| <!doctype html> |
| |
| <!--[if lt IE 7]><html lang="en-US" class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]--> |
| <!--[if (IE 7)&!(IEMobile)]><html lang="en-US" class="no-js lt-ie9 lt-ie8"><![endif]--> |
| <!--[if (IE 8)&!(IEMobile)]><html lang="en-US" class="no-js lt-ie9"><![endif]--> |
| <!--[if gt IE 8]><!--> |
| <html lang="en-US" class="no-js"> |
| <!--<![endif]--> |
| |
| <head> |
| <meta charset="utf-8"> |
| |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> |
| |
| <title>Apache Spot (Incubating) and Cybersecurity — Using NetFlows to Detect Threats to Critical Infrastructure - Apache Spot</title> |
| |
| <meta name="HandheldFriendly" content="True"> |
| <meta name="MobileOptimized" content="320"> |
| <meta name="viewport" content="width=device-width, initial-scale=1"/> |
| |
| <link rel="apple-touch-icon" href="../../library/images/apple-touch-icon.png"> |
| <link rel="icon" href="../../favicon.png"> |
| <!--[if IE]> |
| <link rel="shortcut icon" href="http://spot.incubator.apache.org/favicon.ico"> |
| <![endif]--> |
| <meta name="msapplication-TileColor" content="#f01d4f"> |
| <meta name="msapplication-TileImage" content="../../library/images/win8-tile-icon.png"> |
| <meta name="theme-color" content="#121212"> |
| |
| <link rel='dns-prefetch' href='//fonts.googleapis.com' /> |
| <link rel='dns-prefetch' href='//s.w.org' /> |
| <link rel="alternate" type="application/rss+xml" title="Apache Spot » Feed" href="../../feed/" /> |
| |
| <link rel='stylesheet' id='googleFonts-css' href='http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic' type='text/css' media='all' /> |
| <link rel='stylesheet' id='bones-stylesheet-css' href='../../library/css/style.css' type='text/css' media='all' /> |
| <!--[if lt IE 9]> |
| <link rel='stylesheet' id='bones-ie-only-css' href='http://spot.incubator.apache.org/library/css/ie.css' type='text/css' media='all' /> |
| <![endif]--> |
| <link rel='stylesheet' id='mm-css-css' href='../../library/css/meanmenu.css' type='text/css' media='all' /> |
| <script type='text/javascript' src='../../library/js/libs/modernizr.custom.min.js'></script> |
| <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script> |
| <script type='text/javascript' src='../../library/js/jquery-migrate.min.js'></script> |
| <script type='text/javascript' src='../../library/js/jquery.meanmenu.js'></script> |
| |
| <script> |
| (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ |
| (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), |
| m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) |
| })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); |
| |
| ga('create', 'UA-87470508-1', 'auto'); |
| ga('send', 'pageview'); |
| |
| </script> |
| </head> |
| |
| <body class="single single-post"> |
| |
| <div id="container"> |
| <header class="header"> |
| |
| <div id="inner-header" class="wrap cf"> |
| |
| <p id="logo" class="h1" itemscope itemtype="http://schema.org/Organization"> |
| <a href="http://spot.incubator.apache.org/" rel="nofollow"><img src="../../library/images/logo.png" alt="Apache Spot" /></a> |
| </p> |
| |
| <nav> |
| <ul id="menu-main-menu" class="nav top-nav cf"> |
| <li id="menu-item-129" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-129"> |
| <a href="../../get-started">Get Started</a> |
| <ul class="sub-menu"> |
| <li><a href="../../get-started">Get Started</a></li> |
| <li><a href="../../get-started/supporting-apache">Supporting Apache</a></li> |
| <li><a href="../../get-started/environment">Environment</a></li> |
| <li><a href="../../get-started/architecture">Architecture</a></li> |
| <li><a href="../../get-started/demo">Demo</a></li> |
| </ul> |
| </li> |
| <li id="menu-item-5" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-5"> |
| <a href="../../download">Download</a> |
| </li> |
| <li id="menu-item-130" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-130"> |
| <a href="../../community">Community</a> |
| <ul class="sub-menu com-sm"> |
| <li class="dropmenu-head">Get in Touch</li> |
| <li><a href="../../community" class="mail">Mailing Lists</a></li> |
| <li class="divider"></li> |
| <li><a href="../../community/committers">Project Committers</a></li> |
| <li><a href="../../community/contribute">How to Contribute</a></li> |
| <li class="divider"></li> |
| <li class="dropmenu-head">Developer Resources</li> |
| <li><a href="https://github.com/apache/incubator-spot" target="_blank" class="github">Github</a></li> |
