View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 12, 2015updated 22 Aug 2016 11:40am

Five steps for better security analytics in 2015

Martin Borrett, Director of the IBM Institute for Advanced Security Europe, illustrates how vital big data security analytics will be in 2015.

By Ellie Burns

Big data security analytics are vital for 2015. Unfortunately, security threats will only increase in cost, severity and complexity. No one is immune. For example, a large utility is typically "pinged" one million times every day by malicious parties. That sounds like a lot, but these attacks are rarely noticed because the same utility processes millions of events per second, offering plenty of cover.

Current approaches are best suited to combat known threats. The challenge is finding new associations and uncovering patterns to identify clues about attacks such as advanced persistent threats, spear phishing and hacktivism.

Among the noise of big data, organisations need sophisticated, real-time analytics to find a relatively weak signal. Many threats cannot be detected without deep insight. The challenge organisations face is learning how to extend their security strategies to find and neutralise increasingly complex threats.

Real-time big data security analytics must filter and analyse millions of events per second across a wide variety of data sources, including traditional security sources, such as log or audit files, and emerging sources such as images, social data, sensors and email.

Think of big data security analytics in terms of a city. A city has roads leading into and out of the city limits. Air traffic from planes, emergency helicopters and airships for sporting events fill the air. Buildings contain private, governmental and for-profit organisations of all sizes; commerce takes place in retail establishments, hotels and via free citywide wireless services — you get the point. A lot needs to be done to protect people, vehicles, personally identifiable data and corporate data, but most of it is neither controllable nor predictable. Can you correlate a business traveller’s Internet usage across airports, hotels and mobile devices without violating privacy laws? What do you need to succeed?

The following are five tips to help you protect your "city" in 2015:

1. Analyse all assets in motion

Analyse structured data and emerging unstructured sources to proactively identify and correlate incidents and deliver insight. Send real-time alerts for predefined behaviours and events. Quickly ingest, analyse and correlate information as it arrives from thousands of big data sources or store for historical analysis in a Hadoop platform.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

2. Continually filter and expose

Observe unearthed insights in real time to filter out false positives, expose false negatives or store information for additional analysis.

3. Understand access through disparate sources and the Internet

Highlight potential attack vectors by constantly analysing the various ways applications, networks, databases, mobile devices and more can be accessed from both inside and outside of the enterprise.

4. Respond to events in real time

Complete real-time analysis of big data — including unstructured sources such as social, video and sensors — to identify and respond to suspicious deviations from baseline behaviours.

5. Recognise patterns in interactions

Create a baseline activity for cyber traffic and physical movements to identify deviations from normal behaviour, and then determine which deviations are meaningful to help detect attacks in progress.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU