Cloud Data Migration

Big Data: Drawing Insight From Security Breaches

Insight From Security Breaches

In the past, security breaches were viewed as a single event occurring at a certain point in time. However, this is no longer the case. Security threats now rarely occur as singular events, and a new kind of attack is on the rise: Advanced Persistent Threats (APTs). An APT is a network attack in which an unauthorized person or device gains access to a network and, instead of immediately stealing data or damaging infrastructure, stays there for a long period of time, remaining undetected. It could even occur from a device or person with proper security clearance, thus appearing as normal activity. It is much harder to detect these attacks as they are typically small in scope and focus on very specific targets (usually in nontechnical departments where security threats are less likely to be noticed or reported), and occur over a period of weeks or even months.

In 2014, RSA, a cybersecurity company was called into the U.S. government’s Office of Personnel Management to fix a low-level problem. Upon arrival, RSA discovered that there were intruders in the company’s network, and they had been there for over 6 months routinely stealing data in an organized yet inconspicuous manner. If not for the coincidental security check from RSA, the organization would have never noticed the breach. Ironically, the door into the system was unwittingly opened by an employee who accidentally downloaded malware from a spearphishing attack, much like the google docs cyber attack that took place in May. The employee was quickly informed and asked to change his password: he and his company thought the breach ended there, but it continued for months undetected.

Increase In Complexity

As security breaches increase in complexity and become harder to see, organizations must rely on analytics to uncover new insights, make intelligent decisions, and prevent these attacks before they happen. Fortunately, with the rise of big data analytics, companies now have the tools to craft a more holistic view of their networks, shifting from examining singular events to monitoring their entire timeline of activity and selecting various snapshots to analyze further.

This technology is already being developed in ways that are directly marketable to large enterprises.  Subscription-based data center analytics tools can now provide data center visibility and insight at unprecedented levels of specificity, with capabilities for application behavior-based analytics and monitoring of behavior deviations in the system. This is made possible using big data technologies which store data, provide real time analysis, and extract actionable insights which can then be used in making intelligent strategic decisions.

With such capabilities, enterprises can now examine network activity before, during, and after a security breach in order to gain new insights. One possible application of these insights is the benchmarking of network activity. If enterprises can leverage analytics to establish activity baselines for every device or IP address on their network, this can be used to track outliers, spot odd trends, and uncover new insights.

While these insights, on their own, could realize additional value for the company, they could also be analyzed in relation to security breaches or attacks as a preventive measure for the future. For example, if the Office of Personnel Management had enough data on network activity to establish baselines for internet traffic for every user in their system, this would have been enough to flag the intruders who were transferring out gigabytes of data: a stark deviation in behavior, as most employees would only have to send a few megabytes of data each month. Analytics could also identify other key activities occurring at times of high internet traffic. High traffic that does not correspond to any known organizational activities could also be a red flag. If data analytics reveal consistent server activity at a time when employees should not be active, such as in the middle of the night on Saturdays, this could raise flags and preempt increased defensive measures. If these activity times correlate with significant events in other time zones around the world, this could also help narrow down potential suspects.

If used properly, analytics can shed more light on cyber attacks, and organizations can use that same data to help predict and prevent future attacks. We might not yet have the ability to fully eliminate the risk of security breaches, but with the help of big data analytics we can stay one step ahead of the attackers which for now, is a step in the right direction.

By Ima Mfon, Senior Consultant, Enaxis Consulting

Cloud Syndicate

The 'Cloud Syndicate' is a mix of short term guest contributors, curated resources and syndication partners covering a variety of interesting technology related topics.

Contact us for syndication details on how to connect your technology article or news feed to our syndication network.

No posts found.

SPONSORS

Ransomware's Great Lessons

Ransomware’s Great Lessons

Ransomware The vision is chilling. It's another busy day. An employee arrives and logs on to the network only to ...
Internet Performance Management In Today’s Volatile Online Environment

Internet Performance Management In Today’s Volatile Online Environment

Internet Performance Management It’s no exaggeration to say that the Internet is now the heart of the global economy. Competition ...

Cloud Community Supporters

(ISC)²
AWS
HPE
CA Technologies
Cisco

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.

Tech Leaders Look To IoT, AI & Robotics To Fuel Growth Through 2021

Tech Leaders Look To IoT, AI & Robotics To Fuel Growth Through 2021

30% of tech leaders globally predict blockchain will disrupt their businesses by 2021. IoT, Artificial Intelligence (AI) and Robotics have the greatest potential to digitally transform businesses, making them more customer-centered and efficient. 26% of global tech leaders say e-Commerce apps and platforms will be
David

Future Data Storage Needs Increasing At A Rate Of Nearly 25X By The Year 2021

The Future of Data Storage Data is everywhere. In the security industry, there are close to 300 million surveillance cameras churning out billions of hours worth of video. In the smartphone world, 2.1 billion users are generating a constant stream of location data, photos, movies,

"Top 100 Brand Influencer, Cloud”
-ONALYTICA

"Best Cloud Computing Blog"
-SYSADMIN MAGAZINE

"Top 10 Sites For Cloud Computing"
-DIGITALISTMAG SAP

"Top 10 Cloud Computing Blogs”
-MARKETING ENVY

"Top 25 Must Read Cloud Blogs"
-CLOUDENDURE