RSA Europe 2013: Big data intelligence to transform war on cybercrime

Big data intelligence can become the most important weapon in fighting cyber-attackers, says Symantec security strategist Sian John.

With the data explosion transforming almost every sector in the tech industry, information security looks set to be the latest beneficiary of sophisticated analytics tools and the insight they offer organisations.

During an interview at RSA Europe in Amsterdam today, John told ITProPortal that an intelligence-based approach to protecting the network – enabled by wide-reaching data collection – will become a fundamental part of security strategies no matter the size of the organisation.

Significantly, IT departments must analyse data with the mind-set of a crimes investigation unit, John said, profiling cyber-adversaries like traditional felons, not faceless lone hackers.

“If you look at a serial killer…they’ve always got a favourite modus operandi and a way they work. If you look at criminal gangs they have a similar sort of profile and way of working, and you can do that in threat data,” John explained.

This modus operandi can include favoured vulnerabilities, Internet connections, back-ends, command-and-control servers, and IP addresses, she said, and piecing the intelligence together to form a complete picture of an attacker and his methods could ultimately see organisations match their attackers' every move.

“I think that’s the key, whether you’re small or large [as an organisation], don’t just implement the technology, but look at what comes out the back-end of it. If you’re seeing events, can you pull these events together? Can you see a pattern? There’s lots of great security technology out there, but the key is not to look at what it produces in isolation, but look at the context of everything else that’s going on.”

Data collection must be extensive to create successful intelligence-based strategies, John added, and the big data boom is enabling organisations to devise cutting edge, yet sound, valid approaches to combating cybercrime.

“When you start profiling you’ve got to have enough data to make it worthwhile, otherwise you’re going to start to make assumptions that might not be accurate. That’s why people are getting excited about big data, because that gives you loads of data, which makes it more statistically defendable.”

With two days down and one to go, be sure to check out what else we've been up to at RSA Europe 2013 on our live coverage page, here.