Cyber Security Enhanced With Powerful Big Data Analytics
The pace of change in technology is continuing to accelerate, bringing unintended consequences. Cyber criminals of even limited skills can buy exploits on the dark web for less than the price of tickets to the Broadway musical “Hamilton” – and in return realize tens of thousands of dollars in profit from a successful data breach. Cyber attacks are becoming increasingly sophisticated, from drive-by downloads to watering hole attacks to the most common attack vector – spear phishing. Malware is now polymorphic, changing its thumbprint as many as thousands of times per minute to evade corporate defenses. Advanced persistent threats (APTs) are now constantly targeting specific organizations, often starting with spear phishing emails which compromise systems to gain network access and eventually deploying additional tools to fulfill attack objectives.
Confounding VariablesAs you might imagine, it’s nearly impossible to detect these attacks and protect against them using traditional defense-in-depth approaches. Perimeter protection fails when threats are no longer “outside of the moat,” but rather “inside the castle.” Using signature-based threat detection is ineffective in the face of attacks specially built to evade signature detection. For a few more factors to complicate the situation: companies tend to rely on too many discrete and diverse point solutions as part of their defense mechanisms. Combined with their use of diagnostic rather than predictive security procedures, they wind up with too many false alarms that lead to security staff alert fatigue. That desensitization makes it easier for the real security threats to slip by unnoticed. At the same time this total volume of data being transported grows, companies’ are increasingly moving to software-defined networks (SDN) and network function virtualization (NFV). While the move brings benefits for dynamically provisioning network services and streamlining operations, the switch to using virtual images that interact with each other for routing or firewalls or session border controls, rather than individual appliances, may also increase the security risks to the network from a single compromised device.
A Better WayAs Big Data gets bigger and its value ever more enticing to the bad guys, truly actionable intelligence that would enable security teams to effectively patrol their organizations often doesn’t exist. But it can. It’s time for security teams to evolve their approach to this new age of major threats. The way to do it is by leveraging Big Data analytics – especially in combination with machine learning, artificial intelligence and human guidance to:
- Understand normal network behavior
- Distinguish normal from true abnormalities
- Reduce the volume of false alarms
- A typical customer generates 1M+ alerts per month
- The SCC distills that down using human research and threat intelligence
- This results in 7-18 external trouble tickets that require customer mitigation
- Customers usually discover false positives in 3-5% range
- That’s far less than they would with discrete point solutions