Giacomo Lanzi
Hadoop Open Data Model: “open” data collection
Estimated reading time: 5 minutes
With the advent of big data platforms, IT security companies can now make guided decisions on how to protect their assets. By recording network traffic and network flows, it is possible to get an idea of the channels on which company information flows. To facilitate the integration of data between the various applications and to develop new analytical functionalities, we the Apache Open Data Model meets.
The common Open Data Model for networks, endpoints and users has several advantages. For example, easier integration between various security applications, but companies are also made it easier to share analytics in case new threats are detected.
Hadoop offers adequate tools to manage a Security Data Lake (SDL) and big data analysis. It can also detect events that are usually difficult to identify, such as lateral movement , data leaks, internal problems or stealth behavior in general. Thanks to the technologies behind the SDL it is possible to collect the data of the SIEM to be able to exploit them through SOCaaS since, being a free Open Data Model, the logs are stored in such a way that they can be used by anyone.
What is Hadoop Open Data Model
Apache Hadoop is free and open source software that helps companies gain insight into their network environments. The analysis of the collected data leads to the identification of potential security threats or any attacks that take place between the resources in the cloud.
While traditional Cyber Threat Intelligence tools help identify threats and attacks in general, an Open Data Model provides a tool that allow companies to detect suspicious connections using flow and packet analysis.
H adoop Open Data Model combines all security-related data (events, users, networks, etc.) into a single visual area that can be used to identify threats effectively. It is You can also use them to create new analytical models. In fact, an Open Data Model allows the sharing and reuse of threat detection models.
An Open Data Model also provides a common taxonomy to describe the security telemetry data used to detect threats. Using data structures and schemas in the Hadoop platform it is possible to collect, store and analyze security-related data.
Open Data Model Hadoop, the advantages for companies
- – Archive a copy of the data security telemetry
- – Leverage out-of-the-box analytics to detect threats targeting DNS, Flow and Proxy
- – Build custom analytics based on your needs
- – Allows third parties to interact with ‘Open Data Model
- – Share and reuse models of threat detection, algorithms, visualizations and analysis from the community Apache Spot .
- – Leverage security telemetry data to better detect threats
- – Using security logs
- – Obtain data from users , endpoints and network entities
- – Obtain threat intelligence data
Open Data Model: types of data collected
To provide a complete security picture and to effectively analyze cyber threat data, you need to collect and analyze all logs and alerts regarding security events and contextual data related to the entities you are dealing with referenced in these logs . The most common entities include the network, users and endpoints, but there are actually many more, such as files and certificates.
Due to the need to collect and analyze security alerts, logs and contextual data, the following types of data are included in the Open Data Model.
Security Event Alerts in Open Data Model
These are event logs from common data sources used to identify threats and better understand network flows. For example operating system logs, IPS logs, firewall logs, proxy logs, web and many more.
Network context data
These include network information that is accessible to anyone from the Whois directory, as well as resource databases and other similar data sources.
User context data
This type of data includes all information relating to the management of users and their identity. Also included are Active Directory, Centrify and other similar systems.
Endpoint context data
Includes all information about endpoint systems (server, router, switch). They can come from asset management systems, vulnerability scanners and detection systems.
Contextual threat data
This data contains contextual information on URLs, domains, websites, files and much more, always related to known threats.
Contextual data on vulnerabilities
This data includes information on vulnerabilities and vulnerability management systems.
Articles from the RoadMap
This is file context data, certificates, naming convention.
Name of attributes
A naming convention is required for an Open Data Model in order to represent attributes between the vendor’s products and technologies. The naming convention consists of prefixes (net, http, src, dst, etc) and common attribute names (ip4, usarname, etc).
It is still a good idea to use multiple prefixes in combination with one attribute.
Conclusions
We have seen what the Hadoop Open Data Model is and how it can be used thanks to its ability to filter traffic and highlight potential cyber attacks by listing suspicious flows, threats to users, threats to endpoints and major network threats.
If you have any doubts or would like further clarification, do not hesitate to contact us by pressing the button below, we will be happy to answer any question.
Link utili:
Share
RSS
More Articles…
- CIS Controls and Vulnerability Assessment: practical guide to adopting best practices
- Kerberoasting: a threat to cybersecurity and how to mitigate it with Security Posture analysis
- Protect Your Business: Antivirus vs. SOC Service with EDR and Next Generation Antivirus (NGA)
- CSIRT and SOC: Differences between incident management and security monitoring
- Security posture analysis: Complete guide to strengthening cybersecurity
- Deception vs EDR: What’s the Best Threat Defense Strategy?
