Big Data & Predictive Analytics Can Identify Cyber Risks

Uploaded on 2016-03-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments, TECHNOLOGY--Resilience

Framework for big data and analytics for semiconductors manufacturing.

In today’s fast-moving, dynamic digital environment, there is no crystal ball that can tell you the form or target for the next cyber attack.

The IT product development cycle has become so fast and centered on functionality that security is rarely in focus. Most developers assume that the layers upon which they build provide the necessary security. Unfortunately, the platforms upon which most of these systems have been built are porous, and attackers are actively looking to exploit the holes in these systems at all levels.

Since the form or morphology of these attacks can change so dramatically between iterations, CISOs must assume that some will succeed even as they continuously strengthen their defenses and strive to handle the volume of alerts generated by their current tools. In fact, it is best that CISOs assume it’s a case of “when we get hacked, not if.”

Big data and predictive analytics show great promise when it comes to cyber defense because of their ability to transform massive amounts of data into actionable intelligence. Predictive indicators can identify new emergent risks before they result in significant losses and help your security staff deal, with alert overload.

Today’s cyber criminals have learned that snatch-and-grab attacks, where they attempt to quickly steal large amounts of data from a network, are easily detected by network defenses such as firewalls and anti-virus, which will effectively shut down or quarantine access. Therefore, criminals have evolved a more patient approach, constructing layered software that is designed to steal small fragments of data over a longer period of time.

Because many of these pieces of software are disguised as commonly used formats, jpg and pdf for example, they often can go undetected by many systems. The industry average before a network breach is detected stands at around 200 days. The result for the victim is death by a thousand cuts.

Predictive analytics can detect these data anomalies early on, looking for new patterns of data access, including hidden data that is being exfiltrated into another format and/or encrypted to avoid detection. By finding these anomalous patterns, predictive analytics help reduce a company’s overall risk exposure by limiting the amount of time that it’s inside the network.

Managing Cyber Alerts Effectively
One of the most common issues that CISOs face in regards to cyber security is “alert fatigue,” which results from the sheer volume of the alerts generated by cyber defense systems during the course of a given day.

With predictive analytics, risks are evaluated and ranked on a sliding scale of importance. If suspicious or malicious behavior is suspected, the analytics engine alerts the right people about the suspicious behavior, ranking it from highest to lowest risk. Leveraging vast amounts of data, but processing it efficiently, ensures predictive analytics can provide real-time responses in contrast to older approaches that are time-consuming, inefficient and expensive.

Predictive analytics are not perfect, however, and the desire to go unobserved causes cyber criminals to mimic normal behavior if possible. Therefore, managing the predictive analytics process requires an organization to handle the false positives and false negatives that are generated during the threat surveillance process.

On one hand, the system must have a very low tolerance for false negatives since missing active threats can lead to the disaster we’re trying to avoid. Conversely, they need to determine how many false positives have been received to ensure that neither the system nor the people are overburdened.

Alternatively, it cannot be too restrictive as to block out legitimate traffic, i.e. customer e-mail, etc. which can lead to reduction in profits or customer service. It is a balancing act, and how you manage the process is crucial to obtaining the best results.

With limited resources, organizations need to identify the most severe cases first by prioritizing alerts based on potential impact and then handling all alerts efficiently. One approach is to have levels of security analysts with different skill levels.

First level analysts should try and handle an alert in five minutes, otherwise escalate it to the experts who can distinguish a targeted attack from a generic attack. This way, critical resources are freed up so that organizations are only engaging the most valuable assets on the most important threats. Businesses must address both known and unknown (emergent) risks when developing a cyber defense program. Once risks become “known,” a standard form of defense should be constructed. Companies need to save their most skilled resources for discovering the “unknown risks” and defending against them.

Using predictive indicators to detect the unknown risk is incredibly challenging, but by assessing losses and anomalous behaviors, businesses, along with their partners, can use big data to solve big problems.

Information-Management: 

« Great Wall: China Bans Foreign Online Publishing
IT Spending Predicted To Slow »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Trustonic

Trustonic

Trustonic is a leader in the device security market. Our mission is to protect apps, secure devices & enable trust.

eCosCentric

eCosCentric

eCosCentric provides software development solutions for the IoT, M2M & embedded systems market.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

Agio

Agio

Agio provide Managed IT & Cybersecurity for Financial Firms. Our industry-specific expertise and AI-powered service delivery transform reactive support into proactive prevention.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

63Sats Cybertech

63Sats Cybertech

63SATS is the cybersecurity business unit of 63 Moons Technologies, a world leader in providing next-generation technology ventures, innovations, platforms, and solutions. 

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.

Aeris

Aeris

Aeris IoT Watchtower is the world’s first fully integrated cyber security solution for cellular IoT devices.

Texas Cyber Solutions

Texas Cyber Solutions

Texas Cyber Solutions are elite cybersecurity advisors based in Houston, Texas providing network security solutions, penetration testing, and more.