Countering Cyber Attacks with Big Data and Analytics
Organizations are challenged today as never before to protect their information assets, as well as the underlying networks and services that gather, store, process, and transmit this information. The same better, faster, cheaper information and communication technologies (ICT) that promise to make organizations more successful also present new means, motive, and opportunity to those who would steal information and use it for their own purposes. The most malicious actors are laser-focused on expanding and monetizing their hacking exploits; while legitimate organizations need to balance their security concerns among their other important objectives.
Most organizations deal with attacks, for the most part successfully, on a number of fronts. For example, they manage end user access to applications and data stores, with authentication and authorization controls. Networks are secured by virtue of tunneling and encryption protocols, and through the use of firewalls, gateways and intrusion detection systems. Many large enterprises also have built, or contracted with service providers to operate, 24/7 security operations centers (SOCs), equipped with security information and event management systems (SIEMS), and manned by trained personnel.
Unfortunately, current security solutions are simply not sufficient to protect organizations, especially from cyber-attacks based on advanced persistent threats (APTs). These attacks are typically triggered months after hackers compromise legacy security systems, infiltrate corporate networks and gradually gather the credentials they need to steal the target data.
Meanwhile, well-meaning industry associations and government regulators have muddied the waters, issuing policies and compliance certifications that assuage stakeholder concerns without actually stopping these high-profile data breaches. As disturbing as it is to consider how easily existing vulnerabilities continue to be exploited, and how much information has already been stolen, there is every reason to hope that advancements in ICT can become part of the security solution, rather than another vector subject to attack.
For example, as shown in Exhibit 1, modern database technologies (Big Data) and advanced analytics offer the same compelling value proposition for security as they do for other business applications. Using these new solutions to gather more and better data about threats and vulnerabilities, and subjecting this data to more advanced analytics, will enable security practitioners to find new ways to protect and defend their corporate information assets.
Electronic Access - Site License Fulfilled By Publisher
Electronic Access - Global site License Fulfilled By Publisher