Battling Botnets with Apache Metron

Battling Botnets with Apache Metron

Thursday, May 23
2:00 PM - 2:40 PM
Marquis Salon 13

A botnet is a network of malware-infected devices. Cyber criminals can then direct the botnet to (among other actions) send phishing emails, engage in click fraud, steal information, and launch distributed denial of service (DDOS) attacks. Frighteningly, infected hosts may show no signs or symptoms of infection, simply lying in wait for months or years until their eventual call into service.

Infections aren't limited to only laptops and phones. Consider also the existence of billions of network-enabled IOT devices, many of them running unpatched micro-kernels, often vulnerable to infection. In 2016, an army of Mirai infected routers, cameras, and even baby monitors attacked a domain name service provider, interrupting popular internet sites for several hours.

Botnets employ different tricks such as peer to peer communications and fast flux DNS to evade detection. Sadly, botnets are a reality, not something out of a sci-fi series. Worse, their numbers and sizes are growing larger every day. Thankfully, we have an architecture for fighting back!

Apache Metron is a horizontally scalable cyber security analytics platform that ingests, enriches and triages events in real-time. This presentation details how to use the unique features of Apache Metron, Zeppelin, and Spark to detect, investigate, visualize, and respond to botnets.

Presentation Video


Carolyn Duby
Solutions Engineer
Carolyn Duby is a Solutions Engineer and Cyber Security SME at Hortonworks, where she helps customers harness the power of their data with Apache open source platforms. Previously, she was the architect for cybersecurity event correlation at SecureWorks. A subject-matter expert in cybersecurity and data science, Carolyn is an active leader in the community and frequent speaker at Future of Data meetups in Boston, MA, and Providence, RI, and at conferences such as Strata Data Conference, Dataworks Summit, Open Data Science Conference and Global Data Science Conference. Carolyn holds an ScB (magna cum laude) and ScM from Brown University, both in computer science. She is lifelong learner and recently completed the Johns Hopkins University Coursera Data Science Specialization.