Big Data & Predictive Analytics Can Identify Cyber Risks

Framework for big data and analytics for semiconductors manufacturing.

In today’s fast-moving, dynamic digital environment, there is no crystal ball that can tell you the form or target for the next cyber attack.

The IT product development cycle has become so fast and centered on functionality that security is rarely in focus. Most developers assume that the layers upon which they build provide the necessary security. Unfortunately, the platforms upon which most of these systems have been built are porous, and attackers are actively looking to exploit the holes in these systems at all levels.

Since the form or morphology of these attacks can change so dramatically between iterations, CISOs must assume that some will succeed even as they continuously strengthen their defenses and strive to handle the volume of alerts generated by their current tools. In fact, it is best that CISOs assume it’s a case of “when we get hacked, not if.”

Big data and predictive analytics show great promise when it comes to cyber defense because of their ability to transform massive amounts of data into actionable intelligence. Predictive indicators can identify new emergent risks before they result in significant losses and help your security staff deal, with alert overload.

Today’s cyber criminals have learned that snatch-and-grab attacks, where they attempt to quickly steal large amounts of data from a network, are easily detected by network defenses such as firewalls and anti-virus, which will effectively shut down or quarantine access. Therefore, criminals have evolved a more patient approach, constructing layered software that is designed to steal small fragments of data over a longer period of time.

Because many of these pieces of software are disguised as commonly used formats, jpg and pdf for example, they often can go undetected by many systems. The industry average before a network breach is detected stands at around 200 days. The result for the victim is death by a thousand cuts.

Predictive analytics can detect these data anomalies early on, looking for new patterns of data access, including hidden data that is being exfiltrated into another format and/or encrypted to avoid detection. By finding these anomalous patterns, predictive analytics help reduce a company’s overall risk exposure by limiting the amount of time that it’s inside the network.

Managing Cyber Alerts Effectively
One of the most common issues that CISOs face in regards to cyber security is “alert fatigue,” which results from the sheer volume of the alerts generated by cyber defense systems during the course of a given day.

With predictive analytics, risks are evaluated and ranked on a sliding scale of importance. If suspicious or malicious behavior is suspected, the analytics engine alerts the right people about the suspicious behavior, ranking it from highest to lowest risk. Leveraging vast amounts of data, but processing it efficiently, ensures predictive analytics can provide real-time responses in contrast to older approaches that are time-consuming, inefficient and expensive.

Predictive analytics are not perfect, however, and the desire to go unobserved causes cyber criminals to mimic normal behavior if possible. Therefore, managing the predictive analytics process requires an organization to handle the false positives and false negatives that are generated during the threat surveillance process.

On one hand, the system must have a very low tolerance for false negatives since missing active threats can lead to the disaster we’re trying to avoid. Conversely, they need to determine how many false positives have been received to ensure that neither the system nor the people are overburdened.

Alternatively, it cannot be too restrictive as to block out legitimate traffic, i.e. customer e-mail, etc. which can lead to reduction in profits or customer service. It is a balancing act, and how you manage the process is crucial to obtaining the best results.

With limited resources, organizations need to identify the most severe cases first by prioritizing alerts based on potential impact and then handling all alerts efficiently. One approach is to have levels of security analysts with different skill levels.

First level analysts should try and handle an alert in five minutes, otherwise escalate it to the experts who can distinguish a targeted attack from a generic attack. This way, critical resources are freed up so that organizations are only engaging the most valuable assets on the most important threats. Businesses must address both known and unknown (emergent) risks when developing a cyber defense program. Once risks become “known,” a standard form of defense should be constructed. Companies need to save their most skilled resources for discovering the “unknown risks” and defending against them.

Using predictive indicators to detect the unknown risk is incredibly challenging, but by assessing losses and anomalous behaviors, businesses, along with their partners, can use big data to solve big problems.

Information-Management: 

« Great Wall: China Bans Foreign Online Publishing
IT Spending Predicted To Slow »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Deductive Labs

Deductive Labs

Deductive Labs consulting services help customers with their technology, security and automation challenges.

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

CTM360

CTM360

CTM360 is a unified external security platform offering 24x7x365 Cyber Threat Management for detecting and responding to cyber threats.

Jenson Knight

Jenson Knight

Jenson Knight is a global cyber security, cloud and IT infrastructure staffing specialist.

Red Alert Labs

Red Alert Labs

Red Alert Labs is an IoT security provider. We created an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

NeuVector

NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security from DevOps vulnerability protection to complete protection in production.

SEMNet

SEMNet

SEMNet is an IT solutions provider and an infrastructure and security consulting firm.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

SafeBase

SafeBase

Safebase provide the infrastructure for Trust Communication. Our Trust Center enables Security and Sales teams to share and automate access to security, compliance, and privacy information.

Tracebit

Tracebit

Tracebit uses decoys to detect and respond to cloud intrusions in minutes.

Reveald

Reveald

Reveald is making Exposure Management a reality to solve the biggest challenges in cybersecurity with a trailblazing ‘offense to defense’ approach that gives the advantage back to the business.