Big data and analytics is showing promise with improving cyber security. 90% of respondents from MeriTalk’s new U.S. government survey said they’ve seen a decline in security breaches. 84% of respondents said they’ve used big data to help block these attacks.
Not surprising, companies that are already heavy analytics users have a greater amount of confidence when it comes to using analytics to detect threats.
An article in ITWire states that, “on 11 common cyber threats, the biggest gaps concern the organization’s ability to detect advanced malware/ransomware, compromised devices (e.g., credential theft), zero-day attacks and malicious insiders. The smallest gaps concern denial of services, web-based attacks and spear phishing/social engineering.”
Keeping Up with the Volume
Of course, there are still many challenges as new cyber security threats are popping up daily. Of those surveyed, 53% said they are using analytics for their overall strategy and 28% are using it in a limited capacity. Even with this, 59% said that their given agency has been compromised at least once per month because they were not able to keep up and fully analyze the data.
Out of these participants, less than half say their efforts are highly effective. When asked why, they listed these top challenges:
- 49% said it is because of an overwhelming volume of data
- 33% aren’t collecting the data they need because they don’t have the right systems
- 30% say it didn’t work because the data is stale when it finally gets to a cyber security manager
Big data can be ineffective for threat analysis if it is poorly mined for improving cyber security. While the metadata is available, it can be difficult to get the maximum benefit from it. Sometimes the problem is finding the right people who know how to mine data for trends.
A Big Data Solution
Cyber security needs the risk management and actionable intelligence that is common from big data analysis. While it is great to have tools that can analyze data, the key is to automate tasks so that the data is available more quickly and the analysis is sent to the right people on time. This will allow analysts to classify and categorize cyber threats without the long delays that could make the data irrelevant to the attack at hand.
Big data will also help analysts to visualize cyberattacks by taking the complexity from various data sources and simplifying the patterns into visualizations.
Being able to utilize the data in its raw format allows disparate data to be useful not only with what is happening now, but also with historical data. Using this historical data, you can create statistical baselines to identify what is “normal.” You will then be able to determine when the data deviates from the norm. Sometimes it’s easy to miss indicators when they are offered in real time; however, they may have new meaning when they are viewed over time.
This historical data can also create new possibilities for predictive models, statistical models, and machine learning. This gives the ability to predict future events.
However, it’s what you can do with this data, if anything, that can make the difference between being attacked or not. After all, data is just really information unless an action is taken towards improving cyber security. Being able to automatically respond to threats noticed in data, and also being able to have a high level of trust in the accuracy of the data is key to a big data security solution.
Conclusion
Some might believe that big data will quickly solve the problems of the cyber security industry. The reality is that data and analytics will allow companies to identify anomalies and advanced attack vectors. SentinelOne uses machine learning paired with cloud intelligence and automated responses to detect unusual activity and respond when you need it.