Data breaches are occurring with greater frequency than ever before and have increasingly devastating effects on everyone from small businesses to Fortune 500 companies to the federal government. The 2015 Verizon Data Breach Investigations Report found that 85 percent of data breaches are not detected despite the significant security measures that organizations have put in place.
Focusing solely on threat prevention or adopting passive, reactionary approaches to threat-management monitoring are no longer acceptable. But by adopting the same big data and analytics strategies currently in place throughout the enterprise, companies can transform the way they protect their networks and sensitive data.
Hackers Hide in Big Data
Every action on your corporate network is tracked somewhere. Enterprises collect massive stores of log data on events and actions of systems, files, and users on the network. There are infrastructural demands, of course, and processes that need to be in place for efficient querying of this data. That is where solutions that monitor processes and movements based on big data come in. These solutions help identify anomalous activity as it happens and, ideally, before data are compromised.
By analyzing all activity, they establish baselines for normal user activity on a network. Whenever an account veers too heavily from typical activity patterns, security teams are alerted and can focus in on monitoring that activity for any risks. Security teams deal with countless alerts every day. Instead of wasting time investigating each one, most of which are harmless, they can dedicate their time to looking further into those alerts that are specifically associated with anomalous activity.
A report of the 2014 data breach at the U.S. State Department detailed an ongoing attack that took months to detect and even longer to control. Tens of millions of records were compromised in the breach. It’s clear based on the State Department attack and the thousands of other attacks plaguing IT teams throughout the private and public sectors that existing security procedures aren’t enough. Protecting the perimeter with even the strongest of firewalls won’t keep a cybercriminal with a unique malware signature from gaining entry to the network.
Bolstering security with solutions to improve threat management, as well as hiring the necessary talent, including data scientists and professionals with expertise in platform support and security, makes user-behavior analytics (UBA) an effective method of detecting and stopping ongoing threats.
Analytics Give Context to Behavioral Data
UBA solutions measure a number of things related to network activity. After they establish baselines for behavior, they compare an account’s activity against its peers help point to anomalous activity. However, that’s only half of the story. Currently, security protocol is about responding to alerts as quickly as possible, but without much context. This is problematic in terms of both time and accuracy. Investigating false positives costs security personnel a substantial amount of time. Moreover, it’s time not spent targeting the real threats.
Alerts must be examined in their contexts to help reduce false positives. Analytics can provide security teams with contextual evidence to eliminate time spent looking into false positives to conserve resources – and keeps the focus on malicious activity.
UBA tools also bring machine learning into the security paradigm. Complex data-mining processes applied to VPN and activity logs detect developing problems in infrastructure access from compromised accounts. Use of database and file-level access logs detects more granular threat activities by identifying anomalous activity related to specific accounts and assets.
Each aspect of the process adds a new layer to threat management. What’s more, the algorithms built into UBA tools are always learning and getting smarter to help businesses deal with evolving threats. Cybercriminals get smarter every day. It only makes sense to employ solutions that do the same.
Focusing only on preventing attacks made sense years ago. However, the modern threat landscape calls for a modern approach to security. Arming teams with the tools to protect networks, alert users to breaches, and minimize the fallout caused by an attack prepares them to address the risks most prevalent today.
Threats evolve constantly, and companies need to keep up with the rapid pace of that evolution. Without a paradigm shift, the volume and scope of data breaches will only increase. Making security a big data and analytics endeavor gives a team what it needs to truly protect its company.
Derek Lin is chief data scientist at Exabeam. He is a seasoned data scientist passionate in the art of building data-driven defense against cyber threats and frauds. He also enjoys solving challenging big data problems in enterprise IT operations. His current and prior machine-learning research experiences include behavior-based security analytics such as malware detection and insider threat detection, risk-based on-line banking fraud detection, data loss prevention, voice-biometrics security, and speech and language processing. Derek is an experienced leader in directing teams of data scientists to perform POCs, core research, and product development.
Subscribe to Data Informed for the latest information and news on big data and analytics for the enterprise.