Apache Metron: Open source cybersecurity at scale

Carolyn Duby (Cloudera), Madhan Neethiraj (Cloudera), Michael Gregory (Cloudera), Sangeeta Doraiswamy (cloudera)

1:30pm–5:00pm Tuesday, September 24, 2019

Location: 1E 08

Security and Privacy

Secondary topics: Privacy and Security

Average rating:

(5.00, 1 rating)

Who is this presentation for?

Data engineers, platform engineers, security analysts, and data scientists

Level

Intermediate

Description

Cybersecurity is a big data challenge. Applications and security devices create terabytes of logs per day in hundreds of different formats, but security analysts can only investigate a portion of the events, and they need to decide which ones they should investigate and which events are related. Enter Apache Metron, a real-time security analytics platform that ingests, normalizes, enriches, triages, and stores application and security events in a data lake.

Bring your laptop, roll up your sleeves, and get ready to crunch some events with Metron. Run through the step-by-step examples with Carolyn Duby on your own cloud Metron installation. When you get back to the office you will be ready to use Metron back at the office.

Outline:

Apache Metron overview
Getting started
Ingesting, normalizing, and enriching events
Triaging events to find the needle in the haystack
Machine learning: Building and applying models
User and entity behavior analytics: Profiling and anomaly detection
Exploring event history: Dashboards, threat hunting, and investigation

Prerequisite knowledge

General knowledge of big data or cybersecurity (useful but not required)

Materials or downloads needed in advance

A WiFi-enabled laptop with access to AWS instances
Download materials from the "course GitHub repository":https://github.com/carolynduby/ApacheMetronWorkshop

What you'll learn

Learn to use the most important features of the Apache Metron platform to triage cybersecurity data

Carolyn Duby

Cloudera

Carolyn Duby is a solutions engineer at Cloudera, where she helps customers harness the power of their data with Apache open source platforms. Previously, she was the architect for cybersecurity event correlation at Secureworks. A subject-matter expert in cybersecurity and data science, Carolyn is an active leader in the community and frequent speaker at Future of Data meetups in Boston, MA, and Providence, RI, and at conferences such as Open Data Science Conference and Global Data Science Conference. Carolyn holds an ScB (magna cum laude) and ScM from Brown University, both in computer science. She’s lifelong learner and recently completed the Johns Hopkins University Coursera data science specialization.

Madhan Neethiraj

Cloudera

Michael Gregory

Cloudera

Michael Gregory leads the field team for machine learning at Cloudera helping organizations derive business value from machine learning. Michael has more than 20 years of experience building, selling, implementing, and supporting large-scale data management solutions at Sun Microsystems, Oracle, Teradata, and Hortonworks and has seen and evangelized the power of data to transform organizations and industries from automotive to telco and public sector to manufacturing.

Website

Sangeeta Doraiswamy

cloudera

Sangeeta Thirumalai is a software developer at Cloudera, specializing in database technologies. She is currently responsible for architecting workload-level optimization tools for SQL-on-Hadoop workloads.