Story image

The value of integrating data and analytics for improved cybersecurity

29 May 2018

Article by Think Big Analytics Financial Services Industry business consulting lead Brian Landa

When cyber attacks were limited to individuals operating alone, the rate of attacks was relatively low and it was possible to fight cybercriminals as the attacks occurred. Now, new threats are expanding exponentially and cyber attackers have become far more sophisticated. They’re likely to be working in corporate-like environments where their core responsibilities centre on developing and deploying successful attacks.

The sheer volume of people and tools dedicated to cybercrime is staggering and it’s no longer possible to combat this threat manually. Today’s cyberthreats require predictive, multifaceted strategies to analyse and gain powerful insights into solutions to mitigate the risk.

Conventional, layered defence strategies aren’t working. They can generate large volumes of false positive alerts, overwhelming security professional. Traditional cybersecurity tools can’t effectively process large volumes of data, which means they miss signals that should trigger real threat alerts. This means bad actors remain undetected, hiding in plain sight in the network. Therefore, businesses need an advanced, more strategic approach to network security that disrupts adversary tools and techniques, rendering them ineffective.

Big data analytics lets businesses effectively organise, manage, and analyse vast amounts of information to visualise and draw powerful insights into solutions for stopping cyber attacks.

Data analytics combined with security technologies can help organisations create a stronger, more proactive cyber defence posture. Organisations need to evolve their approach to include next-generation predictive analytics so they can prevent or mitigate successful attacks. This doesn’t necessarily require organisations to collect new data; they can integrate the data they already have with predictive analytics to determine the probability of an attack.

Conventional thinking is that network data volumes are too large to be effectively analysed. Plus, the cost and time involved in analysing such huge amounts of data makes it impractical. However, the reality is that today’s integrated analytic solutions help organisations leverage structured data and big data to build strong defences against cybersecurity threats.

Doing this successfully provides a complete picture of the organisation’s threat landscape, so you can set up defences before cybercriminals gain access.

High-speed, automated analytics let businesses analyse information from multiple sources and data types to respond in near-real time to cyber attacks. This improved readiness leads to shorter response times and faster remediation. It also improves the effectiveness of existing investments in security solutions.

There are three steps organisations can take to effectively use big data analytics to improve cybersecurity:

1. Cyber risk assessment

It’s impossible to protect every part of the organisation equally, and it’s also not necessary. You need to understand the data and network assets so you can identify the most critical systems to protect. These are usually the ones that are mission-critical, or contain commercially-sensitive information or customer details.

It’s important to identify organisational objectives, the processes involved in accomplishing those objectives, risks that could prevent their successful execution, controls to manage or prevent risk, and testing to ensure the effectiveness of the controls.

2. Develop a roadmap

Once you understand the security risks and key priority areas, you need to identify the strengths and weaknesses of your current cyber defences so you can use this to develop a roadmap to prioritise actions. This includes aligning the information security risk with the overall risk tolerance of the organisation. Doing so lets you balance the cost of protection with the risk of being attacked.

3. Optimise existing security solutions

Most companies have already invested in security solutions so it makes sense to optimise that investment where possible. Integrated security data and big data analytics can significantly improve the efficiency and effectiveness of existing security solutions as well as the personnel that operate them.

For example, an intrusion detection system alert can automatically trigger a big data query in another system to deliver the actual network session data to an analyst for fast identification, triage, and remediation. The session data then lets the analyst quickly determine if the alert is real or false. If real, session data can also be used to evaluate the severity of the incident to prioritise remediation. This makes existing systems more effective, and the incident responder more efficient. 

By capturing and visualising precisely what’s coming and going on networks as events happen, organisations can correlate activity through network data elements as they’re generated from each application, transaction, communication, or transmission. This lets you evolve the security approach to next-generation threat detection and cyber-situational awareness.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.