| <li><a href="https://issues.apache.org/jira/browse/SPOT/" target="_blank" class="jira">JIRA Issue Tracker</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/pages/viewpage.action?spaceKey=SPOT&title=Apache+Spot+%28Incubating%29+Home" target="_blank" class="">Confluence Site</a></li> <li class="divider"></li> |
| <li class="dropmenu-head">Social Media</li> |
| <li><a href="https://twitter.com/ApacheSpot" target="_blank" class="twitter-icon">Twitter</a></li> |
| </ul> |
| </li> |
| <li id="menu-item-106" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-106"> |
| <a href="../../doc">Documentation</a> |
| </li> |
| <li class="menu-item menu-item-has-children"> |
| <a href="#">Project Components</a> |
| <ul class="sub-menu"> |
| <li><a href="../../project-components/ingestion">Ingestion</a></li> |
| <li><a href="../../project-components/machine-learning">Machine Learning</a></li> |
| <li><a href="../../project-components/suspicious-connects-analysis">Suspicous Connects Analysis</a></li> |
| <li><a href="../../project-components/visualization">Visualization</a></li> |
| <li class="under-dev">Under Development</li> |
| <li><a href="../../project-components/open-data-models">Open Data Models</a></li> |
| </ul> |
| </li> |
| <li id="menu-item-13" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-13 active"> |
| <a href="../../blog">Blog</a> |
| </li> |
| </ul> |
| </nav> |
| |
| </div> |
| |
| </header> |
| |
| <div id="mobile-nav"></div> |
| |
| <div id="content"> |
| |
| <div id="inner-content" class="wrap cf"> |
| |
| <main id="main" class="m-all t-2of3 d-5of7 cf" role="main" itemscope itemprop="mainContentOfPage" itemtype="http://schema.org/Blog"> |
| |
| <article id="post-117" class="cf post-117 post type-post status-publish format-standard hentry category-cybersecurity" role="article" itemscope itemprop="blogPost" itemtype="http://schema.org/BlogPosting"> |
| |
| <header class="article-header entry-header"> |
| |
| <h1 class="entry-title single-title" itemprop="headline" rel="bookmark">Apache Spot (Incubating) and Cybersecurity — Using NetFlows to Detect Threats to Critical Infrastructure</h1> |
| |
| <p class="byline entry-meta vcard"> |
| |
| <time class="updated entry-time" datetime="2016-08-08" itemprop="datePublished"> |
| August 8, 2016 |
| </time> |
| </span> |
| </p> |
| |
| </header> |
| <section class="entry-content cf" itemprop="articleBody"> |
| <p> |
| The “first” documented cybersecurity case was the worm replication, which was initiated by Robert T. Morris on November 2, 1988. Wow! Here we are in 2016, 28 years later, with viruses and worms giving way to Trojan horses and polymorphic code. Nowadays, we are also fighting against DDoS, phishing, spear phishing attacks, command and controls along with APTs such as Aurora, Zeus, Red October and Stuxnet. What happened with our security controls on each attack? |
| </p> |
| <p> |
| Despite heroic efforts, internal and external security controls, no matter if they are preventive, detective or corrective, can be bypassed by different situations or misconfigurations. Capabilities to detect bugs or vulnerabilities in code, protocol, etc. are still limited. When we consider how to close these gaps, we have two options: |
| </p> |
| <ol> |
| <li> |
| Collect information from each device that is part of the environment. |
| </li> |
| <li> |
| Collect information from the critical infrastructure that is used for most, if not all, of the systems. |
| </li> |
| </ol> |
| <p> |
| This blog will describe the second approach. |
| </p> |
| <p> |
| Critical infrastructure, including nationally significant infrastructure, can be broadly defined as the systems, assets, facilities and networks that provide essential services. For nations, this means protecting the national security, economic security and prosperity as well as the health and safety of their citizenry. If we extrapolate this definition on the IT enterprise environments, we can define the critical infrastructure as the service, or services, that need to be up and running properly 99.99999% of the time, most of the time to support other critical infrastructure, such as databases, HR systems, manufacturing systems, etc. |
| </p> |
| <p> |
| Effectively protecting critical infrastructure means that millions, if not billions, of different scenarios must be identified and monitored. To do this, the cybersecurity problem must be broken into small pieces. |
| </p> |
| <p> |
