Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, November 20 • 4:00pm - 4:50pm
Big Data Intelligence (Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud)

Sign up or log in to save this to your schedule and see who's attending!

Video of session:
https://www.youtube.com/watch?v=afMvndBEv-I&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=6


Presentation Title: "Big Data Intelligence" 
Subtitle: "Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud"
As web application attacks turn into massive campaigns against large corporations across the globe, web application firewall data increases exponentially, leaving security experts with a big data mess to analyze. Pinpointing real attacks in a sea of security event noise becomes an almost impossible tedious task. In this presentation, we will unveil a unique platform for collecting, analyzing and distilling Petabytes of WAF security intelligence information. Using the collected data, we will discuss the OWASP ModSecurity Core Rule Set project's accuracy, and reveal common attack trends, as well as our impressions and suggestions for how to wisely make the best out of the CRS project.
Topic covered in this presentation: • Using Big Data for analyzing web application security trends
• Akamai's Cloud Security Intelligence (CSI) platform - collecting Petabytes of WAF events with near-real time analysis capabilities
• Sample data analysis - Top 10 web application attacks and trends, as collected by the system
• Short demo of a unique user interface for navigating and analyzing big WAF data (SARA - Security Analytics Research Application)
• Measuring the accuracy of the OWASP CRS project?
• Analyzing the accuracy of CRS - precision, recall & accuracy statistics against real world traffic
• Frequent real world false positives scenarios, and how to remediate them
• Top 10 triggering rules statistics

Presentation Length: 45 minutes

Speakers
avatar for Tsvika Klein

Tsvika Klein

Cloud Security Product Manager, Akamai Technologies
Rich experience as a speaker in industry conferences and technical panels such as OWASP and academia.
avatar for Ory Segal

Ory Segal

Sr. Director of Threat Research, Akamai
Information about my history in the security industry can be found in the reflection blog post done on me: http://myappsecurity.blogspot.co.il/2007/04/reflection-on-ory-segal.html I have been a part of the security industry since 1996, and was closely involved in building some of the leading products in the web application security industry, such as Sanctum's AppShield & AppScan (now IBM). During the years I have published many research... Read More →


Wednesday November 20, 2013 4:00pm - 4:50pm
Salon 2 (5th Floor Ballroom) NY Marriott Marquis