Big data and analytics are no longer just a fad. There are now more companies that have adopted some form of big data solutions. As early as September 2014, Gartner has estimated that 73% of organizations are looking at big data, either planning to invest in or in the process of implementing it. That is an increase from only 64% the year before.
Big data analytics is currently being implemented or was already implemented by one in every five businesses in the United Kingdom in 2012. Moreover, 29% of all businesses in the UK are planning to apply it in 2017.
Analytics and big data have their own set of advantages that are driving up the number of companies using them, but it seems that there is one very positive offshoot in using big data services and analytics: improved security.
Government agencies have seen better cybersecurity because of big data and analytics. Around 84% was able to ward off a cyber attack using big data analytics, while 9 out of 10 have reported lesser incidents of breaches.
As such, there is enough proof to support the notion that companies can use big data services to analyze information coming in, help stop attacks and plug vulnerabilities.
Using big data analytics for cyber security?
First, what is big data analytics? Cloud Security Alliance defines it as the process of mining and analyzing big data in order to get business and operational insights. This includes storing, processing and analyzing big data.
You can use big data analytics to improve your security by using it to get situational awareness and information security. You can, for instance, analyze log files, network traffic and financial transactions to see suspicious activities and correlate all information from these sources.
In the past, companies use security information and event management technologies to detect and stop cyber attacks. In fact, if you use big data analysis for your security, you will find that big data solutions have features that fall under performance and availability monitoring or security information and event management (SIEM).
With the advent of big data solutions, security analytics are now faster and you can use unstructured data and different sources into the mix.
The Cloud Security Alliance includes some use cases on big data services as applied in security.
- Accessing network security. Traditional SIEM tools often fail when you need to access data quickly. In fact, Zion Bancorporation reported that using their old tools it took them up to an hour to parse one month’s worth of data. But with big data solutions, it takes less than a minute. The company uses big data analytics to make their network more secure, getting information from firewalls, devices, website traffic and other transactions.
- Identifying botnets. MapReduce and big data solutions can help you identify infected computers and hosts that are part of a botnet.
- Detecting advanced persistent threat (APT) attacks. APT attacks are like patient thieves in that they are often low and slow. Low in the sense that they keep a low profile in your network and slow because it takes a long time to execute. That means that you may be a victim to an APT attack for a long time but you might not know it. Verizon has reported that APT attacks show up on logs but detection mechanisms are inadequate.
But wait… challenges of using big data solutions for cyber security
Meritalk’s data reveals that government organization had several challenges dealing with big data. Close to half of those interviewed said that they found it difficult to manage the overwhelming amount of data that they encounter. One-third of those surveyed said that they lacked the necessary systems to get cybersecurity data and information, while 3 out of ten said that they were not able to give security managers timely information.
All of these have resulted in a scenario that is less than ideal. The respondents reveal that close to 50% of the data they get are not analyzed.
Big data may be very helpful in stemming cyber attacks but it loses its usefulness when data is not properly mined. Then there is also the problem of not having the right people to interpret and analyze it for you. It also becomes useless if you get stale insights to the people who need up to the minute analysis in order to fight cyber attacks.
How do you use big data services to improve cyber security?
When beefing up security, you need actionable insights and risk management. You can get these from analyzing big data. You need to automate tasks to make the data instantly accessible while the right people get timely insights and analysis.
Big data can help your security analysts in visualizing cyber attacks. You can finally see cyber attacks using a variety of data sources as well as visualize the pattern of attacks. This can include historical data as well.
The historical data will form the basis of what is normal for your operations and from this you can identify when things go beyond business as usual. More than that, historical data can help you create statistical and predictive models as well as make way for machine learning. In the future, you can ward off a cyber attack before it happens rather than fighting an attack that has already penetrated your system.
After setting up these benchmarks and models, it is time to create policies that would govern what steps should be done if a cyber attack is detected from looking at all the data. Be sure to automatically respond to threats that big data detects.
Need help in your big data solutions or in using big data solutions to improve cyber security in your organization? Get in touch with Four Cornerstone by calling us at +1 (817) 377-1144 or filling out our contact form. We also offer Oracle emergency support, Oracle MySQL support, database administration services, Oracle Cloud services, Oracle Linux support, and Oracle training & mentoring.
Photo courtesy of Olivier Carré-Delisle.