Datameer Blog post
Challenges to Cyber Security & How Big Data Analytics Can Help
by Datameer on Feb 27, 2018
As the complexity of IT networks has grown, the inventiveness and sophistication of cyber security threats and attacks has grown just as quickly. Some sobering stats:
Key Challenges to Combating Cyber Security Threats
As malware attacks increase in volume and complexity, it’s becoming more difficult for traditional analytic tooling and infrastructure to keep up thanks to:
- Data volume: For example, every day at SophosLabs, over 300,000 new potentially malicious files that require analysis are reported.
- Scalability: SQL-based tooling and infrastructure doesn’t scale well and is costly to maintain.
Big Data Analytics as a Path Forward to Cyber Security
You’ve probably heard it before—companies have to protect themselves against all kinds of attacks. But an attacker only needs to have one successful attempt. With those odds, you can’t just try to prevent attacks from happening.
You also need to be able to detect them, and respond—fast. It’s the PDR paradigm: Prevent, Detect, Respond. And that’s where big data analytics comes in.
Companies and key analyst firms are recognizing that these challenges can be overcome with big data analytics. Analyst firms have been writing reports and advising their clients about the impacts of big data analytics on cyber security across industries:
- IDC identifies cloud and big data analytics will prevent cyber threats against health organizations
- Gartner says by 2016, 25 percent of large global companies will have adopted big data analytics for at least one security or fraud detection use case
- Ovum advises enterprises to use big data to fight security threats
What Are Companies Doing to Combat Data Breaches?
It’s data that’s getting stolen, but it’s also data that can come to the rescue. You just have to know how to use it in the right way. Download our use case to learn more, but here’s a summary of what data analytics can do to combat cyber threats.
Identify anomalies in device behavior
For example, employee devices could be used as Trojan horses to access and steal data — but you can stop it with big data analytics.
Identify anomalies in employee and contractor behavior
Do you have an Edward Snowden downloading large amounts of data? There are ways to detect and stop that.
Detect anomalies in the network
Identify new threats without known signatures. Correlate data from silos to understand the nature of various attacks. Look at a wide range of data attributes.
Assess network vulnerabilities and risks
Ingest data and analyze it to determine which databases have customer-identifying information, and how vulnerable they are to hackers. Eliminate serious potential sources of risk.
The Benefits of Big Data Operationalization
Of course, just detecting potential risks isn’t enough. PDF stands for Prevent, Detect and Respond. The true value from big data insights comes from driving action with business teams. You need operationalization capabilities that can sift through your data, find the right signals and then trigger the right actions.
Automatically cut off devices that are stealing data. Set up systems that get notified by your data about employees who are stealing suspicious amounts of data. Send alerts to the right people when potential threats appear.
A Cyber Security Company’s Big Data Analytics Approach
So who’s been there, done that, and what can you learn from them? Sophos, who began producing antivirus and encryption products nearly 30 years ago, now helps secure the networks used by 100 million people in 150 countries and 100,000 businesses using big data analytics. Today, big data analytics is integral to Sophos’ daily malware detection in multiple use cases:
- Malware research and analysis. Malware is becoming more evasive and pervasive. Sophos analyzes the characteristics of suspicious files and report the analysis outcome.
- Macro trend analysis. Sophos analysts also analyze the data for macro trends of malware movements to better understand and anticipate the direction of the threat landscape.
- Measuring detection performance. Analyzing statistics on the performance of malware detection to understand which protection technology is providing us the most value.
This article was originally published in May 2016. It has been revamped for accuracy and comprehensiveness.