“Between June and November of 2016, almost one billion malware-based incidences occurred”, reported Datameer.com. Ponemon in their Global Cyber Crime Study reported that Cyber Crime was up over $1 billion. Concerned about protecting your customers and your company’s data? More and more firms are turning to Big Data to supplement or provide their Cyber Security.
Protect, Detect and Respond Paradigm
Datameer offers a PDR Paradigm for Cyber Security, or Protect, Detect and Respond. Systems security is the foundation of the protect step but big data is playing a larger role in detecting and responding to cyber threats. “You need to operationalization capabilities that can sift through your data, find the right signals and then trigger the right actions.” The most promising Big Data enabling technology includes machine learning applied to secure data, user behavioral analytics and advance warning about threats and attackers, weak spots and vulnerabilities through cyber analytics.
Anomalies and SIEM
How does Big Data do this? These techniques identify anomalies in device behavior, in employee and contractor behavior and in the network. Security breaches often seem random but by analyzing the data you can see the trends and changes quickly. Of course, real-time monitoring of secured systems is ideal. Security Information and Event Management (SIEM) combines Security Information Management (SIM) and Security Event Management (SEM) to act like fingerprinting on your database. A SEM system centralizes the storage and interpretation of logs and allows near real-time analysis which enables security personnel to take defensive actions more quickly. A SIM system collects data into a central repository for trend analysis. By bringing these two functions together, SIEM systems provide quicker identification, analysis and recovery of security events.
Big Data Analytics Importance
Organizations using analytics to identify departures from known “good” behavior are 2.25 times more likely to identify a security incident within hours or minutes. Ponemon’s Cyber Crime Survey reported that 72% of respondents felt big data analytics played an important role in detecting advanced cyber threats. The challenge? The sheer volume of data and the limitations of SQL-based technology to scale well and be affordable. Hadoop is found to have significant advantages in analyzing cyber security incidents.
We are seeing the addition of Cyber Security Masters programs at Universities across the country. Online coursework is another very viable option. Of course, utilization of big data requires analytical skills beyond IT expertise. Beginning to sound like Data Scientist territory, isn’t it?