Dale Kim, senior director of industry solutions, MapR
Dale Kim, senior director of industry solutions, MapR

Considering the number of high-profile cyber-attacks that occurred in 2016, it is not surprising that many organisations will be making cyber-security a top priority this year. It is clear that traditional security solutions are struggling to keep pace with cyber-criminals, and increasingly sophisticated and better-funded cyber-attacks mean that businesses can no longer rely on a ‘detect and respond' approach to cyber-security.

Data overload

Traditional approaches to data security are proficient at combating many known threats. But, while they are good at creating alerts for events that deviate from “business as usual” patterns, traditional approaches can do little - if anything - for organisations hoping to beef up and grow their security strategies to detect and guard against complex, omnipresent cyber-threats.

For instance, traditional solutions are good at generating an alert of potentially “suspicious activity” if it identifies a number of failed attempts to login to the same account from the same IP address. They will also send an alert if it identifies excessive data access outside of working hours from a given account. But guess what? Hackers are aware that these patterns are tracked, and they have altered their approach to avoid their usual methods.

Not only do traditional solutions fail to offer the comprehensive protection that an organisation needs, they simply cannot handle the sheer volume of data being created by organisations' ever-growing networks and web perimeters.

There is a case to be made for big data for security analytics

No industry remains untouched by the potential of big data, and just about any organisation with an extensive network can benefit from security analytics. In fact, the most sinister threats cannot be detected without deep insight into networks, data, and usage.

The International Institute of Analytics predicts that big data for security analytics will be the first line of defence when it comes to threat detection, deterrence, and prevention. Big data solutions are capable of capturing, filtering and analysing millions of discrete network events per second. These solutions can work with a vast range of data sources, including audit and log files, and unstructured data, such as email, social media, images, video, news feeds, and many others. This integrated security approach is in high demand, with the big data analytics market predicated to reach US $203 billion (£163 billion) by 2020.

Organisations must ensure that they retain the massive amounts of data needed to deploy large-scale security analytics for optimal visibility into activity across the infrastructure. The use of automated and actionable intelligence enables organisations to identify potential anomalies.

Getting started

Integrating big data for security analytics can seem to be a daunting task to organisations that are still dependent on traditional security approaches.

Of course, protecting your data is not only about security analytics. A comprehensive security strategy must also include the traditional security controls built into your data platform. Here are a few recommendations for getting started:

1. Ensure that the data platform(s) you deploy has a strong focus on authorisation, authentication, and data protection capabilities, and your team is committed to leveraging them. It is unacceptable to disable security controls because they are too cumbersome to administer, so look for a platform that doesn't require excessive effort in locking down data. And be sure to investigate auditing capabilities, which are critical to track data access and for tracing it back to any unforeseen breaches.

2. Traditional security analytics platforms fail to handle unstructured data in a scalable and efficient manner. It is therefore crucial that organisations select a scalable platform that enables them to garner true insight from granular data. Organisations should look to converged solutions that deploy a broad range of the latest big data tools, to enable them gain the most complete picture of potential threats.

3. Organising internal resources can also facilitate big data for security analytics. Companies should ensure that their IT security analysts and data scientists are talking and meeting regularly to ensure they are synced on the best approach to evolve the security platform against emerging threats.

The modern threat environment requires organisations to predict attacks before they strike, and identifying weaknesses in the system before hackers do will be essential to out-manoeuvre the cyber-criminals. In 2017, it is important that organisations consider the massive potential of using big data technology to defend their current customers and assets against the growing cyber-threat.

Organisations who are serious about protecting their networks must look beyond traditional security solutions, and deploy large-scale, advanced analytics on converged data platforms, incorporating anomaly detection and machine learning to protect their business in the ongoing fight against cyber-crime.

Contributed by Dale Kim, senior director of industry solutions, MapR