- Deception: Tricking Hackers to Secure Your Network
- Active Defense Deception: cybersecurity that beats hackers with their own weapons
Categories …
- Backup as a Service (17)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (21)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (189)
- Cyber Threat Intelligence (CTI) (7)
- Deception (4)
- Ethical Phishing (9)
- Penetration Test (8)
- Posture Guard (1)
- SOCaaS (62)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
Dark Reading
- CAPTCHAs Easy for Humans, Hard for Bots September 28, 2023Proton is aiming for the sweet spot between security, privacy, and accessibility with its CAPTCHA.
- A Preview of Windows 11’s Passkeys Support September 28, 2023The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication.
- Radiant Logic Announces Expanded Identity Analytics and Data Management Platform Capabilities September 27, 2023
- Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap With Military Veteran Talent September 27, 2023
- Netscout Identified Nearly 7.9M DDOS Attacks in the First Half of 2023 September 27, 2023
- Researchers Release Details of New RCE Exploit Chain for SharePoint September 27, 2023One of the already-patched flaws enables elevation of privilege, while the other enables remote code execution.
- China APT Cracks Cisco Firmware in Attacks Against the US and Japan September 27, 2023Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.
- Will Government Secure Open Source or Muck It Up? September 27, 2023The US government aims to support open source projects, while the European Union seeks to make open source projects liable for their software. Which approach will lead to more security?
- Microsoft Adds Passkeys to Windows 11 September 27, 2023It's the latest step in the gradual shift away from traditional passwords.
- Threat Data Feeds and Threat Intelligence Are Not the Same Thing September 27, 2023It's important to know the difference between the two terms. Here's why.
Full Disclosure
- [tool] WatchGuard Firebox Web Update Unpacker September 25, 2023Posted by retset on Sep 25A small utility for extracting file system images from "sysa-dl" update files. https://github.com/ret5et/Watchguard_WebUI_Unpacker
- APPLE-SA-2023-09-21-6 macOS Ventura 13.6 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-6 macOS Ventura 13.6 macOS Ventura 13.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213931. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. Kernel Available for: macOS […]
- APPLE-SA-2023-09-21-7 macOS Monterey 12.7 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-7 macOS Monterey 12.7 macOS Monterey 12.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213932. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. Kernel Available for: macOS […]
- APPLE-SA-2023-09-21-5 watchOS 9.6.3 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-5 watchOS 9.6.3 watchOS 9.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213929. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: Apple Watch Series 4 and later Impact: A […]
- APPLE-SA-2023-09-21-4 watchOS 10.0.1 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-4 watchOS 10.0.1 watchOS 10.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213928. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: Apple Watch Series 4 and later Impact: A […]
- APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 iOS 16.7 and iPadOS 16.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213927. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. […]
- APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1 iOS 17.0.1 and iPadOS 17.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213926. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: iPhone XS […]
- APPLE-SA-2023-09-21-1 Safari 16.6.1 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-1 Safari 16.6.1 Safari 16.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213930. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. WebKit Available for: macOS Big Sur and Monterey Impact: Processing web […]
- Advisory X41-2023-001: Two Vulnerabilities in OPNsense September 23, 2023Posted by X41 D-Sec GmbH Advisories via Fulldisclosure on Sep 22Advisory X41-2023-001: Two Vulnerabilities in OPNsense =========================================================== Highest Severity Rating: High Confirmed Affected Versions: 23.1.11_1, 23.7.3, 23.7.4 Confirmed Patched Versions: Commit 484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 Vendor: Deciso B.V. / OPNsense Vendor URL: https://opnsense.org Credit: X41 D-Sec GmbH, Yasar Klawohn and JM Status: Public Advisory-URL:...
- SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape September 18, 2023Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 18SEC Consult Vulnerability Lab Security Advisory < 20230918-0 > ======================================================================= title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape Session Border Controller Atos Unify OpenScape Branch Atos Unify OpenScape BCF vulnerable version: OpenScape SBC...
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
-
SecureOnlineDesktop
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Newsletter
Products and Solutions
Partners
Cloud Models
News
- CIS Controls and Vulnerability Assessment: practical guide to adopting best practices September 25, 2023
- Kerberoasting: a threat to cybersecurity and how to mitigate it with Security Posture analysis September 8, 2023
- Protect Your Business: Antivirus vs. SOC Service with EDR and Next Generation Antivirus (NGA) September 8, 2023
- CSIRT and SOC: Differences between incident management and security monitoring September 8, 2023
- Security posture analysis: Complete guide to strengthening cybersecurity August 21, 2023
Google Reviews
About
© 2023 Secure Online Desktop s.r.l. All Rights Reserved. Registered Office: via dell'Annunciata 27 – 20121 Milan (MI), Operational Office: via statuto 3 - 42121 Reggio Emilia (RE) – PEC [email protected] Tax code and VAT number 07485920966 – R.E.A. MI-1962358 Privacy Policy - ISO Certifications