Story image

Fighting back against cyber attacks with big data analytics

22 Feb 18

While technological advancement is viewed as necessary to organisational success, there is a dark side to this transformation – the increased threat of cyber-attacks. While advancements like cloud computing, smart devices and AI have been heralded as vital to the success of Australian businesses, with increased reliance on technology comes a greater vulnerability toward cyber-attacks. In 2017, a new type of malware emerged every 4.2 seconds, highlighting an urgent need for businesses to protect their assets.

Cyber attacks are becoming inevitable – the question is no longer whether businesses are vulnerable, but rather will they be prepared when faced with an attack?

Turning the tables on security threats 

As organisations generate and gain access to increasing amounts of data, the threat of attack grows, as malignant forces seek access to this valuable commodity. 2017’s WannaCry attacks affected over 200,000 computers globally and led to other devastating attacks such Petya and NotPetya. By leveraging data, IT teams across organisations will be able to fight back against any potential attacks.

Specifically, the more log data businesses amass, the greater opportunity they’ll have to detect, diagnose and protect themselves from cyber-attacks. In doing so, businesses will have the opportunity to identify anomalies within data and correlate these with irregular events or actions – suggesting a potential security breach. While analysing this massive amount of data in a timely manner can be a challenge (to reduce the fallout from attacks) can be difficult, big data analytics allows for this process to be sped up.

Catching threats in real-time

By leveraging big data analytics, companies can monitor in real-time both network and user behaviours – identifying suspicious activity quickly and efficiently. Businesses can then model various network, user, application and service profiles to establish intelligence-driven security measures, in order to quickly respond to anomalies that indicate cyber threats or attack. Some examples of the types of activities big data analytics can track include:

  • Traffic anomalies to, from or between data warehouses
  • Suspicious activity in high value or sensitive resources in data networks
  • Suspicious user behaviours, such as varied access times, levels, location, information queries and destinations
  • Unauthorised or dated devices accessing a network
  • Suspicious customer transactions

Big data analytics is becoming a highly effective tool in the identification of cyber-attacks, both before the attack takes place and before it becomes a serious issue – minimising and sometimes completely eliminating additional losses and costs. This real-time analysis will allow organisations to thwart both the smallest and largest scale attacks.

Monitor attacks with data

Investment in big data analytics means that businesses will be able to improve the quality of their security monitoring to counter attacks as they come.

While security monitoring requires the storage of substantial amounts of data, a big data analytics solution will be able to analyse large amounts of data in real-time. The tool for organisations to be able to conduct consistent and scalable security monitoring is real-time analysis.

Access to big data includes access to activities and events that can signal a potential threat to prevent large-scale consequences, but combining big data analytics with real time analytics is what will create a truly effective security tool.

It’s two fold for organisations – investing in big data analytics to ensure that threats are recognised is key, but also investing in real-time analytics is vital to be able to react quickly to create a complete security monitoring platform.

The stakes are getting higher for organisations. Not only are businesses’ financial securities and intellectual property at risk, but their very reputations are on the line. These types of cyber-attacks are serious concerns for businesses of all size and complex solutions are required to tackle these threats in real-time. Big data analytics is the ideal solution to protect businesses by flagging threats and attacks before and as they occur – ensuring that the least damage possible is created.

Article by MapR's country manager for Australia and New Zealand, Paul Bennett.

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.