This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Keeping the cyber bandits at bay with Big Data

Share this article:

Big Data security analytics could trump SIEM solutions in the battle to keep out cyber attackers.

Keeping the cyber bandits at bay with Big Data
Keeping the cyber bandits at bay with Big Data

Cyber-crime today is big business. Companies now own massive amounts of data, from customer contact details, to financial transaction histories and classified product R&D blueprints. It's no surprise then that cyber espionage has now become a serious focus for financially motivated criminals.

However, businesses face further threats from those who seek to disrupt their business for political motivations, or just for the sheer fun of it, using methods such as distributed denial of service (DDoS) attacks. As a result, the tide of cybercrime is showing no signs of relenting, so maintaining a secure perimeter is more of a priority than ever. The trouble is that today's cybercriminals are using increasingly sophisticated means of attack, which organisations simply can't keep up with.  

Bringing a knife to a gunfight

The nature of cyber-threats is a far cry from what it once was. As a consequence, organisations frequently find themselves on the back foot, anchored by an over-reliance on outdated defences, which are simply unsuitable in the modern world. Traditional security efforts have focused on defending against ‘known', documented threats. However, today's attacks are becoming much more adept at fooling these legacy security tools and finding ways to slip through unnoticed. For example, polymorphic malware has the ability to bypass antivirus systems as their code alters slightly each time they are used. These variations in their code mean that they don't appear on an antivirus list of known threats.

As a result, IT teams must take a new approach to security. They need to invest in solutions that can keep up with what's out there, and better tackle the next wave of emergent threats.

Coming under fire from a data barrage

In an attempt to stay on top of these emerging threats, businesses have developed multi-layered security approaches, combining a plethora of antivirus programmes, firewalls and malware detectors. But the more security tools they use, the more data is generated, with each tool notifying and alerting on potential threats around the clock.

With this deluge of data, security professionals need tools that can help them qualify and prioritise risk. This has led to growing investment in Security Information and Event Management (SIEM) tools. These tools can aggregate and correlate data from a number of different security systems into a single centralised and manageable feed, providing some relief for security teams.

Although SIEMs have a major part to play in the way IT security is executed, they are not without their limitations. Firstly, these tools are expensive, and critically have issues around scalability, as they don't allow for multiple streams of data. What's more, most SIEMs are based on SQL databases, meaning that modern security priorities, such as web and email monitoring, which generate unstructured data, are hard to analyse. Consequently, security analysis can be slow, and lack the ability to provide a holistic overview of any incident at hand failing to provide any context around those alerts.

Breaking out Big Data

To overcome the limitations of SIEM tools, some organisations are starting to implement Big Data security analytics solutions. These can be much more cost-effective as they are highly scalable and can run on commodity hardware. Most importantly, Big Data analytics can process unstructured data from all over the organisation to add a level of context and awareness to security incidents that was previously impossible to achieve. This context can aid security professionals by combining the ‘normal' status of network activity, such as end-user activity, statuses of hardware and application usage, with existing security systems, to help them determine the level of threat.

By having additional context around threats, security professionals can detect issues that traditional tools may have missed, for example, by detecting that a piece of code that has never been seen before on the network. What's more, analytics can help security teams prioritise multiple concurrent threats, to ensure that teams focus their attentions on the most serious threats.

Lining up your sights

In today's security landscape, traditional methods for securing the borders are unable to keep up with the new threats that are emerging. Whilst some businesses are trying to tackle these by implementing more security tools, the fact is that these are generating so much data that security teams are struggling to handle the sheer quantities.

It may seem that SIEMs are able to offer respite here, but the reality is that data from all over the network is becoming relevant to IT security – something that SIEMs alone can't address. As volumes of data continue to explode, businesses need to look towards new security methods that incorporate Big Data analytics to provide insight and context from all parts of the network. These tools will be crucial to keeping security up to date in the Big Data age. Just as medieval castles have been rendered wholly inadequate by modern warfare, relying on a firewall and an up-to-date antivirus package is no longer enough in the face of today's cyber bandits.

Neil King is VP of security analytics at Guavus

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in Opinion

How do you stop an Energetic Bear?

How do you stop an Energetic Bear?

Companies must think like a hacker and commit to penetration testing to protect themselves from data breaches, says Chema Alonso.

Is your app secure? Probably not

Is your app secure? Probably not

App vulnerabilities need to be thought about holistically, so the network and database in which they reside also need to be considered says Josh Shaul.

All your vulnerabilities belong to us: The rise of the exploit

All your vulnerabilities belong to us: The rise ...

The growing impact of web exploits isn't just limited to the enterprise market and must be countered on an industry-scale, says Pedro Bustamante.