Big data security analytics are vital for 2015. Unfortunately, security threats will only increase in cost, severity and complexity. No one is immune. For example, a large utility is typically “pinged” 1 million times every day by malicious parties. That sounds like a lot, but these attacks are rarely noticed because the same utility processes millions of events per second, offering plenty of cover. Current approaches are best suited to combat known threats. The challenge is finding new associations and uncovering patterns to identify clues about attacks such as advanced persistent threats, spear phishing and hacktivism.

Among the noise of big data, organizations need sophisticated, real-time analytics to find a relatively weak signal. Many threats cannot be detected without deep insight. The challenge organizations face is learning how to extend their security strategies to find and neutralize increasingly complex threats.

Real-time big data security analytics must filter and analyze millions of events per second across a wide variety of data sources, including traditional security sources, such as log or audit files, and emerging sources such as images, social data, sensors and email.

Think of big data security analytics in terms of a city. A city has roads leading into and out of the city limits. Air traffic from planes, emergency helicopters and blimps for sporting events fill the air. Buildings contain private, governmental and for-profit organizations of all sizes; commerce takes place in retail establishments, hotels and via free citywide wireless services — you get the point. A lot needs to be done to protect people, vehicles, personally identifiable data and corporate data, but most of it is neither controllable nor predictable. Can you correlate a business traveler’s Internet usage across airports, hotels and mobile devices without violating privacy laws? What do you need to succeed?

The following are five tips to help you protect your “city” in 2015:

1. Analyze All Assets in Motion

Analyze structured data and emerging unstructured sources to proactively identify and correlate incidents and deliver insight. Send real-time alerts for predefined behaviors and events. Quickly ingest, analyze and correlate information as it arrives from thousands of big data sources or store for historical analysis in a Hadoop platform.

2. Continually Filter and Expose

Observe unearthed insights in real time to filter out false positives, expose false negatives or store information for additional analysis.

3. Understand Access Through Disparate Sources and the Internet

Highlight potential attack vectors by constantly analyzing the various ways applications, networks, databases, mobile devices and more can be accessed from both inside and outside of the enterprise.

4. Respond to Events in Real Time

Complete real-time analysis of big data — including unstructured sources such as social, video and sensors — to identify and respond to suspicious deviations from baseline behaviors.

5. Recognize Patterns in Interactions

Create a baseline activity for cybertraffic and physical movements to identify deviations from normal behavior, then determine which deviations are meaningful to help detect attacks in progress.

The Importance of Security Analytics

Big data security analytics let organizations sift through massive amounts of data — generated inside and outside the organization — to uncover hidden relationships, detect patterns and remove security threats. Security analytics blend real-time analytics on data in motion with historical analysis on data at rest. By deploying security-specific analytics, organizations can find new associations or uncover patterns and facts. This real-time insight can be invaluable for detecting new types of threats.

Real-time cyberattack prediction and mitigation means organizations can discover new threats early and react quickly before they propagate. The goal is crime prediction and protection. Analyzing data from the Internet (email, voice over IP), smart devices (location, call detail records) and social media can help law enforcement better detect criminal threats and collect evidence. Instead of waiting for a crime to be committed, organizations can address it proactively.

Privacy policies are enhanced with big data security analytics. For example, an organization could use real-time streaming security analytics for deep packet inspection to monitor Web traffic, Domain Name System lookups, network flow and port and protocol usage. The outcome of this analysis could reveal precisely which Web servers have been infected with malware, identify suspicious domain names, pinpoint leaked documents and deliver intelligence on data access patterns.

This detailed analysis informs data protection policies. Analytics can help organizations know which data to mask, which documents to redact and which data sources, including databases, data warehouses and big data platforms, to monitor.

More from Intelligence & Analytics

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read