Cyber Security's Big Data Problem
Big Data has rendered older security models largely obsolete. The all-in-one product approach that once served the industry well is now inadequate.
While Big Data promises to open new horizons in all aspects of business and analytics, there is an obvious downside. The more we digitize information and the more information we gather, the more doors we potentially open for hackers.
"The media reports of stolen information or compromised networks are almost a daily occurrence," said Ray Boisvert, president, I-Sec Integrated Strategies, speaking at a recent SAS user conference. "The stories are increasingly alarming and the trend line is troublesome."
Meeting the expectations of today’s users requires the storage, analysis and transmission of mountains of information. That data is housed in ever more diverse repositories and by a growing legion of company’s networks and devices.
Big Data has rendered older security models largely obsolete. The all-in-one security product approach that served the industry well some 15 years ago seems hopelessly inadequate today.
"The Big Data picture is further complicated by security experts offering one-stop technology solutions," said Boisvert. "Unfortunately, there are no credible single-approach solutions."
Using what he terms 1990s technology is effective to a point, but its advantage has been obliterated. Boisvert likens this to the old truism that a general tends to fight the previous war. You can see that tendency shown in the trouble the U.S. is currently experiencing in the Middle East against insurgents.
It’s the same with cybersecurity, said Boisvert. Enterprises need to stop fighting in the old way and adapt to the new reality. In fact, he said, many of today's security offerings lack key elements in achieving cybersecurity success in current environments.
There is a silver lining to the cloud, however. While he thinks the growing use of Big Data has created security issues, he also sees Big Data analytics as a part of the solution. The application of real-time analytics in tandem with a methodology that focuses on the threat actors and their likely vectors are the missing ingredients needed to solve ongoing security woes, he believes.
New Cyber Security Approach Needed
Big companies previously thought they had to throw money at the problem. Yet Boisvert reports that all of the large companies that have experienced high-profile data breaches were spending big dollars on cyber-defense.
The breaches helped create more awareness of the challenge being faced in the enterprise. These companies are beginning to realize the problem posed by Big Data as well as the serious implications of a breach: It not only threatens a company's brand and stock value, but it can also impact a CEO's position as the leader of the company. Target CEO Gregg Steinhafel resigned earlier this year in the wake of a major data breach suffered by the retailer.
"Securing the perimeter or building higher walls is no longer good enough," he said. "You have to understand that the threat actors have at their disposal a deep and broad pool of talent."
He points to Eastern Europe, where he sees a convergence of government interest and organized crime.
"Organized crime has been a major threat actor, acting on the behest of the state in some cases and even getting some direction on targets," said Boisvert. "If you mess up our banking and retail industries, for example, it disrupts the U.S. economy."
The Web should be regarded as a hostile environment filled with predators, he said. With that in mind, enterprises must accept that threat actors have probably already penetrated the network. Instead of trying to only block attacks, he advised enterprises to come to an appreciation of the amount of threats they are dealing with and figure out how to close the timeline to discovery.
He gave the example of the recent Bash bug issue. Only one in 24 antivirus products caught it. That approach can no longer be relied upon.
"You have to look at behavior, understand the context behind the threat actor, what they might be after, what tools they use and who they might be working with," he said. "Enterprises need to be playing a longer-term game, one in which they need to become heavily invested, and they also need to understand that the cell phone is going to be THE attack vector as 97 percent of current phone apps already leak."
Big Data Analytics Can Help
Boisvert believes Big Data analytics should be employed to take the advantage away from the attackers.
"We need to use software to do the heavy lifting to combat cyber-threats and cyber-terrorists," he said. "SAS, for example, has been working on behavioral analytics to better detect internal security threats."
SAS already has products in this space, but it is involved in an ongoing project that aims to analyze data at scale far more effectively. The idea is to understand normal network activity so well, you gain an information advantage. After all, when the bad guys get in – and they will – they want to explore the network.
"The hacker is deviating from normal by communicating with machines they don’t normally communicate with," said Bryan Harris, director of R&D for Cyber Analytics at SAS. "With the context of what machines should be doing, and the hosts, ports and protocols they interact with, you can identify outliers."
If one machine does something even a little different, you can zero in. At this stage, people generally take over and isolate if an actual threat is present.
SAS doesn’t want to compete against the Symantecs and McAfees of this world, Harris stressed. Those companies will continue to provide security solutions, whereas SAS sees its role in the back-end analysis and flagging of anomalies. It believes it can do this far more effectively with its Big Data analytics expertise.
Such an approach is easier said than done, however. How exactly do you analyze normal in a large group and determine what is really wrong?
"This is the information age example of landing on the moon," said Harris. "But the market is driving the need as the old approaches are not catching threats."
Buying Big Data Analytics
SAS is not the only company interested in using Big Data analytics to improve security. Fortscale, LogRhythm, RSA and IBM are among companies that offer Big Data security solutions.
According to Gartner, one in four large global companies will employ Big Data analytics solutions for security by 2016, up from just 8 percent today. Detection of advanced threats, insider threats and account takeover are among the most logical use cases, noted Gartner Vice President Avivah Litan.
Many experts agree that organizations will need to automate integration of Big Data. Speaking to eSecurity Planet in August, Mike Lloyd, CTO of RedSeal Networks, likened the cyber fight to a World War II war room with a central map table and people on telephones pulling in information to add to the map.
Workers in the war room processed incoming information and integrated it into a usable map. "What they didn't do in World War II was have all these phone calls come in and then just repeat all the information to the decision maker who was trying to plan strategy. You condense it and you integrate it into the map first," Lloyd said.
Similarly, organizations need to automate the collection and integration of multiple data feeds. "Think about how you're going to take in those feeds from the outside and how you can process them, but don't assume that's enough," Lloyd said. "Look at how you can integrate your data feeds together, combining problems to solve them."
The same article included tips on buying Big Data security analytics tools from Jon Oltsik, a senior principal analyst at research firm ESG. Oltsik recommends evaluating Big Data security analytics tools on their ability to do the following:
- Accelerate incident detection
- Improve staff efficiency
- Reduce false positives
- Automate manual processes
- Supersede point tools
Photo courtesy of Shutterstock.
Drew Robb is a freelance writer specializing in technology and engineering. Currently living in Florida, he is originally from Scotland, where he received a degree in geology and geography from the University of Strathclyde. He is the author of Server Disk Management in a Windows Environment (CRC Press).