Using Big Data to Secure the Enterprise
Every year the world produces around 1,200 Exabytes of Data. This is the data equivalent of 80.53 Billion 16 Gigabyte IPhone 5’s, which when laid end to end is enough to circle the Earth more than 100 times. The question often asked is how we can best utilize this vast amount of data, known as “Big Data”, to improve cyber-security?
Such a marriage between these two seemingly disparate fields would allow companies to analyze data, correlate data, and gain deeper insight into a multitude of cyber threats, hacker techniques, and network vulnerabilities. This capability would enable companies to better evaluate risks and respond to incidents with a surgical precision, resulting in greater cyber resilience and a decreased impact to business operations.
So how does a company achieve these lofty goals? The Graphic below demonstrates the process a company would need to follow to successfully move forward with the merging of data and information security. The first step is to identify all of your possible data sources from global news sources to server logs to your administrator’s experienced gut instinct. Then the data is correlated and baselines are created. The baselines are then utilized to identify anomalies within the network. There are certain considerations that need to be entertained during this process including the voracity and accuracy of the data, the relevance of the data, and the risk the information may pose to the enterprise. This information is then fused and applied to both “Incident Response” for trending and “Offensive Cyber-Security” for developing future strategies. While the process has been simplified to enable better understanding by the reader, it is actually a very painstaking and complex chain of events that is constantly repeating itself. In order to be effective in using big data for cyber-security, an organization should be at some stage of the outlined process at any given time and constantly seeking ways to improve the process.
Such a marriage between these two seemingly disparate fields would allow companies to analyze data, correlate data, and gain deeper insight into a multitude of cyber threats, hacker techniques, and network vulnerabilities. This capability would enable companies to better evaluate risks and respond to incidents with a surgical precision, resulting in greater cyber resilience and a decreased impact to business operations.
So how does a company achieve these lofty goals? The Graphic below demonstrates the process a company would need to follow to successfully move forward with the merging of data and information security. The first step is to identify all of your possible data sources from global news sources to server logs to your administrator’s experienced gut instinct. Then the data is correlated and baselines are created. The baselines are then utilized to identify anomalies within the network. There are certain considerations that need to be entertained during this process including the voracity and accuracy of the data, the relevance of the data, and the risk the information may pose to the enterprise. This information is then fused and applied to both “Incident Response” for trending and “Offensive Cyber-Security” for developing future strategies. While the process has been simplified to enable better understanding by the reader, it is actually a very painstaking and complex chain of events that is constantly repeating itself. In order to be effective in using big data for cyber-security, an organization should be at some stage of the outlined process at any given time and constantly seeking ways to improve the process.
Comments
Post a Comment