Big Data Security Analytics – A Smart Move! Or is it?
In order to thwart attacks from a growing army of sophisticated cyber criminals, many enterprises around the world are deploying Big Data security analytics technologies to fortify their network security systems. And while theoretically speaking this is a smart move, in reality Big Data security analytics technologies are often turning out to be categorically unmanageable — and therefore dangerously ineffective.
Ironically, Big Data’s Big Problem is not essentially rooted in the technologies themselves. SIEMs, forensics solutions, and visibility solutions are designed to detect attacks by aggregating a massive number of internal events and terabytes of network traffic data. Again, in theory, it works fine and comes across nicely in a marketing brochure. But in practice it rapidly falls apart, and it’s because of two words: operational burden.
In order for enterprises to take full advantage of Big Data security analytics technologies, they need highly specialized – and increasingly costly – security professionals to spend an inordinate amount of time manually defining various attack characteristics, so they know what to look for. Otherwise, they must chase down thousands – or tens of thousands – of potential threats a day; most of which are false positives (i.e. activity deemed suspicious that turns out to be harmless).
Of course, this is academic, because enterprises – save perhaps those in the Fortune 50 – cannot justify spending hundreds of thousands or millions of dollars a year to hire these aforementioned highly specialized security professionals; especially since more are constantly going to be needed as the cyber threat landscape worsens.
So, what are enterprises doing to resolve this dilemma? They’re being pragmatic by turning the volume down on their “noisy” Big Data technologies. Naturally, this cuts down on false positives, which in turn creates a manageable workload for incident response teams – and an affordable network security program for enterprises.
However, the trade-off for this workaround is daunting: it exposes enterprises to false negatives (i.e. real threats) that, if not investigated, can turn into data breaches – some of which last for weeks or months without being found. Indeed, this is apparently what happened at Target, and will no doubt happen to many other victims in the months and years ahead who don’t have the capacity to handle the overwhelming operational burden imposed by Big Data technologies.
Fortunately, while there’s no going back to the (so-called) “good old days” when hackers were typically bored teenagers looking to damage machines – and not the highly sophisticated profit-driven cyber criminals they are today – enterprises do indeed have a way out of this dilemma that is practical, effective and affordable: take an adaptive approach.
An adaptive approach uses behavioral-based network level profiling to continuously detect suspicious network activity. If detected, the host that generated the suspicious activity is tested against various indicators of compromise. Legitimate activity is flagged as “clean”, and therefore doesn’t trigger a potentially costly and complex investigation. Confirmed breaches are flagged as “threats” and incident end users receive contextual details (what, who, when, where, and how), along with instructions on what to do in order to mitigate the threat.
And just as importantly: all of the above happens automatically, eliminating the need to hire highly trained and costly security professionals who must be equally well-versed in data science and cyber forensics. Instead a short list of qualified breaches is left for the existing security team to remediate, helping them focus .
The bottom line is that an adaptive approach resolves the operational burden imposed by Big Data technologies: a burden that is paradoxically leading to network insecurity, and playing right into the hands of cyber criminals who aren’t just looking for systemic network security weaknesses. They’re counting on them.
Learn more about taking an adaptive approach to your enterprise’s network security by downloading our new, free white paper Responding to the Evolution of Cyber Threats