Centrify has been working with Cloudera for years around our many joint customers and a partnership embracing the product strengths of both companies. Building on this foundation, Cloudera and Centrify today announced that Centrify has joined the Open Network Insight (ONI) project.
ONI is an open source, Apache 2.0 licensed cybersecurity project that leverages big data and machine learning to detect advanced threats. ONI provides an open data model for Network, and with the addition of Centrify to the project will be extended to include identity. By extending ONI’s open data model into identity, Centrify is allowing users to centralize identity and account credential data, integrate it into cybersecurity applications that leverage ONI, and to share related threat analytics and intelligence among industry peers.
Centrify is endeavoring to help customers protect themselves from cyberthreats by enriching existing security data with information that Centrify captures through the Centrify Identity Platform. Centrify has the capability to capture activity from end users AND privileged users providing customers an extremely valuable correlation point for activity moving laterally across their networks.
How does it work?
By taking in events from an identity, network, and DNS perspective we can gain insights into what is really happening.
Parallel Ingest Framework. The system uses decoders, optimized from open source, that decode binary flow and packet data, which then loads into HDFS and data structures inside Hadoop. The decoded data is stored in multiple formats so that it is available for searching, used for machine learning, transferred to law enforcement, or inputed into other systems.
Machine Learning. The system uses a combination of Apache Spark and optimized C code to run scalable machine learning algorithms. The machine learning component works not only as a filter for separating bad traffic from benign, but also as a way to characterize the unique behavior of network traffic in an organization.
Operational Analytics. In addition to machine learning, a proven process of context enrichment, noise filtering, whitelisting and heuristics are applied to network data to produce a short list of the most likely patterns, which may be security threats.
Insights into how identities are being used are critical, as hijacked credentials have led to some of the largest compromises in history. The 2016 Verizon Data Breach Investigations Report (DBIR) states that stolen and misused credentials continue to play a major role in most data breaches. With Centrify, ONI will provide on-demand analytics needed to understand how user accounts and activities are impacting security and compliance across users’ environments. Highlighting the importance of Centrify to this project, Tom Reilly, chief executive officer of Cloudera said:
“Centrify’s participation marks a major milestone for ONI, by adding the ability to integrate information about user identities alongside of data about network traffic and endpoints, the project is fulfilling on its promise to support a broad range of cybersecurity data sources that can be used to identify advanced threats and cyberattacks.”
Centrify is proud to be contributing to ONI. Read more about the announcement here.
To find our more about ONI or to contribute to this project, click here.
For more on the Centrify partnership with Cloudera, read: