Big Data Intelligence
Ory Segal, Tsvika Klein at AppSec USA 2013
Subtitle: "Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud"
As web application attacks turn into massive campaigns against large corporations across the globe, web application firewall data increases exponentially, leaving security experts with a big data mess to analyze. Pinpointing real attacks in a sea of security event noise becomes an almost impossible tedious task. In this presentation, we will unveil a unique platform for collecting, analyzing and distilling Petabytes of WAF security intelligence information. Using the collected data, we will discuss the OWASP ModSecurity Core Rule Set project's accuracy, and reveal common attack trends, as well as our impressions and suggestions for how to wisely make the best out of the CRS project.
Topic covered in this presentation: • Using Big Data for analyzing web application security trends
• Akamai's Cloud Security Intelligence (CSI) platform - collecting Petabytes of WAF events with near-real time analysis capabilities
• Sample data analysis - Top 10 web application attacks and trends, as collected by the system
• Short demo of a unique user interface for navigating and analyzing big WAF data (SARA - Security Analytics Research Application)
• Measuring the accuracy of the OWASP CRS project?
• Analyzing the accuracy of CRS - precision, recall & accuracy statistics against real world traffic
• Frequent real world false positives scenarios, and how to remediate them
• Top 10 triggering rules statistics
Speakers
Tsvika Klein
Cloud Security Product Manager, Akamai Technologies
Rich experience as a speaker in industry conferences and technical panels such as OWASP and academia.
Ory Segal
Principal Product Architect, Cloud Security, Akamai Technologies
Information about my history in the security industry can be found in the reflection blog post done on me: http://myappsecurity.blogspot.co.il/2007/04/reflection-on-ory-segal.html I have been a part of the security industry since 1996, and was closely involved in building some of the leading products in the web application security industry, such as Sanctum's AppShield & AppScan (now IBM). During the years I have published many research papers and technical articles.
As web application attacks turn into massive campaigns against large corporations across the globe, web application firewall data increases exponentially, leaving security experts with a big data mess to analyze. Pinpointing real attacks in a sea of security event noise becomes an almost impossible tedious task. In this presentation, we will unveil a unique platform for collecting, analyzing and distilling Petabytes of WAF security intelligence information. Using the collected data, we will discuss the OWASP ModSecurity Core Rule Set project's accuracy, and reveal common attack trends, as well as our impressions and suggestions for how to wisely make the best out of the CRS project.
Topic covered in this presentation: • Using Big Data for analyzing web application security trends
• Akamai's Cloud Security Intelligence (CSI) platform - collecting Petabytes of WAF events with near-real time analysis capabilities
• Sample data analysis - Top 10 web application attacks and trends, as collected by the system
• Short demo of a unique user interface for navigating and analyzing big WAF data (SARA - Security Analytics Research Application)
• Measuring the accuracy of the OWASP CRS project?
• Analyzing the accuracy of CRS - precision, recall & accuracy statistics against real world traffic
• Frequent real world false positives scenarios, and how to remediate them
• Top 10 triggering rules statistics
Speakers
Tsvika Klein
Cloud Security Product Manager, Akamai Technologies
Rich experience as a speaker in industry conferences and technical panels such as OWASP and academia.
Ory Segal
Principal Product Architect, Cloud Security, Akamai Technologies
Information about my history in the security industry can be found in the reflection blog post done on me: http://myappsecurity.blogspot.co.il/2007/04/reflection-on-ory-segal.html I have been a part of the security industry since 1996, and was closely involved in building some of the leading products in the web application security industry, such as Sanctum's AppShield & AppScan (now IBM). During the years I have published many research papers and technical articles.