| Let’s consider DNS — your communications to the Web. How can you know which communications are being established by your critical servers? And, what if you want to do it for most of your infrastructure? |
| </p> |
| <p> |
| First idea: Use NetFlow, which is a network protocol that helps us collect IP traffic information and monitor network traffic. NetFlow has the details on the communications of all of your network traffic. However, the normal data on an enterprise environment includes billions of NetFlow events per day. To use this data to identify issues, it must be stored and analyzed. Storage alone is costly. Analyzing what amount Big Data stores is an entire other challenge. |
| </p> |
| <p> |
| Apache Spot offers a solution. It was designed to gather, store and analyze Big Data. In fact, Apache Spot is an ideal solution for this cybersecurity challenge. Apache Spot can integrate many different data sources in a data lake then add operational context to the data by linking configuration, inventory, service databases and other data stores. This helps you to prioritize the actions to take under different attack, malware, APT and hacking scenarios. With Apache Spot, attacks that bypass our external or internal security controls can be identified. By delivering risk-prioritized, actionable insights, Apache Spot can support the growing need for security analytics. |
| </p> |
| <p> |
| Not only can Apache Spot collect, store and analyze billions of NetFlow packets, but it can also be adapted to meet the unique requirements of your organization. How? Apache Spot is an open-source project. |
| </p> |
| <p> |
| <strong>But Wait, There’s More</strong> |
| </p> |
| <p> |
| Check out “<a href="../how-apache-spot-helps-create-well-stocked-data-lakes-and-catch-powerful-insights/"><u>How Apache Spot Helps Create Well-Stocked Data Lakes and Catch Powerful Insights</u></a>” to learn more about the underlying Apache Spot architecture. |
| </p> |
| <p> |
| This is the first of a series of blogs that we will be writing about cybersecurity, so check back to read more. |
| </p> |
| </section> |
| <footer class="article-footer"> |
| |
| filed under: <a href="../../category/cybersecurity/" rel="category tag">Cybersecurity</a> |
| |
| </footer> |
| |
| </article> |
| |
| </main> |
| |
| <div id="sidebar1" class="sidebar m-all t-1of3 d-2of7 last-col cf" role="complementary"> |
| |
| <div id="recent-posts-2" class="widget widget_recent_entries"> |
| <h4 class="widgettitle">Recent Posts</h4> |
| <ul> |
| <li> |
| <a href="../../blog/apache-spot-product-architecture-overview/">Apache Spot Product Architecture Overview</a> |
| </li> |
| <li> |
| <a href="../../blog/strength-in-numbers-why-consider-open-source-cybersecurity-analytics/">Strength in Numbers: Why Consider Open Source Cybersecurity Analytics</a> |
| </li> |
| <li> |
| <a href="../../blog/jupyter-notebooks-for-data-analysis/">Jupyter Notebooks for Data Analysis</a> |
| </li> |
| <li> |
| <a href="../../blog/apache-spot-and-cybersecurity-using-netflows-to-detect-threats-to-critical-infrastructure/">Apache Spot (Incubating) and Cybersecurity — Using NetFlows to Detect Threats to Critical Infrastructure</a> |
| </li> |
| <li> |
| <a href="../../blog/how-apache-spot-helps-create-well-stocked-data-lakes-and-catch-powerful-insights/">How Apache Spot (Incubating) Helps Create Well-Stocked Data Lakes and Catch Powerful Insights</a> |
| </li> |
| <li> |
| <a href="../../blog/apache-spot-3-most-asked-questions/">Apache Spot (Incubating): 3 Most-Asked Questions</a> |
| </li> |
| </ul> |
| </div> |
| <div id="archives-2" class="widget widget_archive"> |
| <h4 class="widgettitle">Archives</h4> |
| <ul> |
| <li> |
| <a href='../../2017/03/'>March 2017</a> |
| </li> |
| <li> |
| <a href='../../2016/10/'>October 2016</a> |
| </li> |
| <li> |
| <a href='../../2016/09/'>September 2016</a> |
| </li> |
| <li> |
| <a href='../../2016/08/'>August 2016</a> |
| </li> |
| <li> |
| <a href='../../2016/03/'>March 2016</a> |
| </li> |
| </ul> |
| </div> |
| |
| </div> |
| |
| </div> |
| |
| </div> |
| |
| |
| <footer class="footer" role="contentinfo" itemscope itemtype="http://schema.org/WPFooter"> |
| |
| <div id="inner-footer" class="wrap cf"> |
| |
| <p class="source-org copyright" style="text-align:center;"> |
| © 2020 Apache Spot. |
| </p> |
| |
| </div> |
| |
| </footer> |
| |
| </div> |
| <a href="#0" class="cd-top">Top</a> |
| <script type='text/javascript' src='../../library/js/scripts.js'></script> |
| |
| </body> |
| |
| </html> |
