Cloud Data Migration

Big Data: Drawing Insight From Security Breaches

Insight From Security Breaches

In the past, security breaches were viewed as a single event occurring at a certain point in time. However, this is no longer the case. Security threats now rarely occur as singular events, and a new kind of attack is on the rise: Advanced Persistent Threats (APTs). An APT is a network attack in which an unauthorized person or device gains access to a network and, instead of immediately stealing data or damaging infrastructure, stays there for a long period of time, remaining undetected. It could even occur from a device or person with proper security clearance, thus appearing as normal activity. It is much harder to detect these attacks as they are typically small in scope and focus on very specific targets (usually in nontechnical departments where security threats are less likely to be noticed or reported), and occur over a period of weeks or even months.

In 2014, RSA, a cybersecurity company was called into the U.S. government’s Office of Personnel Management to fix a low-level problem. Upon arrival, RSA discovered that there were intruders in the company’s network, and they had been there for over 6 months routinely stealing data in an organized yet inconspicuous manner. If not for the coincidental security check from RSA, the organization would have never noticed the breach. Ironically, the door into the system was unwittingly opened by an employee who accidentally downloaded malware from a spearphishing attack, much like the google docs cyber attack that took place in May. The employee was quickly informed and asked to change his password: he and his company thought the breach ended there, but it continued for months undetected.

Increase In Complexity

As security breaches increase in complexity and become harder to see, organizations must rely on analytics to uncover new insights, make intelligent decisions, and prevent these attacks before they happen. Fortunately, with the rise of big data analytics, companies now have the tools to craft a more holistic view of their networks, shifting from examining singular events to monitoring their entire timeline of activity and selecting various snapshots to analyze further.

This technology is already being developed in ways that are directly marketable to large enterprises.  Subscription-based data center analytics tools can now provide data center visibility and insight at unprecedented levels of specificity, with capabilities for application behavior-based analytics and monitoring of behavior deviations in the system. This is made possible using big data technologies which store data, provide real time analysis, and extract actionable insights which can then be used in making intelligent strategic decisions.

With such capabilities, enterprises can now examine network activity before, during, and after a security breach in order to gain new insights. One possible application of these insights is the benchmarking of network activity. If enterprises can leverage analytics to establish activity baselines for every device or IP address on their network, this can be used to track outliers, spot odd trends, and uncover new insights.

While these insights, on their own, could realize additional value for the company, they could also be analyzed in relation to security breaches or attacks as a preventive measure for the future. For example, if the Office of Personnel Management had enough data on network activity to establish baselines for internet traffic for every user in their system, this would have been enough to flag the intruders who were transferring out gigabytes of data: a stark deviation in behavior, as most employees would only have to send a few megabytes of data each month. Analytics could also identify other key activities occurring at times of high internet traffic. High traffic that does not correspond to any known organizational activities could also be a red flag. If data analytics reveal consistent server activity at a time when employees should not be active, such as in the middle of the night on Saturdays, this could raise flags and preempt increased defensive measures. If these activity times correlate with significant events in other time zones around the world, this could also help narrow down potential suspects.

If used properly, analytics can shed more light on cyber attacks, and organizations can use that same data to help predict and prevent future attacks. We might not yet have the ability to fully eliminate the risk of security breaches, but with the help of big data analytics we can stay one step ahead of the attackers which for now, is a step in the right direction.

By Ima Mfon, Senior Consultant, Enaxis Consulting

Cloud Syndicate

The 'Cloud Syndicate' is a mix of short term guest contributors, curated resources and syndication partners covering a variety of interesting technology related topics.

Contact us for syndication details on how to connect your technology article or news feed to our syndication network.

Protect Against Network Failures

Five Things Organizations Can Do To Protect Against Network Failures

Protect Against Network Failures It is no surprise that whenever there is an outage in a public or private cloud, ...
Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks Nearly every IT professional dreads unplanned downtime. Depending on which systems are hit, it can mean ...
How To Be Data Compliant When Using The Cloud

How To Be Data Compliant When Using The Cloud

Data compliant Companies using the cloud for data storage, applications hosting or anything else, have to carefully consider data compliance ...
Cloud Accounting Industry

Skills for faster innovation in financial services

Banks and insurance companies are going through a lot of changes. Read on to see my thinking on how to facilitate that ...
Work In The Cloud Era: Are We Ready For Virtual Teams?

Work In The Cloud Era: Are We Ready For Virtual Teams?

Getting Ready For Virtual Teams Technological developments are ushering in a new era of work. Cloud computing has changed not ...
Mark Carrizosa

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Record Breaches Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT ...
Etsy Raises 2018 Revenue Forecast While Increasing Transaction Fees For Sellers

Etsy Raises 2018 Revenue Forecast While Increasing Transaction Fees For Sellers

(Reuters) - Etsy Inc on Thursday raised its full-year revenue growth forecast and increased its transaction fee for sellers, sending the e-commerce company’s shares up more than 19 percent in premarket trading. Etsy expects revenue ...
Teradata Board of Directors Strengthens Cloud Expertise

Teradata Board of Directors Strengthens Cloud Expertise

Joanne Olsen brings significant cloud experience, including a mix of sales, support and product management Teradata (NYSE: TDC), the leading cloud-based data and analytics company, today announced the election of Joanne Olsen to its board of directors, ...
Tainted, crypto-mining containers pulled from Docker Hub

Tainted, crypto-mining containers pulled from Docker Hub

Security companies Fortinet and Kromtech found seventeen tainted Docker containers that were essentially downloadable images containing programs that had been designed to mine cryptocurrencies. Further investigation found that they had been downloaded 5 million times, suggesting that hackers were ...