Big data security analytics are vital for 2015. Unfortunately, security threats will only increase in cost, severity and complexity. No one is immune. For example, a large utility is typically “pinged” 1 million times every day by malicious parties. That sounds like a lot, but these attacks are rarely noticed because the same utility processes millions of events per second, offering plenty of cover. Current approaches are best suited to combat known threats. The challenge is finding new associations and uncovering patterns to identify clues about attacks such as advanced persistent threats, spear phishing and hacktivism.

Among the noise of big data, organizations need sophisticated, real-time analytics to find a relatively weak signal. Many threats cannot be detected without deep insight. The challenge organizations face is learning how to extend their security strategies to find and neutralize increasingly complex threats.

Real-time big data security analytics must filter and analyze millions of events per second across a wide variety of data sources, including traditional security sources, such as log or audit files, and emerging sources such as images, social data, sensors and email.

Think of big data security analytics in terms of a city. A city has roads leading into and out of the city limits. Air traffic from planes, emergency helicopters and blimps for sporting events fill the air. Buildings contain private, governmental and for-profit organizations of all sizes; commerce takes place in retail establishments, hotels and via free citywide wireless services — you get the point. A lot needs to be done to protect people, vehicles, personally identifiable data and corporate data, but most of it is neither controllable nor predictable. Can you correlate a business traveler’s Internet usage across airports, hotels and mobile devices without violating privacy laws? What do you need to succeed?

The following are five tips to help you protect your “city” in 2015:

1. Analyze All Assets in Motion

Analyze structured data and emerging unstructured sources to proactively identify and correlate incidents and deliver insight. Send real-time alerts for predefined behaviors and events. Quickly ingest, analyze and correlate information as it arrives from thousands of big data sources or store for historical analysis in a Hadoop platform.

2. Continually Filter and Expose

Observe unearthed insights in real time to filter out false positives, expose false negatives or store information for additional analysis.

3. Understand Access Through Disparate Sources and the Internet

Highlight potential attack vectors by constantly analyzing the various ways applications, networks, databases, mobile devices and more can be accessed from both inside and outside of the enterprise.

4. Respond to Events in Real Time

Complete real-time analysis of big data — including unstructured sources such as social, video and sensors — to identify and respond to suspicious deviations from baseline behaviors.

5. Recognize Patterns in Interactions

Create a baseline activity for cybertraffic and physical movements to identify deviations from normal behavior, then determine which deviations are meaningful to help detect attacks in progress.

The Importance of Security Analytics

Big data security analytics let organizations sift through massive amounts of data — generated inside and outside the organization — to uncover hidden relationships, detect patterns and remove security threats. Security analytics blend real-time analytics on data in motion with historical analysis on data at rest. By deploying security-specific analytics, organizations can find new associations or uncover patterns and facts. This real-time insight can be invaluable for detecting new types of threats.

Real-time cyberattack prediction and mitigation means organizations can discover new threats early and react quickly before they propagate. The goal is crime prediction and protection. Analyzing data from the Internet (email, voice over IP), smart devices (location, call detail records) and social media can help law enforcement better detect criminal threats and collect evidence. Instead of waiting for a crime to be committed, organizations can address it proactively.

Privacy policies are enhanced with big data security analytics. For example, an organization could use real-time streaming security analytics for deep packet inspection to monitor Web traffic, Domain Name System lookups, network flow and port and protocol usage. The outcome of this analysis could reveal precisely which Web servers have been infected with malware, identify suspicious domain names, pinpoint leaked documents and deliver intelligence on data access patterns.

This detailed analysis informs data protection policies. Analytics can help organizations know which data to mask, which documents to redact and which data sources, including databases, data warehouses and big data platforms, to monitor.

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today