Page 24 - Cyber Warnings
P. 24
Leveraging Big Data
There is no shortage of security data available. A vast amount of data in unique formats is
available across organizations. The challenge is to harness it before attackers gain access to
critical data. As you attempt to counter insider and cyber-attacks, consider how you establish a
baseline. This should consist of a model of normal behavior of applications, users, systems and
other assets so that anomalies can be early indicators of attack. Security and threat intelligence
with big data analytics helps organizations take advantage of the large volumes and wide
variety of data streaming across the organization in order to anticipate and predict threats. Then
act on predictive analytics as well as surface threats. It allows organizations to analyze
constantly shifting data in motion and perform sophisticated analytics on captured data.
Turning the Tide; Think like an Attacker
A recent survey reports that two-thirds of respondents are assessing new endpoint solutions to
supplement or replace their existing endpoint defenses. But what new endpoint defense is really
effective against these more sophisticated attacks? How can CISOs and CIOs improve their
companies’ defenses, detect threats faster and more accurately, and contain attacks before real
damage is done? When security experts say think like an attacker they are encouraging
penetration testing activities to identify weaknesses in your security systems. However, to be
truly effective in thwarting targeted attacks, we need to go a step further. We need to get into
the mind of an attacker and understand their goals, tactics, and techniques – in essence, their
behavior.
Throughout their training and operational experience, military commanders are taught to turn
the tides around in order to understand any situation from the perspective of their adversary. By
doing so, one can begin to understand the adversary’s strengths and weaknesses and
formulate actions and defenses backed by this insight. In the cyber domain, the same strategy
is beneficial when defending digital assets.
By venturing over to the dark side, security experts can better understand the goals, techniques,
tools, and targets of hackers. With that cyber intelligence, and a better understanding of the
attacker’s advantage, they can help their organizations identify unknown threats that are missed
by legacy defenses and respond more quickly and effectively to get between the attacker and
the asset or between the asset and the exit.
While this method is unquestionably what’s needed to counter today’s targeted attacks, it’s
impractical to think that hiring tens or hundreds of specially trained and experienced cyber
security experts is the answer for an already constrained organization. How then can an
organization harness this type of intelligence to protect its digital assets from threat actors?
Use Analytics to Turn the Tides
Very few enterprise security teams have the resources to provide 24/7 monitoring needed to
detect and analyze threats across their various systems. An automated big data threat analysis
24 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
