Date post: | 15-Feb-2017 |
Category: |
Retail |
Upload: | timur-bagirov |
View: | 89 times |
Download: | 3 times |
Copyright © 2015 Splunk Inc.
Gianluca Gaias Head of Informa@on Security, YOOX Group
Building an Enterprise-‐grade Security Intelligence PlaIorm at Yoox.com (Gain the Big Picture)
Disclaimer
2
During the course of this presenta@on, we may make forward looking statements regarding future events or the expected performance of the company. We cau@on you that such statements reflect our current expecta@ons and es@mates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-‐looking statements, please review our filings with the SEC. The forward-‐looking statements made in the this presenta@on are being made as of the @me and date of its live presenta@on. If reviewed aWer its live presenta@on, this presenta@on may not contain current or
accurate informa@on. We do not assume any obliga@on to update any forward looking statements we may make.
In addi@on, any informa@on about our roadmap outlines our general product direc@on and is subject to change at any @me without no@ce. It is for informa@onal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obliga@on either to develop the features
or func@onality described or to include any such feature or func@onality in a future release.
Personal Introduc@on
3
Gianluca Gaias, YOOX Group YOOX Group is the global Internet retailing partner for leading fashion and luxury brands
Head of Informa@on Security: – Applica@on Security – Organiza@onal Security – Compliance – Security Monitoring
Key Takeaways
4
From a technology oriented approach to an info-‐centric approach
From log correla2on to pa3ern recogni2on
From a passive/display pla7orm to a proac2ve/execu2ve pla7orm
From standard dashboards to real-‐2me dynamic dashboards
From a security event to an context-‐aware security informa2on
Agenda YOOX Group: business and challenges. Security evolu@on overview From Tech Oriented approach to Informa@on Oriented approach – Deep Inves@ga@on – Proac@ve Dashboard: IP Blacklist – Real-‐@me Dynamic Dashboard: Aback Map
Risk Management and Pabern Recogni@on – Use Case: Abackers Ac@vity
Reconsidering dashboard design Next Steps
5
YOOX Group
6
Global reach to more than 100 countries worldwide Five logis@cs centers strategically located, guaranteeing top service to all major fashion markets (United States, Europe, Japan, China, Hong Kong)
YOOX Group: OS & Mul@-‐Brand
7
§ The online destination for women dedicated entirely to in-season high-end shoes
§ Exclusive shoe-related services and innovative editorial component
§ Launched in 2012
§ Exclusive official online flagship stores of leading fashion and luxury brands § Long-‐term partnerships
MONO-‐BRAND
§ The luxury online boutique with in-season assortment of high fashion and directional designers for men and women
§ Dedicated mini-stores § Launched in 2008
Online stores “Powered by YOOX Group”
MULTI-‐BRAND
§ The world’s leading online lifestyle store for fashion, design and art
§ Broad offering of end-‐of-‐season premium apparel and accessories, exclusive collec@ons, vintage, home & design and artworks
§ Launched in 2000
JVCo with Kering
and many more …
YOOX Group: Challenges
Keep the trust – Data Confiden@ality – Data Integrity and Completeness – Data Processing Transparency
High Availability in hos@le enviroment Gain the big picture: – Challenge and Enabler
8
ü Shareholders ü Customers ü Stakeholders
Security Evolu@on Overview
9
0 1 2 3 4 5 6 7 8 9
Data Leakage Preven@on Informa@on Security
Compliance
IPS & Anomaly Detec@on
Administra@ve Access Control
PCI-‐DSS Compliance
Sites Vulnerability Checks
Code Review
Logical Access Governance
Security Intelligence PlaIorm
Online Brand Protec@on
Privacy Compliance
Informa@on Process Analysis
2011 2013 2015
Security Evolu@on – Tech vs Info
Technology Oriented: – Info confined to technology – Par@al iden@ty defini@on – No covered gaps
Informa@on Oriented -‐ Splunk: – Enrichement of tech logs – Event correla@on – Clear iden@ty defini@on
10
Advanced Dashboard: IP Blacklist
14
• Proac@ve Dashboard • One-‐click blacklist on
Akamai WAF through Akamai API calls
• Splunk is able to run a command on input source Drilldown
«From a passive/display pla7orm to a proac2ve/execu2ve pla7orm»
WAF Ac@vity Representa@on: Standard Dashboard
15
• Sta@s@cal evidences by: – Source IP – Aback type – WAF Ac@on
• Event distribu@on over the @me
• Spike visibility depends from the scale • Is not evident:
– Aback frequency – Rela@on between Source IP, Aback type
and WAF ac@on
Pros Cons
“From standard dashboards to real-‐2me dynamic dashboards”
Real-‐@me Dynamic Dashboard: Aback Map
16
Security Evolu@on – Risk Mgmt & Pabern Rec. Risk Management: – Correla@on of Tech Elements and Business Elements – Support to quan@ta@ve risk analysis – Assigning Risk value to alerts
Pabern Recogni@on: – Different levels of correla@on – Pabern as result of several high-‐level events from different systems by iden@ty – Knowledge from historical incidents and analysts experience – Goal: detect user behavior and recurrent aback paberns
17
Pabern Recogni@on Single security events may be part of a more complex ac@on.
18
Correla@on
Brute Force
Exce. Out Data
High Conn.
Correla@on Level 1
Correla@on Level 2
Correla@on Level n
Data Exfiltra@on
«From log correla2on to pa3ern recogni2on»
Sequence
Introduced by high level analyst
Pabern Consolida@on
Analyst
Risk Management
Usually single security event has a sta@c risk We need risk value based on content and other events correlated
19
“From a security event to an context-‐aware security
informa2on”
Risk
Sta@c Assign. (Lookup)
N level correla@on
Content Eval
Use Case: Abackers Ac@vity Detect sequence of relevant event by iden:ty
Ac@vity Score: ver@cal axes, max of the same alert type
Ac@vity Frequency: ball diameter
20
Pa=ern Recogni:on Risk Value
Reconsidering Dashboard Design
21
Na@ve Log Collec@on
Splunk Log Collec@on
Standard Dashboards
Advanced Dashboards
Pabern Recogni@on
Splunk Engeneers
NOC
SOC
Security Analyst
Head of Security Knowledge
Data Meaning
The Big Picture
Key Takeaways
22
From a technology oriented approach to an info-‐centric approach.
From log correla2on to pa3ern recogni2on.
From a passive/display pla7orm to a proac2ve/execu2ve pla7orm.
From standard dashboards to real-‐2me dynamic dashboards.
From a security event to an context-‐aware security informa2on.