《跳进湖里:数据湖如何帮助您的安全计划.pdf》由会员分享,可在线阅读,更多相关《跳进湖里:数据湖如何帮助您的安全计划.pdf(51页珍藏版)》请在三个皮匠报告上搜索。
1、Go jump in a lakeHow a data lake can help your security programBrian DavisPrincipal Software EngineerWho am I?Member of the Red Canary Architecture teamIve been building complex distributed systems for more than two decadesAvid hiker,photographer,home automator,and beekeeper based in DenverBrian Dav
2、isPRINCIPAL SOFTWARE ENGINEERRED CANARY,a Zscaler Companybrianthedavis1.SIEM Basics:How You Use It and Why Its Expensive2.Whats a Data Lake?3.Building a Data Lake for Fun and Profit4.Security Use CasesSIEM BUDGETSIEMLets talk about SIEM*architecture*Well use OpenSearch as a stand inOpenSearch Cluste
3、rOne Simple Truth in Cloud Computing ITRenting Computers Is ExpensiveMonthly Cost Comparison AWS Pricing Per Month for 105TB of storage on a 12 node cluster$24,688$2,484$106Why is SIEM so good at what it does?432 cores3 TB RAMDefinitionAWSs Definition:A data lake is a centralized repository that all
4、ows you to store all your structured and unstructured data at any scale.https:/ Definition:A data lake is a centralized repository that ingests,stores,and allows for processing of large volumes of data in its original form.https:/ Definition:A data lake is a repository that stores,processes,and secu
5、res large amounts of data.Data lakes help businesses cut costs,manage data,and use AI.https:/ Lakesare taking existing technologies nd gluing them tgether.https:/ Cluster$8,640OpenSearch ClusterOpenSearch Cluster$8,640$2,400*Hypothetical Pie Chart of Compute UseWhy pay for all this idle compute time
6、?If youre not using the computer,turn it off.OpenSearch Clusteralright-I get it.You sprinkle in compute.But theres still magic,right?Rows and ColumnsRows and Columnssnapshot_ts|id|des|run|req|lim|req_bytes|lim_bytes-+-+-+-+-+-+-+-2025-04-01 00:00:10|2954|1|1|1000|2000|4294967296|42949672962025-04-01