Home > Big Data and Hadoop > Real-time threat intelligence using Hadoop

Real-time threat intelligence using Hadoop

Now that you are familiar with Hadoop and big data you might ask the question “Who uses Hadoop for real-time cyber-security?”.

One example might be McAfee Global Threat Intelligence a product from McAfee (part of Intel) which collects data from millions of sensors world-wide, correlates this data to provide real-time reputation scoring and threat intelligence.   If  you are a McAfee customer and need a way to get reputation scores about reputed “bad actors” on the internet, you could deploy a GTI proxy appliance in your location and have every McAfee end-point node in your location use the proxy appliance to query the GTI application in the cloud.  The GTI application runs over a Hadoop cluster.  Such access to real-time threat intelligence helps McAfee end point products deliver more effective cyber-security.

Another example is IpTrust (Endgame systems) a cloud based service whose reputation scoring system collects data, runs it through MapReduce and then hands it over to Cassandra (a NoSQL distributed database mgmt. system) running over Hadoop Distributed File System (HDFS).  Apparently they have a good business model as their customers include HP and IBM.  Why use Hadoop?  Simply because if your goal is to mine millions or billions of log files to look for botnet activity what better and more scalable platform could there be than open source Hadoop?

Yet another example is SOURCEfire Immunet which uses Hadoop to collect data from 2 million end-points monitored by SOURCEfire and provide real-time protection against malware and zero-day attacks.

In conclusion if you are a security vendor deploying a cloud based reputation scoring service and you have a need to process and store way more data than traditional databases can handle then you should consider Hadoop as the foundation for your solution.

Advertisements
  1. No comments yet.
  1. November 22, 2012 at 7:50 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: