One of the most exciting applications of big data is security analytics. By using big data security analytics organizations can correlate both internal and external data to create a bigger picture showing pending threats. Big data is ideal for fraud detection and identifying threats before they happen. And since big data tends to pool information in a central location for easy access and analysis, it makes enterprises more susceptible to cyber-attacks so organizations can use big data analytics to gain better intelligence about big data security threats.
How Big Data Aids Enterprise Security
Gartner predicts that by 2016, 25 percent of global companies will have adopted big data analytics for fraud detection. ESG Research surveyed 257 security professionals about their security detection challenges and their answers say a lot about the need for big data security analytics:
- 39 percent said they lacked adequate staff for security incident response. However, using real-time big data security analytics would make existing staff much more effective.
- 35 percent said they were plagued by too many false positives. Big data security analytics would filter out noise and pinpoint real problems.
- 29 percent said that incident detection required too many manual processes. Big data applications increase the amount of data that needs to be secured, but security experts pride themselves on their ability to spot incidents. However, manual processes don’t scale. Big data security analytics solve that problem.
- 29 percent of organizations complained that incident detection relies too heavily on independent tools that can’t be integrated. Big data security analytics eliminates the need for many of these point tools and provides a single tool for detection and often remediation.
So what metrics do you monitor as part of big data security ? Here are five data sources to track as part of big data security:
Five Metrics for Big Data Security Analytics
Big data security is ushering in a new era of intelligence-driven security capable of predicting and preventing sophisticated, high-stakes security threats. And the data sources used for big data security analytics are the same sources that IT managers have been using for some time. The difference is that the detection tools are now integrated and the analytics engines reveal patterns that make it easier to spot fraudulent activity or security issues.
The other thing that’s different is the size of the datasets. Big data security analytics use big data, which means there are massive data archives to wade through to detect potential hacker attacks. Tools to sift through these datasets were custom-built in the past, but now there are more off-the-shelf security products for big data using existing enterprise data sources:
- Network and Host Traffic – The security analytics assess anomalies in data traffic to and from servers and clusters, looking for things such as encryption or suspicious destinations. The analytics draw from data sources such as Security Information and Event Management (SIEM), network monitoring, or application monitoring.
- Web Transactions – Is there suspicious activity being observed in high-value applications or sensitive assets? Analytics will use authentication data, transaction monitoring, application logs, SQL server logs, and network session data to identify fraudulent activity.
- Infrastructure Changes – Has the server been manipulated? Has there been a recent configuration change? What about policy compliance? To check for infrastructure changes security analytics will use data from IT assets; look at governance, risk management, and compliance (GRC); and configuration management systems.
- Information – What types of data is the system storing, transmitting, or processing? Is it regulated data? Is it high-value IP? To assess the security risk from information, big data security analytics draw from GRC, data classification, and data loss prevention (DLP)
- Identity management – What users are logged in? Are their privileges current or have they been escalated? When did they last log in? What assets did they access? To track user activity analytics will draw from authentication data, server logs, asset management, SIEM, and network monitoring.
None of these metrics are new to enterprise security but by using big data analytics you don’t have to assess each metric individually using point tools. Big data security analytics integrates all these metrics into a single reporting infrastructure that can identify threats quickly and efficiency. And big data analytics create a greater awareness around common security problems while shortening reaction time. If you can take advantage of real-time analytics and build more intelligence into the system, you can create intelligence-driven security programs that automate risk assessments and threat detection, including automating remediation protocols that stop a breach before it happens