Streaming data for real-time analytics is becoming an increasingly popular strategy for data processing centers that are seeking new ways to secure new types of data. The increase in the use of mobile hardware, tracking devices as part of the Internet of Things, and big data applications means that more streaming data are being used for analytics. Streaming data introduce new potential threats, as well as new approaches to enterprise security.
Streaming analytics is gaining popularity because of its potential. All unstructured data now have value as part of real-time analytics, and sophisticated analyst systems are reacting to data from RFID, clickstreams, social media, GPS, and sensors in real time. In fact, research firm Markets and Markets predicts that the streaming analytics market is going to grow from $502.1 million in 2015 to $1.9557 billion by 2020 at a compound annual growth rate (CAGR) of 31.5 percent. The more data streams that are integrated into real-time analytics, the more risk there is for a security breach.
At the same time, the ability to use streaming analytics in order to detect anomalies in the data stream makes it possible to identify those security problems in real time and even automate solutions in order to isolate threats.
With New Technology Come New Threats
The nature of enterprise threats has changed with technology. In the past, IT professionals would watch for security threats and, armed with knowledge about the types of attacks that were most common, they focused on prevention. Using firewalls and threat-detection software, the goal was to keep out cybercriminals.
When you apply this model to real-time data streams, the rules change.
You cannot create a firewall to keep out threats, since the streaming data come from multiple outside sources. Firewalls, for example, can look for anomalies that they are programmed to detect, but that may not detect everything. In addition, the nature of the data streams themselves will change with the needs of the analytics.
Malware is on the decline, because it is becoming too easy to detect. Instead, hackers are focusing more on cloud data than enterprise data, determining that hacking data in the cloud may be easier and less detectable.
Because the nature of the threats has changed, identifying both internal and external threats is harder than ever. According to an EMA survey, 69 percent of organizations surveyed were “highly doubtful” or “somewhat confident” that they could detect security problems before they became an issue, and 60 percent said that they were unable to stop security problems because of outdated threat intelligence.
In addition, the amount of incoming data continues to escalate, creating a demand for better security tools. The same EMA study shows that 45 percent of organizations are collecting 40 GB of logs per day. And the number of high-priority alerts is on the rise.
Fighting Fire with Fire
As cybercriminals become more sophisticated, the means to secure the data streams need to become more sophisticated as well. Rather than squashing viruses and looking for areas where the firewall periphery needs to be reinforced, today’s security executives are taking a more holistic view of the network. Rather than just applying point solutions, they are assessing data traffic across the entire infrastructure, including the cloud. Examining data traffic in real time provides the means with which to identify threats as they cross the network.
Real-time analytics are actually proving to be very effective at fighting real-time threats. By gaining an overview of all networking assets, it becomes easier to identify anomalous behavior that could indicate an attack. If something suspicious is identified in the data stream, then real-time analytics can not only identify the threat but also isolate it.
As noted before, the volume of security data, such as security logs, is growing exponentially as more data sources are incorporated into real-time analytics. As the real-time data streams become too large for conventional analytics tools, organizations are using big data for analytics. The same is true for real-time security. In order to handle the ever-growing repositories of security information, more organizations are using big data analytics to monitor and protect the enterprise.
Using big data in order to handle security means your security data-monitoring infrastructure can scale to meet any demand. Once you fine-tune the analytics in order to identify traffic anomalies in context, they can be used to trigger responses to potential threats, such as locking down accounts, quarantining systems, changing device settings, or asking for a second source of authentication.
When you use real-time data analytics and big data in order to handle security, you get a holistic view of the enterprise and a holistic approach to security; a level of end-to-end monitoring you cannot achieve with point solutions alone.