Big Data Intelligence (Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud)

Presented at AppSec USA 2013, Nov. 20, 2013, 4 p.m. (50 minutes)

Video of session: https://www.youtube.com/watch?v=afMvndBEv-I&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=6 Presentation Title: "Big Data Intelligence"  Subtitle: "Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud" As web application attacks turn into massive campaigns against large corporations across the globe, web application firewall data increases exponentially, leaving security experts with a big data mess to analyze. Pinpointing real attacks in a sea of security event noise becomes an almost impossible tedious task. In this presentation, we will unveil a unique platform for collecting, analyzing and distilling Petabytes of WAF security intelligence information. Using the collected data, we will discuss the OWASP ModSecurity Core Rule Set project's accuracy, and reveal common attack trends, as well as our impressions and suggestions for how to wisely make the best out of the CRS project. Topic covered in this presentation: • Using Big Data for analyzing web application security trends • Akamai's Cloud Security Intelligence (CSI) platform - collecting Petabytes of WAF events with near-real time analysis capabilities • Sample data analysis - Top 10 web application attacks and trends, as collected by the system • Short demo of a unique user interface for navigating and analyzing big WAF data (SARA - Security Analytics Research Application) • Measuring the accuracy of the OWASP CRS project? • Analyzing the accuracy of CRS - precision, recall & accuracy statistics against real world traffic • Frequent real world false positives scenarios, and how to remediate them • Top 10 triggering rules statistics Presentation Length: 45 minutes

Presenters:

• Tsvika Klein - Product Line Director - Akamai
  Rich experience as a speaker in industry conferences and technical panels such as OWASP and academia.
• Ory Segal - Sr. Director, Threat Research - Akamai
  Information about my history in the security industry can be found in the reflection blog post done on me: http://myappsecurity.blogspot.co.il/2007/04/reflection-on-ory-segal.html I have been a part of the security industry since 1996, and was closely involved in building some of the leading products in the web application security industry, such as Sanctum's AppShield & AppScan (now IBM). During the years I have published many research papers and technical articles.

Links:

• https://appsecusa2013.sched.com/event/148T1Kx/big-data-intelligence-harnessing-petabytes-of-waf-statistics-to-analyze-improve-web-protection-in-the-cloud
• https://infocon.org/cons/OWASP/AppSecUSA 2013/Big Data Intelligence - Ory Segal, Tsvika Klein.mp4
• https://www.youtube.com/watch?v=afMvndBEv-I

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / Building your Own WAF as a Service and Forgetting about False Positives
• CircleCityCon 8.0 (2021) Virtual / My AWS WAF Deployment Odyssey
• AppSec USA 2017 / WAFs FTW! A modern devops approach to security testing your WAF