Big data’s evolving role against security threats

Published December 7, 2016   |   

The fight against cyber attacks is never-ending. According to the latest figures from Check Point, October 2016 saw the number of malware attacks increase by 5% because of high-profile incidents such as HummingBad. The malicious software, which originated in China, managed to affect millions of Android devices before it was finally detected. Using a persistent rootkit, it was able to generate fraudulent ad revenue and install unwanted apps on users’ phones.

HummingBad has been traced back to Chinese mobile ad company Yingmob. One of the main ways the hackers avoided detection was through their association with this legitimate business. Using and sharing Yingmob’s analytics, the cybercriminals were able to target users with specific fraudulent ads and generate in the region of $300,000 a month.

Essentially, big data (supplied by the analytics company that was complicit with the gang) was used to exploit Android users. However, it’s not all bad news when it comes to big data and malicious software. Although malware attacks are still plaguing businesses and individuals, big data has become a very useful tool to fight back. A US government-backed survey conducted by MeriTalk has revealed that 84% of respondents said that big data has helped block attacks. Moreover, among the businesses which have used big data for security purposes, 90% have seen a decline in breaches.

Big data providing multiple forms of defense

As we head into 2017, big data is set to become even more intertwined with online and mobile security. For instance, Web Application Firewalls (WAFs), which are an effective way to avoid vulnerability to threats such as SQL injections, have benefited immensely from big data techniques. Because WAFs sit on the edge of a network, it means that business owners don’t have to undertake any expensive recording of their websites.

One of the reasons WAFs are effective is their use of crowdsourcing techniques. According to security firm Incapsula, a WAF aggregates threat information from across the security provider’s network using big data analytics. The results are then used to “identify new attacks” and apply “mitigation rules” to the websites running this WAF.

For instance, when you run a website there are good bots and bad bots. Search engines are an example of a bot you want to give access to your site (i.e. for rankings, customer searches, etc.). In contrast, scrapers and vulnerability scanners (which could then open you up to malware) are bots you want to avoid.

Using crowdsourcing, a WAF will have advanced client classification capabilities which means it can distinguish between good and bad bots. As well as being effective for common bots, the technology uses big data to determine the reputation of a new bot. Anything that’s deemed to have a negative reputation will be blocked from accessing your site.

Constantly evolving threats require constant analysis

Essentially, WAFs are constantly evolving through the use of big data analytics. This type of active defense is the best way to protect against the latest threats and, moreover, the reason many companies are now reporting security improvements. In fact, telecoms company BT has claimed that big data analytics is the best way forward for security experts. Oliver Newbury, CTO for BT Security, told Forbes that security is becoming “non-linear”.

He believes that attacks are now coming from multiple sources in a network, which makes it much harder to trace them back. However, by using data from a variety of sources, including information from BT’s network as a whole and traditional security controls, Newbury is able to build up a “broad picture” of how certain elements are affecting the company’s exposure to threats.

Thanks to big data, online and mobile security have become a holistic process. Harnessing information from a variety of sources to create a live picture of a network is now the best way to stop malware and other unwanted attacks from entering companies’ precious databases.