Adobe 的 Security Lakehouse：OCSF、数据效率和大规模威胁检测.pdf

1、Adobes Security LakehouseOCSF,Data Efficiency,and Threat Detection at ScaleKarthik Venkatesan&Andrew KrioukovJune TK,20252Karthik VenkatesanSr.Manager,Security Data Platform and ML Engineering Andrew KrioukovCo-founder&CEOIntroductionsSecurity at AdobeAdobe Security Data Platform(SDP)OpportunityAllo

2、ws Adobe to store and analyze massive security datasets at scale with advanced analytics to enhance threat detection and responseChallengeEfficiently ingest and normalize diverse security data sources to unlock the full value of the data lakeThis spot is great for a diagram,image,small table,code sn

3、ippet or screenshot4Transforming security data into actionable intelligenceSecurity Operations Center(SOC)The frontline team responsible for monitoring,detecting,triaging,and responding to security events in real time.Requirements:Real-time alerting and correlation Built-in rules and detections Case

4、 management and triage workflows Content libraries Security event data analysis Threat detection rules and signatures Enterprise Security(Identity,Access,Engineering)Ensures secure access,authentication,and enforcement of enterprise-wide security controls.Requirements:Cross-platform data correlation

5、 Security tool administration Raw logs and system event visibility Schema/query flexibility for enrichment Incident ResponseHandles the investigation,containment,eradication,and recovery of security incidents.Requirements:Historical security incident data Security metrics and reporting Flexible sche

6、ma and query capabilities Long-term data retention and reprocessing Threat IntelligenceFocused on identifying emerging threats,adversary behaviors,and attack patterns.Requirements:Finding the unknown Raw logs from multiple sources Advanced analytics and ML models Building detections Content librarie