Protect Your Assets

Put your big data to work with big data security analytics

Put your big data to work with big data security analytics


Consumers rely on companies to protect their data, mass quantities of which are collected every day across sensors, services, and devices. Credit card numbers, bank account information, social security numbers—they're all for the taking, and companies that don't protect customer data can now be made liable for data breaches, as Target learned when it agreed to pay out $10 million in damages for the 2013 breach that affected 40 million customers.

In its 2015 Cost of Cyber Crime Study sponsored by HPE, Ponemon Institute found that the average annual cost of cybercrime on an organization is $15 million, a net increase of 19 percent over 2014 findings. The average time to resolve such attacks was about 46 days, and the time from detection to resolution typically costs an average of $1.9 million. Companies that used a proactive approach to data security by deploying security intelligence systems experienced an average cost savings of $3.7 million, compared to those that didn't. But just as big data is a viable source of income for hackers, big data security analytics is an equally viable source for IT to combat data breaches.


Putting big data to work
Traditional anti-malware and antivirus software can spot viruses and other anomalies (some of them), but it can't harness the power of your data, help you predict future attacks, or sniff out incremental abnormalities to find potential data breaches as they occur. In many cases, antivirus software is nothing more than a band aid. Relying on anti-malware and antivirus solutions alone may leave your network (and your data) vulnerable to attack. More than just a tool for marketing analytics and consumer targeting, big data is a security tool capable of providing insights unseen in traditional security platforms.

Chances are you already have access to plenty of usable data within your organization, but to use big data for security, the data needs to be mined. Begin by creating an inventory of your existing data. Determine which tags you'll need for each data set, then assign profiles and tags appropriately. Once your data is organized, it's time to analyze for threats. Near real-time analysis is available, so remember to consider all possible data sets at the onset.

A comprehensive security intelligence system will help you identify patterns and predict potential outcomes using your existing data or through real-time assessments. Security intelligence systems like security information and event management (SIEM) can sift through data and identify known patterns of attack, giving analysts more than just a convenient visualization dashboard. They don't require you to meld all your data sets into a single format or remove duplicate entries; they can distill actionable threat intelligence from disparate data sets. Security intelligence systems allow analysts to use big data security analytics to visualize complex relationships within the data to better understand potential threats or better mitigate an ongoing cyberattack.

Monitoring and analysis
Continuous monitoring and analysis can help you gain insight into common threats within your organization, including phishing attempts; social engineering; insider data breaches; outside attacks; malware; intellectual property theft; and compromised, lost, or stolen devices. Monitoring machine activity alone won't reveal all attacks. Controlling access to sensitive data through authorized user accounts is also recommended, but attacks from authorized user accounts aren't uncommon. Sophisticated monitoring and analysis tools can help you identify which user accounts are acting as expected, and which are anomalies. These insider threats tend to be more difficult to identify, but spotting rogue internal account activity early will give you an opportunity to update access policies to prevent further intrusion. Failure to monitor such activity can and will result in significant losses.

The threat of an insider data breach extends beyond current and former employees. Third-party contractors and trusted business partners can unwittingly become insider threat actors when their data is breached. Attackers can potentially gain access to enough data and systems to employ social engineering to gather more detailed access information. PwC's 2014 US State of Cybercrime Survey found that nearly one-third of cybersecurity survey respondents said insider crimes were more damaging or costly than those committed by external actors. Less than half of these same respondents said they already had an insider risk-management strategy in place.

Real-time monitoring and analysis can help identify potential threats as they emerge. If you experience a breach, you can use forensic analysis of past events to gain insight into the nature of an attack. Detailed analysis of activity leading up to a specific event can help you develop future policies and effective countermeasures. Identifying weaknesses in networks and processes based on your findings can help stakeholders fully understand the need for more adaptive and proactive security measures.

The "known" unknowns
Threat intelligence monitoring is becoming an essential tool for security professionals. In Dark Reading's 2014 Threat Intelligence Survey, 42 percent of respondents said they use a third-party threat intelligence platform to guide security IT decisions, but 31 percent are learning about data analysis on the job, pointing to the need for threat intelligence that provides digestible data and teams capable of mining the data.

You probably already have access to the amount of data necessary to find potential threats, and you don't need to reimagine your current workflows to surface the data. With forensic analysis, you can review past events and better prepare your staff and networks for future attacks. Your big data, along with a robust threat intelligence system, can give you more than just actionable insights for marketing segments. Big data security analytics can give you detailed cues about potential vulnerabilities. Protecting your data from potential intrusion is one of the best ways to keep your organization secure and competitive in the future.

For more on how to protect your digital enterprise, read the 2016 Cyber Risk Report.

Guest post by Michelle Greenlee


  • Big Data Security Analytics
0 Kudos
About the Author