siliconindia | |February 201519is to use a layered de-fense strategy. These strategies, first adopted for the battlefield or physical security, are important to operate and maintain, but have limitations. For example, intrusion detection and prevention systems (IDS/IPS) user-ules so they can only protect organi-zations from previously identified threats. Security Incident Event Management Systems (SIEMS), rely on system logs, second-hand representations of what happened on the network, to track incursions. Skilled adver-saries can delete or change logs and make the data worthless for cyber security. Network Data Capture Tools can see all but they can also be too slow.It is tempting for the CISO to add more cyber security instrumentation to the network or to increase the sensitivity of existing security tools. Unfortunately, this results in more alerts to be processed by an already overworked security staff. The CISO must evaluate new tools, techniques, and proce-dures to stay ahead of the adversaries.Harnessing Big Data for Cyber Security is the Path ForwardIn 2013, the Ponemon Institute conducted the Big Data Ana-lytics in Cyber Defense* study to learn about organizations' cyber security defenses and the use of big data analytics to recognize the patterns that represent network threats. As a re-sult, some surprising statistics surfaced, along with powerful insights that are helping to forge more productive conversa-tions on cyber security in organizations of all sizes.The study showed there is an alarming new reality: cyber security challenges continue to grow, with new threats ex-panding exponentially and with greater sophistication. How-ever, what will shock any professional is how organizations perceive their understanding of readiness and vulnerabili-ties--as well as their views on big data cyber security analyt-ics--versus reality.For example, 61 percent of respondents believe big data analytics can solve pressing security issues faced by compa-nies and government; though only 35 percent say they have solutions in place that are the same or comparable to big data analytics for cyber defense.Sixty percent of respondents agree that launching a strong defense against hostile actors and other cyber criminals re-quire their organization to see and quickly contain anomalous and potentially malicious traf-fic in networks. However, only about half say that what is hin-dering their efforts to do so ef-fectively is the scarcity of in-house personnel or expertise.When asked specifically where their or-ganizations are most deficient in their ability to become more proactive in their approach to cyber threats, more than one-third say it is enabling security technologies and 35 percent say professional expertise.Using Big Data for Cyber SecurityRules-based IDS/IPS, SIEMS that analyze log data and net-work capture tools all have a role to play. Big data can be used to augment these defense strategies by providing fast and actionable information to the network defenders.Integrating network operations data and security product data from a layered defense strategy will provide an integrated data source that can capture event correlations or relationships where individually the risk appears low, but when analyzed in aggregate paint a clearer picture of cyber risk. Once in-tegrated, security professionals can apply analytics using MapReduce functions for discovery of new anomalous net-work traffic or behavior and statistical functions to calibrate rules to detect know anomalous network traffic. Additionally, the integrated security data is ideal for BI reporting.Another example of using big data for cyber security is network data packet capture and analysis. Live network data, or big data in this case, is captured from taps on the network, written to disc, enriched with external data, and then made available for analysts to query. This network data is consid-ered to be "Ground Truth" and inherently more reliable and valuable than data from traditional approaches.The benefits of using big data for cyber security include:· Increased events-responded to by the security staff.· Substantially reduced or eliminated damage from breaches.· Create a dramatically more effective and efficient security team.· Maximized security infrastructure investment.· Enhanced confidence that the network is actually secure.The world has changed for security analysts, network defenders and hunters, the CISO and the rest of the C-Suite. Harnessing big data for more effective cyber security is the path forward.
< Page 9 | Page 11 >