NEW YORK—Organizations are increasingly considering using holistic, data-driven predictive analytics and automation to help uncover cybersecurity threats, particularly as criminals evolve hacking techniques and attack more quickly.
Real-time security and fraud detection are more critical than ever since the growing frequency and sophistication of attacks has made real-time security management even more complicated and challenging, speakers said at Innovation Summit 2014, a cybersecurity conference presented by Security Innovation Network (SINET) on July 17. SINET is a San Francisco-based advisory group working to advance cybersecurity innovation.
Throughout the conference, speakers emphasized the need for industry, academia and government to collaborate on cybersecurity.
Haden Land, vice president of research and technology for Lockheed Martin Information Systems & Global Solutions, noted that the defense contractor’s internal network sees more than 2 billion security sensor events by more than 55,000 unique attackers each day, and added that peers in other industries have similar challenges.
Data analysis can offer a proactive way to monitor entire operating system artifacts—the record of every system event—including configurations, logs, incident reports and alarms, and in some cases, correlate data with external information, for a complete forensic analysis.
Ehab S. Al-Shaer, Ph.D., professor and director of the Cyber Defense and Network Assurability Research Center and director of the National Science Foundation’s Industry/University Cooperative Research Centers Program at the University of North Carolina in Charlotte, called analytics “one of the very important technologies” in security today. “We’ve got to move from just intrusion detection to some other novel ideas,” he said.
Still Early
Information technology research and advisory company Gartner predicts that by 2016, 25 percent of large global companies will have used big data analytics to help uncover at least one security or fraud detection case, up from 8 percent in 2014, and will see a positive return on investment within six months of implementation.
But according to a January 2014 Gartner Research report, big data analytics is ahead of most organizations’ capabilities and most vendors “have barely begun to prove their software’s effectiveness, so it’s still early days for this market.”
The report recommends organizations start small and develop a road map that encompasses multiple use cases and applications.
Cyber Criminals Moving Faster
Organizations currently often rely on siloed monitoring or detection systems optimized for data loss, financial fraud or privileged user monitoring. Faster access to information can help stop losses, according to Gartner.
The need for speedier access to information “is applicable in many security and fraud use cases such as detection of advanced threats, insider threats and account takeover,” report author Avivah Litan, vice president and analyst at Gartner Research, said in a news statement.
The report noted that criminals now move more quickly to commit cybercrime. Just a couple of years ago, hackers often did extensive cyber espionage and then went in for the theft—either money or information. Now, faced with more effective security and fraud prevention measures, they “simply go directly to the theft without a drawn-out reconnaissance phase,” Litan noted.
Recommendations for Using Data Analytics
The Gartner Research report makes the following recommendations:
- Consider using big data analytics to take the noise and high false-positive rates out of security monitoring systems. Doing so will allow security staff to focus on the most important events.
- Start small and pick a project where you can see results, such as making one monitoring system (i.e., data loss prevention) “smarter and less noisy” by infusing it with contextual data and analytics.
- When evaluating vendors, decide if your organization wants canned analytics, has the expertise and resources to develop its own, and/or wants to rely heavily on professional or outsourced services.
- Use fraud, security and cyber threat intelligence from vendors that use their own big data analytics and can make actionable information available to your company.
Data Security ‘Huge Imperative’ for Many Firms
Rich Baich, executive vice president and chief information security officer for Wells Fargo Corp., agreed that starting small trumps trying to build a “super mega data analytics platform.”
“Good data analytics has to go back to that simplistic foundation of what data is needed and what problem am I trying to solve,” Baich said at the SINET conference. “If you try to put too much data into some types of data analytics and automation, you boil the ocean and you lose the impact.”
John Prisco, president and CEO of malware-detection company Triumfant, said big data is at the heart of its product. The company collects about half a million data points from every computer, builds a model of “what’s normal” in that environment and then looks out for unusual changes. A typical customer might have 10,000 computers with three to five terabytes of information, he said.
Myrna Soto, senior vice president and chief infrastructure and information security officer for Comcast, noted that the company is one of the largest Internet service providers and has one of the country’s largest video distribution networks. Her team’s job is the security of the entire service delivery infrastructure and company network.
Security is a “huge imperative” for Comcast, Soto said. The company has made significant investments in building a business intelligence forensics team and plans to hire data scientists.
“There’s a commitment to how we use big data,” she said. “We, by far, believe that our greatest defense today is the data and information that we are able to gather on our network.”
Comcast builds algorithms that will “self-heal” its infrastructure and give it the ability to detect things beyond the “normal transactional type of experiences” that might be a sign of trouble, she said. “It’s not hard to be able to notice when there’s a huge difference in those transactional volumes,” Soto said. “What’s hard is being able to take that intelligence and build some predictive analytics or some preventative or containment measures.”
Pamela Babcock is a freelance writer based in the New York City area.
To read the original article on shrm.org, please click here.