Big Data is more than a buzzword for IT security experts. The emergence into organizations of these huge data sets has brought with it both new challenges and new opportunities in cybersecurity.
Indeed, there’s no doubt that Big Data is altering the way organizations must manage their overall IT assets and that concern will keep pace with the growth of the data sets. With the global per-capita capacity to store information roughly doubling every 40 months since the 1980s, it’s estimated that every day 2.5 exabytes (or 2.5×10 to the 18th power) of new data is created. Capturing, storing, searching, sharing and weeding through all that information is difficult enough – never mind securing and protecting it.
Just ask email security vendor Agari, which offers protection to 2.5 billion email boxes across the globe for its clients. “We’ve seen Big Data driven to the extreme in the case of our online customers,” says Agari CEO Patrick Peterson. “It’s becoming infinitely large.”
However, on the flip side, Big Data can be a tool to help better protect an organization’s resources as well. The Ponemon Institute last year authored a study, sponsored by Teradata, titled “Big Data Analytics in Cyber Defense,” which looked at how organizations might improve their cybersecurity defenses through the use of Big Data analytics and become more efficient in recognizing the patterns that represent network threats. (The Ponemon study also surveyed 706 IT and IT security practitioners in financial services, manufacturing and government agencies with an average of 10 years of experience.) Big Data analytics in security involves gathering massive amounts of digital information to analyze, visualize and draw insights that can make it possible to predict and stop cyberattacks.
While cyberattacks are getting worse, only 20 percent of respondents to the Ponemon survey said their organizations were becoming more effective at stopping these incursions. The study pointed up that, in short, “Big Data analytics + security technologies = stronger cyberdefense posture.” In fact, 82 percent of survey respondents said Big Data analytics combined with anti-virus/anti-malware – and 80 percent say anti-DoS/DDoS – would make their organizations more secure. But, it may take some time to get there as the study also found that while 56 percent of IT professionals are aware of the technologies that provide Big Data analytics and 61 percent say they will solve pressing security issues, only 35 percent have them in place.
“Big Data has come to us very rapidly, and it means a lot of things to a lot of people,” says Chris Coleman, CEO of Lookingglass Cyber Solutions, an Arlington, Va.-based supplier of threat intelligence monitoring and management. “While we have expertise in working with this data, we don’t yet have enough expertise on securing the data…Because of the complexity, this is going to continue to be a major issue.”
Market research firm Gartner also looked at the link between Big Data analytics and cybersecurity in its own report, “Reality Check on Big Data Analytics for Cybersecurity and Fraud,” issued in April. The study found that: “Big data analytics give enterprises faster access to their own and relevant external information…Enterprises can achieve significant savings in time and money when using Big Data analytics to stop crime and security infractions, by stopping losses and by increasing productivity.”
But, the Gartner study also found that that adoption might take time As Agari’s Peterson (below) points out, “Before we even begin on the technology side, we need to focus on the needles we are trying to get from this haystack.” There are, he says, “an infinite amount of ways to derive…what we need to pull out.”
For Chris Fedde, president of Hexis Cyber Solutions, a Hanover, Md.-based cybersecurity vendor launched just last year, a large part of the drive to making the most of Big Data analytics is to automate the process of weeding through alerts, so as not to overwhelm the people in the process. When it comes to using Big Data to suss out possible or potential cyberattacks, Fedde warns that organizations need to be careful not to simply produce more alerts because they can. Instead, he says, they need to be more selective in detecting suspicious activity.
“There may be 100 alerts, only five of which are legitimate,” Fedde says. “We need to get out of this tsunami of alerts.”
Organizations are also struggling with Big Data because, as Fedde points out, “it cuts across so many parts of the organization.” Much like many other IT issues, dealing with Big Data analytics within the siloes of large financial institutions, government agencies and other organizations can be overwhelming.
John Pirc, chief technology officer for NSS Labs, an information security research and advisory company based in Austin, Texas, says that the securing of Big Data and use of Big Data analytics is further complicated by the continuing move to cloud environments. “I have seen, with clients and talking to vendors, a lot more policies going forward that are looking to the cloud, and that [creates] all sorts of chain-of-custody issues,” he says.
But, as organizations are able to scale the challenges of using Big Data analysis for security, industry observers believe it will ultimately become an important part of pinpointing potential cybersecurity breaches and also managing post-breach forensic analysis.
Customers need better solutions that can work with this larger aggregate of information, says Brian Contos, vice president for threat intelligence for Blue Coat Systems, a Sunnyvale, Calif.-based provider of security and networking solutions. “The real key to this is integration, drawing from the global intelligence networks, millions of feeds and real-time data.”
So, what can organizations do in the meantime? Although it still is early days for Big Data analytics, more and more companies are emerging that use this technology. Coleman’s Lookingglass Cyber Solutions, for example, uses Big Data analytics to create threat intelligence in order to increase users’ network awareness of both internal threats as well as those on other networks and the internet, all of which could potentially infect them. According to Coleman, his company uses “multiple Big Data technologies” to store and manipulate data, but he admits that “when it comes to securing Big Data assets, organizations are behind in sophistication.”
Seculert, another recent startup, also uses Big Data to bolster security – analyzing customer traffic and gateways to better identify advanced malware. According to Aviv Raff, CTO at the Santa Clara, Calif.-based firm that offers enterprises protection from advanced persistent threats and malware, that means looking not just in real time at traffic logs, but over time. “Big Data is allowing us to analyze information is a way that allows you to see what is happening now as well as what happened in the past,” says Raff.
As Fedde at Hexis (right) points out, in this sea of almost immeasurable and increasing data, ultimately organizations will have to become more selective in the way they approach using Big Data to analyze their potential security issues. “The amount of data is growing exponentially,” Fedde says. “If the approach is to ingest everything, there’s no way to get out of that upward spiral. We need to learn to ingest the data that’s relevant to the specific mission.”