Welcome!

Blog Feed Post

Update on Apache Spot: Tremendous advancement in cybersecurity data analytics and event management capabilities

Bob Gourley

The trend of applying machine learning and artificial intelligence to the mission of cyber defense is one of the most promising activities in the cybersecurity community. The trend towards eliminating data stovepipes to allow analysts to work over all relevant security data is also a very positive movement. Both of those trends are apparent in the new Apache Spot project.

Apache Spot is a community-drive cybersecurity project undergoing incubation at the Apache Software Foundation (ASF). The project is based on Cloudera's big data platform on Intel hardware, leveraging Apache Hadoop for infinite log management and data storage, Apache Spark for machine learning and near real-time anomaly detection, a suite of packaged analytics that provide tools of immediate use to any security ops team (including visualizations, analytics and machine learning tools). This is all integrated together with other tools in a way that just works. It includes a well developed data model for all relevant threat, technology and incident data. And, since it is an open platform, this model is tailorable for any unique needs.

I've been tracking Apache Spot for quite a while. It had its roots in an Intel project and has had great leadership and contributions from Cloudera as well as some of the greatest names in cybersecurity technology. But was very pleased to be able to get a personal demo from Cloudera's director of cybersecurity strategy Sam Heywood during the RSA conference. There is nothing like seeing it in action and clicking buttons myself (a photo from my demo is here):

https://i2.wp.com/ctovision.com/wp-content/uploads/apache-spot-e14880601... 282w" sizes="(max-width: 379px) 100vw, 379px" data-recalc-dims="1" />

There is also a growing application ecosystem for sharing advanced capabilities with the community. And Cloudera has just announced support for Apache Spot, so any enterprise who uses it can opt to have commercial grade services and support.

This is a great capability that pulls together all the relevant data that any SOC would want/need for just about every conceivable cybersecurity use case. It can be used for analysis before breach to continue improvements, can be used to assess the nature of threats that might be exploring and attempting breach, and, during or after the attack can be used to rapidly assess what is going on. Since it is based on an open data model and since great thought has already gone into most use cases it is totally extensible to just about any data source and easily tailorable to any need.

Beyond the SOC, Apache Spot will have use cases for compliance teams, hunt teams, and any other specialized function that needs intuitive access to analytical tools over all relevant security data.

If you have any market survey underway for any SIEM tool, log management tool, insider threat capability, forensic tool or other security data capability I would most strongly recommend you check out Apache Spot before making any decision. Spot provides a single consolidated platform for security data that you can put at the center of all your security operation. This is a great way to address the issue of fragmentation and stovepiping of security data that exists in all enterprises today. And, since it works with Apache Spark it comes with fantastic machine learning and artificial intelligence capabilities out of the box and since it also comes with an apps marketplace those and other solutions will only grow.

I would also recommend an in-person demo. Till you can arrange that, the next best option is to see the video below:

For more see: Cloudera.com

 

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com

Latest Stories
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle.
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Deep learning has been very successful in social sciences and specially areas where there is a lot of data. Trading is another field that can be viewed as social science with a lot of data. With the advent of Deep Learning and Big Data technologies for efficient computation, we are finally able to use the same methods in investment management as we would in face recognition or in making chat-bots. In his session at 20th Cloud Expo, Gaurav Chakravorty, co-founder and Head of Strategy Development ...
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
Some people worry that OpenStack is more flash then substance; however, for many customers this could not be farther from the truth. No other technology equalizes the playing field between vendors while giving your internal teams better access than ever to infrastructure when they need it. In his session at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will talk through some real-world OpenStack deployments and look into the ways this can benefit customers of all sizes....
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Interoute has announced the integration of its Global Cloud Infrastructure platform with Rancher Labs’ container management platform, Rancher. This approach enables enterprises to accelerate their digital transformation and infrastructure investments. Matthew Finnie, Interoute CTO commented “Enterprises developing and building apps in the cloud and those on a path to Digital Transformation need Digital ICT Infrastructure that allows them to build, test and deploy faster than ever before. The int...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldw...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin, ...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...