Zettaset Uses Big Data To Find Security Risks
Hadoop-based Security Data Warehouse analyzes petabytes of data to unearth threats, dormant or active.
August 10, 2011
Black Hat
A security software firm has introduced a security data warehouse stack that analyzes reams of data on a network to identify and intervene to thwart security threats. Zettaset's software, based on the open source Hadoop software framework, mines security information from network firewalls, security devices, website traffic, business processes, and other transactions, for a security practice known collectively as security incident and event management (SIEM).
The Zettaset Security Data Warehouse (SDW) product was recently unveiled at BlackHat, a UBM TechWeb network security conference in Las Vegas. While the open source SDW software is free, the company also sells related system management software and an application that customizes the SDW to a particular industry vertical, such as financial services or healthcare, said Brian Christian, Zettaset's founder and CEO.
The SDW stack can be downloaded onto a cluster of servers, maybe five to 10 in a typical environment, Christian said, although the product is scalable to run on many more servers in order to analyze petabytes of data. "Then you can begin piping in event data, business data, anything that can lead to a better understanding of any malicious anomalies or behavior," he said.
The product analyzes security threats that are becoming more sophisticated as of late, such as malware attacks, Christian said. Oftentimes, malware may penetrate a corporate network and lay dormant for a long time before it is executed, which may be when it starts copying sensitive data, such as customer credit card numbers, and offloading it from the network.
The Zettaset SDW is designed to look back in time to when that malware entered the network, said Tom Masucci, head of sales for Zettaset.
"In most SIEM-like environments, you are analyzing data in seconds," said Masucci. "What we're finding is that the events are [now] the low and slow internal reconnaissance type of events that take place over time. So with the Security Data Warehouse, we are able to extend your time horizon to several months in the past."
Read the rest of this article on Network Computing.
In this new Tech Center report, we profile five database breaches--and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk. Download it here (registration required).
You May Also Like