Cloud Data Migration

Big Data: Drawing Insight From Security Breaches

Insight From Security Breaches

In the past, security breaches were viewed as a single event occurring at a certain point in time. However, this is no longer the case. Security threats now rarely occur as singular events, and a new kind of attack is on the rise: Advanced Persistent Threats (APTs). An APT is a network attack in which an unauthorized person or device gains access to a network and, instead of immediately stealing data or damaging infrastructure, stays there for a long period of time, remaining undetected. It could even occur from a device or person with proper security clearance, thus appearing as normal activity. It is much harder to detect these attacks as they are typically small in scope and focus on very specific targets (usually in nontechnical departments where security threats are less likely to be noticed or reported), and occur over a period of weeks or even months.

In 2014, RSA, a cybersecurity company was called into the U.S. government’s Office of Personnel Management to fix a low-level problem. Upon arrival, RSA discovered that there were intruders in the company’s network, and they had been there for over 6 months routinely stealing data in an organized yet inconspicuous manner. If not for the coincidental security check from RSA, the organization would have never noticed the breach. Ironically, the door into the system was unwittingly opened by an employee who accidentally downloaded malware from a spearphishing attack, much like the google docs cyber attack that took place in May. The employee was quickly informed and asked to change his password: he and his company thought the breach ended there, but it continued for months undetected.

Increase In Complexity

As security breaches increase in complexity and become harder to see, organizations must rely on analytics to uncover new insights, make intelligent decisions, and prevent these attacks before they happen. Fortunately, with the rise of big data analytics, companies now have the tools to craft a more holistic view of their networks, shifting from examining singular events to monitoring their entire timeline of activity and selecting various snapshots to analyze further.

This technology is already being developed in ways that are directly marketable to large enterprises.  Subscription-based data center analytics tools can now provide data center visibility and insight at unprecedented levels of specificity, with capabilities for application behavior-based analytics and monitoring of behavior deviations in the system. This is made possible using big data technologies which store data, provide real time analysis, and extract actionable insights which can then be used in making intelligent strategic decisions.

With such capabilities, enterprises can now examine network activity before, during, and after a security breach in order to gain new insights. One possible application of these insights is the benchmarking of network activity. If enterprises can leverage analytics to establish activity baselines for every device or IP address on their network, this can be used to track outliers, spot odd trends, and uncover new insights.

While these insights, on their own, could realize additional value for the company, they could also be analyzed in relation to security breaches or attacks as a preventive measure for the future. For example, if the Office of Personnel Management had enough data on network activity to establish baselines for internet traffic for every user in their system, this would have been enough to flag the intruders who were transferring out gigabytes of data: a stark deviation in behavior, as most employees would only have to send a few megabytes of data each month. Analytics could also identify other key activities occurring at times of high internet traffic. High traffic that does not correspond to any known organizational activities could also be a red flag. If data analytics reveal consistent server activity at a time when employees should not be active, such as in the middle of the night on Saturdays, this could raise flags and preempt increased defensive measures. If these activity times correlate with significant events in other time zones around the world, this could also help narrow down potential suspects.

If used properly, analytics can shed more light on cyber attacks, and organizations can use that same data to help predict and prevent future attacks. We might not yet have the ability to fully eliminate the risk of security breaches, but with the help of big data analytics we can stay one step ahead of the attackers which for now, is a step in the right direction.

By Ima Mfon, Senior Consultant, Enaxis Consulting

Cloud Syndicate

The ‘Cloud Syndicate’ is a mix of short term guest contributors, curated resources and syndication partners covering a variety of interesting technology related topics.

Contact us for syndication details on how to connect your technology article or news feed to our syndication network.

Long term thought leadership contributors will not show up under the ‘Cloud Syndicate’ section as they will receive their own custom profile on CloudTweaks.

CONTRIBUTORS

Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Countdown to GDPR: Preparing for Global Data Privacy Reform

Countdown to GDPR: Preparing for Global Data Privacy Reform

Preparing for Global Data Privacy Reform Multinational businesses who aren’t up to speed on the regulatory requirements of the European ...
Cloud Computing Certification Courses

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility Earlier this week, AWS S3 had to fight its way back to ...
3 Ways to Protect Users From Ransomware With the Cloud

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have ...
Safeguarding Data Before Disaster Strikes

Safeguarding Data Before Disaster Strikes

Safeguarding Data  Online data backup is one of the best methods for businesses of all sizes to replicate their data ...
10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent ...
4 Open Source Business Intelligence Tools For Big Data Reporting

4 Open Source Business Intelligence Tools For Big Data Reporting

Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up ...
Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and ...
Cyber Security Tips For Digital Collaboration

Cyber Security Tips For Digital Collaboration

Cyber Security Tips October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security ...
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...

NEWS

email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...