Amplifying security intelligence with big data

Published July 17, 2013   |   
Vijay Dheap

Leading security intelligence solutions today rely upon a set of structured and semi-structured data sources, including logs, network traffic and others, to provide the Security Operations Center with an on-going real-time view of their organization’s security posture.  The metrics employed to evaluate solutions include the scale and speed of data that can be processed in real-time, pruning the large set of raw data to a limited set of significant security incidents requiring the attention of the organization.

While security intelligence solutions do enable security analysts to explore the data and identify emerging threats or pinpoint new risk exposures, the focus is on employing an existing portfolio of threat and risk identifiers to enable real-time analysis for detection.  While this approach is effective for monitoring and maintaining the cyber defenses of an organization as well as improving the response time to handle incidents, a new set of challenges are surfacing which requires security intelligence to be amplified with big data analytics.

Proactively Mitigating Risk and Identifying Threats

As the organizational perimeter blurs due to rapid market adoption of cloud and mobile technologies as well as consumer engagement in social networks, an organization cannot solely focus on defense. Rather the organization has to be more proactive in mitigating risk and identifying threats.

Attackers are also employing more sophisticated targeted attack techniques such as social engineering, and spear-phishing.  The attack methodologies are also adapting to current defensive approaches – attempting to either hide malicious activities among large amounts of innocuous activity or disguise the intent by appearing to be innocuous activity.  Even current tumultuous economic and social conditions are further motivating new types of malicious behaviors.

Read More