Analytics have long been used for commercial purposes, where the return on investment is easier to see and justify. Now the ISF is urging business to use the same concepts to secure its networks. “Few organizations currently recognize the benefits for information security, yet many are already using data analytics to support their core business,” says Michael de Crespigny, CEO at ISF. “With the speed and complexity of the threat landscape constantly evolving and the prevalence of combined threats, organizations need to start moving away from being retrospective and reactive to being proactive and preventative.”
An example of this approach comes from Red Lambda. Its software analyzes every scrap of information fed to it, looking not so much for known threats (if they’re known, they’re not that much of a threat), but for anomalies in the fabric of data. A black hole in space is a good example. We know they exist, and where they are, not because we can see them but because their existence causes anomalies in the behavior of light. Data anomalies can suggest the existence of an unknown threat on the network; and by using big data analytics to highlight those anomalies business can follow de Crespigny’s advice into being proactive and preventative rather than just retrospective and reactive.
The ISF study highlights six key findings and makes a number of recommendations. It suggests that big data analytics is already delivering results and has great potential to reduce cyber security risk – but is not yet mature within information security. It can be easy to get started and get early results; and although it is challenging, it is manageable. The key recommendation is for organizations to exploit their existing data analytics capabilities, to identify security areas that can be addressed, and to start small with a limited pilot project.
Steve Shelton, head of data at BAE Systems Detica, agrees with the the ISF’s general findings, but stresses the immaturity of the market – both in the suppliers and the users. “Big Data presents a relatively new, yet possibly game-changing opportunity for any business that hopes to harvest useable information from a continuous flow of data,” he told Infosecurity. “However, if implemented incorrectly, big data can be an expensive mistake.” The problem is that the ‘buzz’ of big data is attracting new and unproved companies and technologies. But, he added, “It’s not just immaturity of a solution that can affect its performance; decision makers need to assess their level of readiness for such a comprehensive platform.”
He went on to describe what is necessary. “In the first instance, a solution needs to make big data ‘small’: that is, to make it more manageable. Once made smaller, data can be scrutinized and the key insights can be put through a ‘data refinery’ and distilled into actionable intelligence.” That is the key to the use of analytics for security. The ISF report gives an example. A company suspected that it had been breached, but could not pinpoint the problem in its vast ocean of data. It used analytics to correlate its business information (payroll, customer, and vendor data) with its security information (firewall logs, scanner reports and vulnerability analyses). “They applied a variety of advanced analytic techniques and augmented the analysis with details from servers containing high-risk data,” says the report. The company found the threat and closed it down – a long-term APT intrusion from an organized gang using the company’s internal process to launder illegal money.