Big data security analytics are vital for 2015. Unfortunately, security threats will only increase in cost, severity and complexity. No one is immune. For example, a large utility is typically "pinged" one million times every day by malicious parties. That sounds like a lot, but these attacks are rarely noticed because the same utility processes millions of events per second, offering plenty of cover.
Current approaches are best suited to combat known threats. The challenge is finding new associations and uncovering patterns to identify clues about attacks such as advanced persistent threats, spear phishing and hacktivism.
Among the noise of big data, organisations need sophisticated, real-time analytics to find a relatively weak signal. Many threats cannot be detected without deep insight. The challenge organisations face is learning how to extend their security strategies to find and neutralise increasingly complex threats.
Real-time big data security analytics must filter and analyse millions of events per second across a wide variety of data sources, including traditional security sources, such as log or audit files, and emerging sources such as images, social data, sensors and email.
Think of big data security analytics in terms of a city. A city has roads leading into and out of the city limits. Air traffic from planes, emergency helicopters and airships for sporting events fill the air. Buildings contain private, governmental and for-profit organisations of all sizes; commerce takes place in retail establishments, hotels and via free citywide wireless services — you get the point. A lot needs to be done to protect people, vehicles, personally identifiable data and corporate data, but most of it is neither controllable nor predictable. Can you correlate a business traveller’s Internet usage across airports, hotels and mobile devices without violating privacy laws? What do you need to succeed?
The following are five tips to help you protect your "city" in 2015:
1. Analyse all assets in motion
Analyse structured data and emerging unstructured sources to proactively identify and correlate incidents and deliver insight. Send real-time alerts for predefined behaviours and events. Quickly ingest, analyse and correlate information as it arrives from thousands of big data sources or store for historical analysis in a Hadoop platform.
2. Continually filter and expose
Observe unearthed insights in real time to filter out false positives, expose false negatives or store information for additional analysis.
3. Understand access through disparate sources and the Internet
Highlight potential attack vectors by constantly analysing the various ways applications, networks, databases, mobile devices and more can be accessed from both inside and outside of the enterprise.
4. Respond to events in real time
Complete real-time analysis of big data — including unstructured sources such as social, video and sensors — to identify and respond to suspicious deviations from baseline behaviours.
5. Recognise patterns in interactions
Create a baseline activity for cyber traffic and physical movements to identify deviations from normal behaviour, and then determine which deviations are meaningful to help detect attacks in progress.