By Allie Philpin
I’m sure we’ve all read about (and some even experienced!) the rise in security breaches over the past few years, much of which is down to the increase in technological advancements, such as social media, cloud computing and online content management. For IT departments and CSOs, this is becoming a big headache and is something that can no longer be dealt with using the favoured traditional approach of SIEM (security information and event management) systems to monitor and deal with ‘known cyber threats’.
Nowadays, there is always a new and deadly virus or unknown malware threatening to infiltrate our systems. Trouble is, once it’s in our networking systems, it can easily stay hidden within the much greater volumes of data that an enterprise now generates; finding it is a nightmare, if you do find it, that is…
Providers of security solutions, in order to combat these issues, have had to start thinking laterally when it comes to security within the enterprise, and more specifically big data. The traditional technologies – firewalls, antivirus software, SIEMs, etc. – are no longer efficient or effective against the increasing tide of security attacks. It’s no longer good enough to just act upon a system alert; it’s often too late and the damage has already been done. The role of the security professional is now much more involved with all of the organisation’s business processes; how the different departments work together, and having a better insight over how the business is structured.
With the rise in big data, there has also been a rise in the technologies available that can assist IT to analyse and monitor machine data, enabling them to quickly identify any unusual behaviour or abnormal patterns which are usually indicators that a malware attack is coming in! However, no matter how good the technology is, people still need to use their intelligence and new business insight to decipher these anomalies. Here are some examples:
• URL strings that are much, much longer than normal which would point to a potential command-and-control malware trying to launch an attack on web protocol.
• A network password being entered superfast, i.e. faster than the human hand, to try and gain access.
• A way-above-normal volume of outbound DNS requests or traffic, which could suggest that an employee’s machine is part of a botnet.
An organisation’s machine data is also one of the best ways of identifying a security breach or malware threat internally, i.e. due to somebody wanting to take intellectual property to a new job! Increasing your levels of security monitoring techniques and posing a series of questions of your data including:
• Users repeated trying to access files that they have access too;
• An unusual change or increase in the type of websites they’re accessing; and
• Use of access ID cards when they are on holiday or ‘out of the office’ for another reason;
… can only help enterprises to quickly identify and repel a wide range of security threats, and using big data intelligently is a way of achieving this.