Get fresh updates from Hortonworks by email

Once a month, receive latest insights, trends, analytics information and knowledge of Big Data.


Sign up for the Developers Newsletter

Once a month, receive latest insights, trends, analytics information and knowledge of Big Data.


Get Started


Ready to Get Started?

Download sandbox

How can we help you?

* I understand I can unsubscribe at any time. I also acknowledge the additional information found in Hortonworks Privacy Policy.
closeClose button
September 19, 2017
prev slideNext slide

Hortonworks Cybersecurity Platform – Big Data Cybersecurity Solution

With the increases in data volumes, explosion in number of devices and sophistication of attackers, current cybersecurity tools are challenged processing the millions of events and providing insights fast enough. Cybersecurity teams spend hours analyzing threat events by going from one tool to the next.  We are pleased to announce the general availability of Hortonworks Cybersecurity Package (HCP) that provides a single pane of glass view into threat events across your entire landscape. The package offers full Hortonworks support for the Apache Metron project, which is an open source cyber security platform built on top of Hortonworks Data Platform and Data Flow.

The Metron project consists of a highly-tuned data pipeline to ingest, process and analyze security and related data sources at massive scale. It provides parsing and normalization of data into an open and extensible data model, as well as advanced profiling of data allowing behavioral analytics and anomaly detection in real-time. The project also includes a platform for rapid production deployment of machine learning models against streaming data sources, making data scientists more productive and increasing response times.

We’re also pleased to announce the release of version 1.3.0 of the platform, incorporating many improvements to the user interface to streamline SOC operator efficiency. HCP prioritizes alerts to get operators focusing their limited time on high value items, and organizes alerts and information based on an entity centric view.

The Hortonworks product offering includes support for the Cybersecurity platform as well as options to have our delivery experts install and harden platforms to build your security data lake. Our delivery teams integrate and implement common data sources such as Active Directory, NetFlow, DNS logs, Proxy logs, Firewall logs, application logs and others and implement alert and anomaly detection.  We can provide solutions for use cases like personalized monitoring of user behavior, password attacks, geo-improbably activity, changes in server and client behavior.

With the onslaught of data faced by Security Operations Centers today, and the challenges of finding enough people to staff them, big data technologies like Hortonworks Data Platform including Hadoop, HBase, and large scale streaming platforms like Kafka and Storm, are essential to just handle the volume of data coming into security organizations. The other key is to apply advanced analytics, like the Metron Profiler which applies real-time analytics, and Model as a Service providing a platform for more advanced machine learning models using technologies like Spark, GPUs and deep learning. These analytics are the piece that brings efficiency and effectiveness to operators, as well as better detection of unknown threats.

For managed security service providers, and complex enterprise environments we have added capabilities to Metron to improve multi-tenancy, and meta-data management, allowing some of our customers to be able to consolidate their existing security operations overhead and more efficiently serve their customers.

With the increasing need for deep forensics, and in the context of recent attacks where organizations have been unable to determine the nature or extent of a threat, or of their loss, we need to be able to use the scalable large scale storage of HDP underneath the HCP platform which allows us to collect and retain data longer, right down to the PCAP level of granularity. With this scale we are able to not just detect more threats before they become an issue, but also help CISOs control and understand the damage done by any successful breach, and give them exact information allowing them to mitigate damage and control risk.

To find out more about how the Apache Metron project, and the Hortonworks Cybersecurity Package can deliver better efficiency and detection to your security org, find more information here: Hortonworks Cybersecurity Platform


system design and architecture says:

Can this be used to assess risk/fraud attempts?

Simon Elliston Ball says:

A lot of cyber security use cases fall into fraud detection and uncovering both risky and compromised behavior, so the Package is very much geared at solving those problems.

It certainly makes sense to use HCP to detect strange behvaior, and potential fraud in for example web site activity, or other transactional activity using things like the behavior profiling capability. There is also the ability to integrate external system to act upon fraud detection.

In some fraud cases, where realtime short SLA is required (e.g. credit card payment processing) the complexity and latency of analytics may be a little long, however, even in those scenarios, the depth of analytics give a strong baseline value to use for active fraud detection.

Leave a Reply

Your email address will not be published. Required fields are marked *