Big Data Analytics Tackles Cyber Security
The cyber security storm is upon us with no end in sight. Network and data breaches are being reported almost daily. Just recently we learned that Apple, the U.S. Postal Service and JP Morgan have been breached. Companies like these are spending billions to detect and thwart increasingly sophisticated attacks but they continue unabated.
Most companies have a collection of point solutions that handle various aspects of perimeter and data defense as well as user authentication rules and methods. But these applications represent disconnected silos of security data and a traditional approach to cyber security.
What’s more, these systems generate a raft of information that often overwhelms the capabilities of the IT security staff to investigate and mediate the problems. Many companies have given up on trying to correlate the cacophony of alerts.
Big Data Analytics
What’s needed is a new security architecture that brings an integrated approach to cyber security. This approach applies automation and machine learning to detect and analyze threats to perimeter defenses. It also analyzes big data for clues to identify advanced persistent threats and other malicious code that finds its way past perimeter defenses.
Human intelligence also plays a big role in analyzing behavioral anomalies identified by advanced analytics to determine whether a threat is present. Once that determination is made and fed back into the machine learning application, it becomes part of the collective intelligence of an effective cyber security system.
This new form of cyber security software and services will become more useful and accurate as it adapts and becomes aware of the context of potential threats. Here are some examples of how the new cyber security systems apply context-awareness:
- Since analyzing large packet samples is difficult, the more advanced systems collect smaller samples at many network access points
- They analyze each sample, pass indicators to the next level of threat intelligence and combine this data with indicators from other access points
- They understand how sample points relate and how a packet moves from one point to another
- The most effective approach is to perform the security analysis in a distributed cloud environment to achieve scale and efficiency
Cloud-based managed security services are able to store this vast and growing amount of security information and apply real time and predictive analytics to the advanced persistent threats (APTs) facing companies.
But even with big data capabilities, cyber security systems will need to use packet sampling or packet statistical data to detect intrusions. Changes in network behavior indicate changes in the network. If these changes are not planned, they need to be investigated.
Looking for known byte patterns in packets will become near impossible. Packet meta-data will need to be collected by network hardware and this will become part of the security network data. The network will become an intelligent switch fabric using the emerging cloud-based OpenFlow standard to share information and institute new rules consistently across network devices and services.
Cyber attacks continue to grow in number and ferocity. And the big data generated by security systems is accelerating as a result. It’s pretty apparent that companies are in the eye of the storm and need to act now to avoid further damage.
To learn more, join us on November 18 for our webinar: “Transform Enterprise Security with Advanced Analytics.”