The old adage ‘what you don’t know can’t hurt you’ could not be further from the truth when it comes to cybersecurity. The sheer volume of cyber-attacks – it has been estimated there are up to 90 million cybersecurity incidents per year, while the number of attacks increased 38 per cent in 2015 from 2014 – means it’s near impossible for businesses to be aware of every threat that could potentially be targeting their data. Furthermore, the rise in sophistication of attacks now being launched by cybercriminals means they are increasingly going under businesses’ radars.
Further exacerbating these security struggles is the growing trend of human risk, with insider fraud, rogue traders and non-compliance breaches are now the biggest risk factors for many businesses, especially financial institutions. Businesses’ fragmented systems are creating data silos and multiple points of entry into systems, from email, documents and trading systems to video, social media, web and mobile devices, which makes it increasingly difficult to monitor and detect threats.
Desperate for a solution to these problems, IT and information security leaders are increasingly recognising that the key to detecting malicious insider threats, negligent employee actions, and advanced security threats that are slipping through their defences is to analyse data at scale. The need for big data and cognitive analytics to help eliminate insider threats and human risk has never been greater.
The more data and analytics the better
Research firm IDC recently forecast (opens in new tab)that by 2020 organisations that are able to analyse all relevant data and deliver actionable information will achieve an extra $430 billion in productivity benefits over their less analytically oriented peers.
A recent Ponemon Institute study (opens in new tab) found this is especially the case when it comes to cybersecurity. The study revealed that organisations are 2.25 times more likely to identify a security threat within hours or even minutes when they heavily use big data analytics in their cybersecurity strategy. More than seven in ten of the respondents advised that usage of big data analytics had significantly increased (41 per cent) or increased (30 per cent) in the previous 12 months. What’s more telling is that of the companies that were heavy users of big data, three quarters (75 per cent) had seen demand increase significantly.
From a cybersecurity perspective, the value of being able to interpret and action big data analytics to detect unknown threats is undoubtedly huge, yet the vast majority of businesses are still unable to achieve this. The Ponemon research found that nearly two-thirds of businesses still find deploying cybersecurity analytics very difficult (34 per cent) or difficult (30 per cent), with the two biggest restricting factors being a lack of in-house expertise (65 per cent) and insufficient technologies (60 per cent).
Time to leave legacy behind
Businesses’ attempts to protect themselves against the ever-growing tide of cybersecurity attacks is often being hindered by their legacy IT systems. Nearly three quarters revealed their willingness to deploy advanced analytics to get ahead of threats was being made impossible by their traditional systems, such as a SIEM. This means the large majority of businesses are unable to discover abnormal activity leveraging advanced analytics within the mass of data they are racking up, with it taking them weeks rather than minutes to flag security events to responders.
To make this process easier, businesses are increasingly turning to Apache Hadoop, an open source software framework which enables them to use machine learning models to process data sources – including user, network, endpoint and external threat feeds – to establish baselines of normal behaviour. Once this is established, small changes in typical IT activity can be automatically discovered with machine learning to indicate attacks that may have gone unnoticed by more traditional, legacy security solutions.
Ponemon interviewed our customers and discovered that Hadoop increases the amount of data they are able to analyse (84 per cent), while also increases the speed at which they can process data (80 per cent) and the volume of data they are able to store (70 per cent).
A good example of this in practice is user behaviour analytics (UBA) expert Niara, which focuses on detecting attacks that have evaded other security defences. Its insight is based on three years of tuning and extending Cloudera’s innovative technology platform (CDH) and machine learning, to create the most mature and stable Hadoop-based UBA solution.
The need for intelligent technology
It deploys machine learning analytics at each stage of the kill chain looking for tell-tale changes in user and host behaviour, to alert businesses before any damage is done. For example, it can pre-empt a user unknowingly circulating ransomware by opening the wrong email attachment, the exposure of access credentials to unauthorised users, or system admins infiltrating patient healthcare records to sell on the dark web.
When an attack is detected, Niara delivers a historical forensic record of the affected entities to a security analyst, which massively reduces the time for investigation and response from hours or even days down to just a matter of minutes. This real-time analysis and prevention of threats is vital for businesses in the modern age of cybersecurity. Open source technology, such as Hadoop, makes managing and protecting data easier - especially when done so at scale. IDC’s research found that digital transformation initiatives will see consumption of data increase at least 100-fold, while 60 per cent of information delivered to decision makers will be considered actionable by 2020 – double the current level.
This huge abundance of data being created means it is vital for businesses to be able to effectively capture, manage, store and interpret the information they hold. There is an ever-increasing need for intelligent technology that allows them to enhance their knowledge of their data but also predict and prevent any suspect behaviour around it.
Wim Stoop, Senior Product Marketing Manager EMEA, Cloudera (opens in new tab)
Image source: Shutterstock/lolloj