The value of integrating data and analytics for improved cybersecurity
Article by Think Big Analytics Financial Services Industry business consulting lead Brian Landa
When cyber attacks were limited to individuals operating alone, the rate of attacks was relatively low and it was possible to fight cybercriminals as the attacks occurred. Now, new threats are expanding exponentially and cyber attackers have become far more sophisticated. They’re likely to be working in corporate-like environments where their core responsibilities centre on developing and deploying successful attacks.
The sheer volume of people and tools dedicated to cybercrime is staggering and it’s no longer possible to combat this threat manually. Today’s cyberthreats require predictive, multifaceted strategies to analyse and gain powerful insights into solutions to mitigate the risk.
Conventional, layered defence strategies aren’t working. They can generate large volumes of false positive alerts, overwhelming security professional. Traditional cybersecurity tools can’t effectively process large volumes of data, which means they miss signals that should trigger real threat alerts. This means bad actors remain undetected, hiding in plain sight in the network. Therefore, businesses need an advanced, more strategic approach to network security that disrupts adversary tools and techniques, rendering them ineffective.
Big data analytics lets businesses effectively organise, manage, and analyse vast amounts of information to visualise and draw powerful insights into solutions for stopping cyber attacks.
Data analytics combined with security technologies can help organisations create a stronger, more proactive cyber defence posture. Organisations need to evolve their approach to include next-generation predictive analytics so they can prevent or mitigate successful attacks. This doesn’t necessarily require organisations to collect new data; they can integrate the data they already have with predictive analytics to determine the probability of an attack.
Conventional thinking is that network data volumes are too large to be effectively analysed. Plus, the cost and time involved in analysing such huge amounts of data makes it impractical. However, the reality is that today’s integrated analytic solutions help organisations leverage structured data and big data to build strong defences against cybersecurity threats.
Doing this successfully provides a complete picture of the organisation’s threat landscape, so you can set up defences before cybercriminals gain access.
High-speed, automated analytics let businesses analyse information from multiple sources and data types to respond in near-real time to cyber attacks. This improved readiness leads to shorter response times and faster remediation. It also improves the effectiveness of existing investments in security solutions.
There are three steps organisations can take to effectively use big data analytics to improve cybersecurity:
1. Cyber risk assessment
It’s impossible to protect every part of the organisation equally, and it’s also not necessary. You need to understand the data and network assets so you can identify the most critical systems to protect. These are usually the ones that are mission-critical, or contain commercially-sensitive information or customer details.
It’s important to identify organisational objectives, the processes involved in accomplishing those objectives, risks that could prevent their successful execution, controls to manage or prevent risk, and testing to ensure the effectiveness of the controls.
2. Develop a roadmap
Once you understand the security risks and key priority areas, you need to identify the strengths and weaknesses of your current cyber defences so you can use this to develop a roadmap to prioritise actions. This includes aligning the information security risk with the overall risk tolerance of the organisation. Doing so lets you balance the cost of protection with the risk of being attacked.
3. Optimise existing security solutions
Most companies have already invested in security solutions so it makes sense to optimise that investment where possible. Integrated security data and big data analytics can significantly improve the efficiency and effectiveness of existing security solutions as well as the personnel that operate them.
For example, an intrusion detection system alert can automatically trigger a big data query in another system to deliver the actual network session data to an analyst for fast identification, triage, and remediation. The session data then lets the analyst quickly determine if the alert is real or false. If real, session data can also be used to evaluate the severity of the incident to prioritise remediation. This makes existing systems more effective, and the incident responder more efficient.
By capturing and visualising precisely what’s coming and going on networks as events happen, organisations can correlate activity through network data elements as they’re generated from each application, transaction, communication, or transmission. This lets you evolve the security approach to next-generation threat detection and cyber-situational awareness.