Get fresh updates from Hortonworks by email

Once a month, receive latest insights, trends, analytics information and knowledge of Big Data.

cta

Get Started

cloud

Ready to Get Started?

Download sandbox

How can we help you?

closeClose button
April 14, 2016
prev slideNext slide

Apache Metron User Personas and Core Functional Themes

On Tuesday April 12th, we released the first of our multi-part Big Data Cybersecurity Analytics blog series titled Roots of Apache Metron, authored by the Hortonworks product management and engineering teams, to announce Apache Metron 0.1 release. Built with the Apache Community, Metron is a next generation cyber security application that detects and responds to Advanced Persistent Threats. Security Operation Centers (SOC) can receive alerts to suspicious events as a result of filtering, enriching, storing and analyzing telemetry data or “data in motion” (logs, network, packet capture, etc.). In the HCC article, Metron Explained, George Vetticaden, Hortonworks Principal Architect and Cybersecurity Product Manager, discusses the roots of Apache Metron and traces a telemetry event as it flows across the platform. This leads to the following questions that we will cover here, as well as in the HCC article, Apache Metron User Personas and Why Metron?.

  • Who will be the different users of Apache Metron?
  • What are the functional themes of Apache Metron?
  • Why Metron? A Data Scientist Perspective
  • Why Metron? A SOC Analyst & Investigator Perspective

Bridging the Cybersecurity Talent Gap

In the U.S. alone, companies posted 49,493 jobs requiring Certified Information Systems Security Professional (CISSP) certification last year, however, there are only 65,362 CISSP holders, the majority of whom are already employed. (Burning Glass Technologies. Job Market Intelligence: Cybersecurity Jobs 2015). Metron helps organizations discover the true value they can deliver by building capabilities in their people and processes to bridge the talent gap. There are six different security professionals in the SOC who can all benefit from using Metron. Each professional has well-defined responsibilities and different objectives. Metron is built to help the SOC and people scale with real-time data ingestion, telemetries that are correlated, an automated incident response process, easier data access and search, and vulnerability management and integration with external threat intel sources. In a later blog we will cover Metron’s SOC maturity model and how organizations move through the different levels maturing to analytics and machine learning that big data platforms like Hadoop and Metron’s Security Analytics help enable for them.

Apache Metron’s Consumers

There are six user personas that Metron aims to target.

Metron User Personas

For a more in depth look at Metron’s user personas, please see the HCC article: Apache Metron User Personas and Why Metron?.

Apache Metron Core Functional Themes

We will now describe the four core functional themes that Metron will focus on. As the community around Metron continues to grow, new features and enhancements will be prioritized across these four themes.

The 4 core functional themes are the following:

metron-functional-themes

Apache Metron Release 0.1 and its Target Personas and Themes

Over the last 4 months, the community led by Hortonworks, has been hard at work on Apache Metron’s first release (Metron 0.1).

Now that we have highlighted the user personas and core themes for Metron, the following depicts where the engineering focus has been for Metron 0.1.

Metron TP1 core themes

As the diagram above illustrates, the key focus areas for Metron 0.1 are the following:

  • The platform theme was the primary focus. Before we could focus on the UI and support more telemetry data sources, we needed to ensure that the platform was rock solid. This meant ensuring an easy way to provision this very complex app. In addition, considerable work went into refactoring the code base and addressing technical debt. This included work to ensure that code was simpler and easier to maintain, the ability to add new data sources in a declarative manner, performance and extensible improvements and improving the quality of the code.
  • The persona of focus was the Security Platform Engineer.
  • Metron 0.1 offers dashboard views for the SOC analyst and investigator.

More Details on HCC

More details on Metron user personas and what those users can do with the platform that they couldn’t do with traditional security tools can be found in the following HCC article: Apache Metron User Personas and Why Metron?.

About the Authors

Bio: George Vetticaden is a Principal Architect at Hortonworks, Senior Product Owner/Manager for Metron/CyberSecurity, and committer on the Apache Metron project. Over the last 4 years at Hortonworks, George has spent time in the field with enterprise customers helping them build big data solutions on top of Hadoop. In his previous role at Hortonworks, George was the Director of Solutions Engineering where he led a team of 15 Big Data Senior Solution Architects helping large enterprise customers with use case inception, design, architecture, to implementation of use cases monetizing data with Hadoop. George graduated from Trinity University with a BA in Computer Science.

(LinkedIn Profile: https://www.linkedin.com/in/georgevetticaden)

jamessirota

Bio: James Sirota is Director of Security Solutions at Hortonworks and committer on the Apache Metron project. Previously James was the Chief Data Scientist at Cisco focused on Big Data security analytics, and spearheaded OpenSOC. His primary expertise is in the design and implementation of Big Data platforms on top of Hadoop, MapReduce, Yarn, Storm, Kafka, Elastic Search and Flume. James holds a Data Science degree, a Master’s in Computer Engineering and is a licensed information security professional.

(LinkedIn Profile: https://www.linkedin.com/in/jsirota )

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

If you have specific technical questions, please post them in the Forums

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>