Cloud Data Migration

Big Data: Drawing Insight From Security Breaches

Insight From Security Breaches

In the past, security breaches were viewed as a single event occurring at a certain point in time. However, this is no longer the case. Security threats now rarely occur as singular events, and a new kind of attack is on the rise: Advanced Persistent Threats (APTs). An APT is a network attack in which an unauthorized person or device gains access to a network and, instead of immediately stealing data or damaging infrastructure, stays there for a long period of time, remaining undetected. It could even occur from a device or person with proper security clearance, thus appearing as normal activity. It is much harder to detect these attacks as they are typically small in scope and focus on very specific targets (usually in nontechnical departments where security threats are less likely to be noticed or reported), and occur over a period of weeks or even months.

In 2014, RSA, a cybersecurity company was called into the U.S. government’s Office of Personnel Management to fix a low-level problem. Upon arrival, RSA discovered that there were intruders in the company’s network, and they had been there for over 6 months routinely stealing data in an organized yet inconspicuous manner. If not for the coincidental security check from RSA, the organization would have never noticed the breach. Ironically, the door into the system was unwittingly opened by an employee who accidentally downloaded malware from a spearphishing attack, much like the google docs cyber attack that took place in May. The employee was quickly informed and asked to change his password: he and his company thought the breach ended there, but it continued for months undetected.

Increase In Complexity

As security breaches increase in complexity and become harder to see, organizations must rely on analytics to uncover new insights, make intelligent decisions, and prevent these attacks before they happen. Fortunately, with the rise of big data analytics, companies now have the tools to craft a more holistic view of their networks, shifting from examining singular events to monitoring their entire timeline of activity and selecting various snapshots to analyze further.

This technology is already being developed in ways that are directly marketable to large enterprises.  Subscription-based data center analytics tools can now provide data center visibility and insight at unprecedented levels of specificity, with capabilities for application behavior-based analytics and monitoring of behavior deviations in the system. This is made possible using big data technologies which store data, provide real time analysis, and extract actionable insights which can then be used in making intelligent strategic decisions.

With such capabilities, enterprises can now examine network activity before, during, and after a security breach in order to gain new insights. One possible application of these insights is the benchmarking of network activity. If enterprises can leverage analytics to establish activity baselines for every device or IP address on their network, this can be used to track outliers, spot odd trends, and uncover new insights.

While these insights, on their own, could realize additional value for the company, they could also be analyzed in relation to security breaches or attacks as a preventive measure for the future. For example, if the Office of Personnel Management had enough data on network activity to establish baselines for internet traffic for every user in their system, this would have been enough to flag the intruders who were transferring out gigabytes of data: a stark deviation in behavior, as most employees would only have to send a few megabytes of data each month. Analytics could also identify other key activities occurring at times of high internet traffic. High traffic that does not correspond to any known organizational activities could also be a red flag. If data analytics reveal consistent server activity at a time when employees should not be active, such as in the middle of the night on Saturdays, this could raise flags and preempt increased defensive measures. If these activity times correlate with significant events in other time zones around the world, this could also help narrow down potential suspects.

If used properly, analytics can shed more light on cyber attacks, and organizations can use that same data to help predict and prevent future attacks. We might not yet have the ability to fully eliminate the risk of security breaches, but with the help of big data analytics we can stay one step ahead of the attackers which for now, is a step in the right direction.

By Ima Mfon, Senior Consultant, Enaxis Consulting

Cloud Syndicate

The 'Cloud Syndicate' is a mix of short term guest contributors, curated resources and syndication partners covering a variety of interesting technology related topics.

Contact us for syndication details on how to connect your technology article or news feed to our syndication network.

CloudTweaks Comic
The Lighter Side Of The Cloud - Synchronization
startup tech comic series
The Lighter Side Of The Cloud - Baseball Data
The Lighter Side Of The Cloud - Which One?
The Lighter Side Of The Cloud - Google It
Critical Success Factors when shifting Workloads into the Cloud

Critical Success Factors when shifting Workloads into the Cloud

Shifting Workloads into the Cloud By 2020, 92 percent of all workloads will reside in the cloud. Yet challenges remain ...
A Closer Look at the Hidden Costs of Collaboration Solutions

A Closer Look at the Hidden Costs of Collaboration Solutions

The Hidden Costs of Collaboration Solutions Collaboration technology is key to efficient communication and productivity for a dispersed and global ...
How Artificial Intelligence Is Revolutionizing Business

How Artificial Intelligence Is Revolutionizing Business

Artificial Intelligence Revolution 84% of respondents say AI will enable them to obtain or sustain a competitive advantage. 83% believe ...
Cloud’s Mighty Role - Why Custom Development is the Next Big Thing (Again)

Cloud’s Mighty Role – Why Custom Development is the Next Big Thing (Again)

Custom Development is the Next Big Thing Today, software is playing a very important role in performing basic business processes ...
Google Cloud Platform: Enabling APIs

Google Cloud Platform: Enabling APIs

Enabling Google APIs The Google Cloud Platform is a comprehensive tool that helps companies manage their IT resources. Completing software ...
Marty Puranik

HIPAA Risk Assessment Guide for Smaller Practices

HIPAA Risk Assessment Guide Disconcertingly, one in four practices (25%) are failing meaningful use audits by the Centers for Medicare ...
My Fascination with Amazon Go

My Fascination with Amazon Go

Amazon Go Recently, Amazon unveiled the world’s first completely self-service, no checkout, grocery store — and it’s really captured the public’s imagination. Lines ...

CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more... Stand out as an expert in your field.

The program is currently available to consultants, influencers or executive level contributors.