Five Steps for Better Security Analytics in 2015

January 6, 2015
| |
3 min read

Big data security analytics are vital for 2015. Unfortunately, security threats will only increase in cost, severity and complexity. No one is immune. For example, a large utility is typically “pinged” 1 million times every day by malicious parties. That sounds like a lot, but these attacks are rarely noticed because the same utility processes millions of events per second, offering plenty of cover. Current approaches are best suited to combat known threats. The challenge is finding new associations and uncovering patterns to identify clues about attacks such as advanced persistent threats, spear phishing and hacktivism.

Among the noise of big data, organizations need sophisticated, real-time analytics to find a relatively weak signal. Many threats cannot be detected without deep insight. The challenge organizations face is learning how to extend their security strategies to find and neutralize increasingly complex threats.

Real-time big data security analytics must filter and analyze millions of events per second across a wide variety of data sources, including traditional security sources, such as log or audit files, and emerging sources such as images, social data, sensors and email.

Think of big data security analytics in terms of a city. A city has roads leading into and out of the city limits. Air traffic from planes, emergency helicopters and blimps for sporting events fill the air. Buildings contain private, governmental and for-profit organizations of all sizes; commerce takes place in retail establishments, hotels and via free citywide wireless services — you get the point. A lot needs to be done to protect people, vehicles, personally identifiable data and corporate data, but most of it is neither controllable nor predictable. Can you correlate a business traveler’s Internet usage across airports, hotels and mobile devices without violating privacy laws? What do you need to succeed?

The following are five tips to help you protect your “city” in 2015:

1. Analyze All Assets in Motion

Analyze structured data and emerging unstructured sources to proactively identify and correlate incidents and deliver insight. Send real-time alerts for predefined behaviors and events. Quickly ingest, analyze and correlate information as it arrives from thousands of big data sources or store for historical analysis in a Hadoop platform.

2. Continually Filter and Expose

Observe unearthed insights in real time to filter out false positives, expose false negatives or store information for additional analysis.

3. Understand Access Through Disparate Sources and the Internet

Highlight potential attack vectors by constantly analyzing the various ways applications, networks, databases, mobile devices and more can be accessed from both inside and outside of the enterprise.

4. Respond to Events in Real Time

Complete real-time analysis of big data — including unstructured sources such as social, video and sensors — to identify and respond to suspicious deviations from baseline behaviors.

5. Recognize Patterns in Interactions

Create a baseline activity for cybertraffic and physical movements to identify deviations from normal behavior, then determine which deviations are meaningful to help detect attacks in progress.

The Importance of Security Analytics

Big data security analytics let organizations sift through massive amounts of data — generated inside and outside the organization — to uncover hidden relationships, detect patterns and remove security threats. Security analytics blend real-time analytics on data in motion with historical analysis on data at rest. By deploying security-specific analytics, organizations can find new associations or uncover patterns and facts. This real-time insight can be invaluable for detecting new types of threats.

Real-time cyberattack prediction and mitigation means organizations can discover new threats early and react quickly before they propagate. The goal is crime prediction and protection. Analyzing data from the Internet (email, voice over IP), smart devices (location, call detail records) and social media can help law enforcement better detect criminal threats and collect evidence. Instead of waiting for a crime to be committed, organizations can address it proactively.

Privacy policies are enhanced with big data security analytics. For example, an organization could use real-time streaming security analytics for deep packet inspection to monitor Web traffic, Domain Name System lookups, network flow and port and protocol usage. The outcome of this analysis could reveal precisely which Web servers have been infected with malware, identify suspicious domain names, pinpoint leaked documents and deliver intelligence on data access patterns.

This detailed analysis informs data protection policies. Analytics can help organizations know which data to mask, which documents to redact and which data sources, including databases, data warehouses and big data platforms, to monitor.

Kimberly Madia
World Wide Data Governance Strategist, IBM Security

Kimberly Madia is a World Wide Data Governance Strategist for the Information Management Security and Compliance solutions. She has been with IBM for twelve...
read more