It can be painful for an organisation to admit that their systems have been breached by a cyber-criminal. However, as cyber-attacks become more aggressive, it is essential that data on cyber-criminality is shared and analysed. It may be that sharing this data, even among competitors, will be the key to protecting our most sensitive information.
Big Data has become a dominant topic in discussions of Internet security today. It has an enormous potential to help security providers predict threats rather than simply reacting to breaches in progress. As the tables are turned and organisations begin to collect data on bad actors, the potential for stopping cyber-attacks before they even begin is enormous.
The idea is simple – cyber-criminals are becoming more and more organised, and sharing data among themselves. To combat this aggressive approach, the answer is to beat them at their own game. Organisations need to share data collected from breaches with each other and with governing authorities. Although this practice is beginning to take hold, it is essential that the data shared stays secure as well.
Though Big Data can sometimes seem like just another hot button buzz word, the collection and analysis of data created during cyber-criminal activity is invaluable to the fight against cyber-attacks. Just as it is important to differentiate data collection for company growth and development, the type of data collected can also help protect companies and their sensitive information. With a rapidly evolving threat landscape and ever-tightening budgets, it can be difficult for in-house IT departments to keep up. Knowing what to look for within the pools of data collected can help shift the battle for data security in favour of the good guys.
Dr. Tamer Aboualy, CTO, Security Services, IBM Middle East & Africa, helps to point out the important things to look for when fortifying a company’s data security. “To successfully navigate security issues and establish cost-effective protection,” he explains, “it is necessary to understand the nature of vulnerabilities and how threats target them.” This means, of course, staying up to date with the latest threats and tools that potential bad actors may use implement attacks.
Aboualy continues, saying, “Security vendors collect vital security data like IP reputation, URL health, vulnerability insights, and application risk scores to provide customers with a comprehensive evaluation of global threat conditions and detailed analyses tailored to the unique needs of each customer’s environment.” By sifting through data lakes and selecting the information vital to the specific needs of a company’s clients and customers, an enterprise can find better, more effective data security.
Big Data analysis can provide great insight on how to best secure sensitive data, however, it is essential that the collection process and access to that data are secure as well. Sebastien Pavie, Regional Sales Director, MEA, Gemalto explains, “Using strong authentication solutions to ensure the correct people have access to the data is a prerequisite to using Big Data.” To go one step further, he continues, “Sensitive data should be encrypted so that data is rendered useless in the event of a breach.”
Even with the most effective security measures in place, problems can still occur. “IT decision makers need to take into account that if someone is motivated enough they will breach a network, no matter how well it is protected,” says Pavie.
Securing and encrypting Big Data is certainly a critical step, but how to use the information collected to increase security for both company and client is an equally significant task. Tareque Choudhury, Head of Security, BT Middle East and Africa, adds, “By having the majority of an organisation’s platforms send their logs to a centralised platform, Big Data techniques can be used to understand attack trends and types in a rapid fashion.”
Companies that can effectively use Big Data have the opportunity to not only predict potential threats, but to defend more effectively against them. Aboualy explains, “By integrating Big Data analytics with existing security intelligence solutions, organisations can keep safe, anticipate new attack vectors and act before it’s too late.”
Big Data offers companies an opportunity to build a better offense in the fight against cyber-threats. This is an invaluable tool in a business landscape that continues to move towards cloud integration. As Essam Ahmed, Director System Engineering, FireEye, Middle East, Turkey and Africa, explains, the way each company utilises this information is going to vary from vendor to vendor. “All the Big Data vendors have proprietary ways of ingesting, understanding and enriching this information to help customers get a sense of what is really going on and help them improve their security visibility for their business,” he says, adding, “Ultimately,the information should be able to address several questions: have I been attacked? If so when? How? What’s the impact? How quickly can we contain the attack?”
Intelligence has always changed the tide of war, and in the fight to secure sensitive data, companies find an invaluable ally in Big Data when collected and analysed correctly. The ability to know when, how and where an enemy attacks gives companies the tools to strengthen their security networks and protect their data with increasing effectiveness.
Increasingly, private businesses and public entities are joining forces to share and analyse cyber-security related data. Organisation in the collection and sharing of this important information is vital to the success of its effective use. Companies need to keep abreast of effective centralised platforms for collection and sharing information among security vendors and authorities.
To this end, Essam reveals that there are several centralising platforms currently being utilised by the industry. “Probably the largest, “ he explains, “is Virus Total, which allows security vendors and researchers to track malicious code across the industry.” Most cyber-threats are not singular in nature. They will seek out and find the weakest link in any system, throughout an entire industry. Therefore, these collaborative platforms are key in the battle against potential threats and breaches.
As Big Data continues to grow, so does the ability for companies to strengthen security measures by sharing information. “Intelligence sharing is expanding rapidly across the world,” Essam says. “There are numerous data-sharing programs sponsored by governments.”
Simon Bryden, Systems Engineer, Fortiguard, Fortinet agrees stating, “Collaboration is very important, and information is regularly shared between vendors and other organisations. Associations such as the Cyber Threat Alliance allow different vendors to share intelligence to provide the maximum level of protection for the customers of each. It’s a win-win situation.”
Bryden goes on to explain some of the techniques used to process through Big Data that might reveal information about cyber-threats and the bad actors who make them. He says, “The collected data includes detection of exploits, malware, web requests and email spam. These detections can be analysed using Big Data techniques, allowing correlations to be observed, such as an email campaign linked to a family of malware. This kind of correlation is essential for tracing the origin of attacks and providing links between different incidences and ultimately attribution to a particular threat actor.”
Aboualy explains, “First, it lowers risk, helping users to understand potential threats before they happen and to act in real time. Second, it helps detect fraud, identifying baseline behaviours and immediately highlighting anomalies when they occur. Third, it monitors the organisation’s security status at all times. This intelligence allows users to react in order to prevent crime.”
Big Data offers companies unprecedented fire-power in the war on cyber-threats. The ability to collect, analyse and ultimately share data on threat actors and the continuing array of threats is an invaluable resource to companies and consumers that will ultimately make the digital world a safer place.