Countering Cyber Attacks with Big Data and Analytics
Organizations are challenged today as never before to protect their information assets, as well as the underlying networks and services that gather, store, process, and transmit this information. The same better, faster, cheaper information and communication technologies (ICT) that promise to make organizations more successful also present new means, motive, and opportunity to those who would steal information and use it for their own purposes. The most malicious actors are laser-focused on expanding and monetizing their hacking exploits; while legitimate organizations need to balance their security concerns among their other important objectives.
Most organizations deal with attacks, for the most part successfully, on a number of fronts. For example, they manage end user access to applications and data stores, with authentication and authorization controls. Networks are secured by virtue of tunneling and encryption protocols, and through the use of firewalls, gateways and intrusion detection systems. Many large enterprises also have built, or contracted with service providers to operate, 24/7 security operations centers (SOCs), equipped with security information and event management systems (SIEMS), and manned by trained personnel.
Unfortunately, current security solutions are simply not sufficient to protect organizations, especially from cyber-attacks based on advanced persistent threats (APTs). These attacks are typically triggered months after hackers compromise legacy security systems, infiltrate corporate networks and gradually gather the credentials they need to steal the target data.
Meanwhile, well-meaning industry associations and government regulators have muddied the waters, issuing policies and compliance certifications that assuage stakeholder concerns without actually stopping these high-profile data breaches. As disturbing as it is to consider how easily existing vulnerabilities continue to be exploited, and how much information has already been stolen, there is every reason to hope that advancements in ICT can become part of the security solution, rather than another vector subject to attack.
Table Of Contents
Countering Cyber Attacks with Big Data and Analytics Countering Cyber Attacks with Big Data and Analytics
Table of Contents
Executive Summary 4
Why Is Enterprise Security So Complicated? 6
How Can Big Data and Analytics Be Used to Improve Enterprise Security? 7
Big Data and Analytic Technologies for Heterogeneous Data 8
Data-Oriented Challenges in Enterprise Security10
Improving Threat and Vulnerability Intelligence 11
Next Steps for Buyers and Sellers17
The Last Word18
List of Figures
Exhibit 1: Big Data and Analytics Basic Value Proposition 4
Exhibit 2: Common Enterprise Security Controls and Their Vulnerabilities 6
Exhibit 3: Simplified Big Data Analytics Reference Architecture 9
Exhibit 4: STIX Nodes and Edges 12
Exhibit 5: STIX Utilization for Threat Assessment and Mitigation 13
Exhibit 6: Solutionary's ActiveGuard Platform 14
Exhibit 7: Recorded Future's Event Processing 15
Exhibit 8: Recorded Future's Web Intelligence Engine Architecture 16