Cyber-crime today is big business. Companies now own massive amounts of data, from customer contact details, to financial transaction histories and classified product R&D blueprints. It's no surprise then that cyber espionage has now become a serious focus for financially motivated criminals.
However, businesses face further threats from those who seek to disrupt their business for political motivations, or just for the sheer fun of it, using methods such as distributed denial of service (DDoS) attacks. As a result, the tide of cybercrime is showing no signs of relenting, so maintaining a secure perimeter is more of a priority than ever. The trouble is that today's cybercriminals are using increasingly sophisticated means of attack, which organisations simply can't keep up with.
Bringing a knife to a gunfight
The nature of cyber-threats is a far cry from what it once was. As a consequence, organisations frequently find themselves on the back foot, anchored by an over-reliance on outdated defences, which are simply unsuitable in the modern world. Traditional security efforts have focused on defending against ‘known', documented threats. However, today's attacks are becoming much more adept at fooling these legacy security tools and finding ways to slip through unnoticed. For example, polymorphic malware has the ability to bypass antivirus systems as their code alters slightly each time they are used. These variations in their code mean that they don't appear on an antivirus list of known threats.
As a result, IT teams must take a new approach to security. They need to invest in solutions that can keep up with what's out there, and better tackle the next wave of emergent threats.
Coming under fire from a data barrage
In an attempt to stay on top of these emerging threats, businesses have developed multi-layered security approaches, combining a plethora of antivirus programmes, firewalls and malware detectors. But the more security tools they use, the more data is generated, with each tool notifying and alerting on potential threats around the clock.
With this deluge of data, security professionals need tools that can help them qualify and prioritise risk. This has led to growing investment in Security Information and Event Management (SIEM) tools. These tools can aggregate and correlate data from a number of different security systems into a single centralised and manageable feed, providing some relief for security teams.
Although SIEMs have a major part to play in the way IT security is executed, they are not without their limitations. Firstly, these tools are expensive, and critically have issues around scalability, as they don't allow for multiple streams of data. What's more, most SIEMs are based on SQL databases, meaning that modern security priorities, such as web and email monitoring, which generate unstructured data, are hard to analyse. Consequently, security analysis can be slow, and lack the ability to provide a holistic overview of any incident at hand failing to provide any context around those alerts.
Breaking out Big Data
To overcome the limitations of SIEM tools, some organisations are starting to implement Big Data security analytics solutions. These can be much more cost-effective as they are highly scalable and can run on commodity hardware. Most importantly, Big Data analytics can process unstructured data from all over the organisation to add a level of context and awareness to security incidents that was previously impossible to achieve. This context can aid security professionals by combining the ‘normal' status of network activity, such as end-user activity, statuses of hardware and application usage, with existing security systems, to help them determine the level of threat.
By having additional context around threats, security professionals can detect issues that traditional tools may have missed, for example, by detecting that a piece of code that has never been seen before on the network. What's more, analytics can help security teams prioritise multiple concurrent threats, to ensure that teams focus their attentions on the most serious threats.
Lining up your sights
In today's security landscape, traditional methods for securing the borders are unable to keep up with the new threats that are emerging. Whilst some businesses are trying to tackle these by implementing more security tools, the fact is that these are generating so much data that security teams are struggling to handle the sheer quantities.
It may seem that SIEMs are able to offer respite here, but the reality is that data from all over the network is becoming relevant to IT security – something that SIEMs alone can't address. As volumes of data continue to explode, businesses need to look towards new security methods that incorporate Big Data analytics to provide insight and context from all parts of the network. These tools will be crucial to keeping security up to date in the Big Data age. Just as medieval castles have been rendered wholly inadequate by modern warfare, relying on a firewall and an up-to-date antivirus package is no longer enough in the face of today's cyber bandits.
Neil King is VP of security analytics at Guavus