• Sybase ASE
• MySQL
• PostgreSQL
• Ingres
Enterprise EDW:
• Teradata
• Netezza
• Greenplum
32
Hadoop:
• Apache
• HortonWorks
• Cloudera
• More coming…
Office Productivity:
• Microsoft Excel
• Microsoft Access
• Google Spreadsheets
Specialty Data
Sources:
• ModeShape
Repository
• Mondrian
• MetaMatrix
• LDAP
RED HAT | ADD NAME
NoSQL:
• JBoss Data Grid
• MongoDB
• More coming…
Enterprise & Cloud
Applications:
• Salesforce.com
• SAP
Technology
Connectors:
• Flat Files, XML Files,
XML over HTTP
• SOAP Web Services
• REST Web Services
• OData Services
ANALYTICS
BAM: Process Dashboard – Instance Details
34
RED HAT | ADD NAME
Some have done it already
What for ?
35
RED HAT | ADD NAME
Red Hat Customer Success
Red Hat Embedded Partner
Global Banking Institution
in military
Red Hat JBoss and Storage solutions power the Risk Management group of a Tier 1 global Bank with
infrastructure to run Liquidity Risk algorithms on multiple intervals (intraday to annual), to optimize rule-based
decisions and provide long term data retention
Realtime
Direct feeds from
market data, to
inject those data
into intra-day
calcultation
36
Variety
Multi-period
calculations, from
intraday to over the
year calculations.
Up to 80 future
dates and 3000
different market
paths
Aggregate
Market data live
feeds with other
counterparties,
liabilities and
exposures ; mix of
hadoop-based data
analysis and
realtime data
analysis
RED HAT | ADD NAME
Retention
Long term
retention of data
to compute yearlong risk analysis
(up to 2 years)
Mission
critical
System reliability
and availability with
data caching,
persistent messages
and high availability
architecture
Red Hat Customer Success
Red Hat Embedded Partner
in militaryFrance Electricity provider ERDF
Red Hat JBoss solutions power the ERDF Intelligent System with complex data filtering, event processing and
data collected by the millions of intelligent and connected home electric meters
Detect
Meters and
Collectors
monitoring, Event
collection for QoS
and performance
monitoring
37
Collect
Data and Event
collection
8 millions multiformat events per
day, stored for 5
years.
On the fly KPI
calculation
Filter and
correlate
Contextual
behavior analysis
via CEP, to identify
malfunctions and
unwanted floods, to
control and manage
context
RED HAT | ADD NAME
Diagnose
Automatic
diagnosis based
on complex rules
and context
management.
Manual diagnosis
via mobile device
and applications,
structured data and
cartography
Mission
critical
System reliability
and availability with
data caching,
persistent messages
and high availability
architecture
Questions
and
Discussion
38
RED HAT | ADD NAME