Many companies don't apply data analytics tools to IT security processes. But commentators at a SAS conference said doing so could help them identify and stop security threats.
As more and more information becomes digitized, protecting computer networks has never been more important -- or difficult. For example, when hackers broke into Target's network in late 2013 and made off with a trove of credit card data, they initially gained entry using system credentials stolen from a heating and ventilation contractor who did work for the retailer. Stories like that are likely to become even more common in the years ahead.
But businesses might be able to avoid the business losses and bad publicity of breaches by working to identify and block security threats through data analytics. Speakers and attendees at software vendor SAS Institute Inc.'s 2014 Premier Business Leadership Series conference in Las Vegas last week described some of the ways that analytics can help head off security breaches and why they think now is the time to bring together big data and security analytics processes.
"I'm not sure enough businesses are investing in the right things," said Ray Boisvert, president of I-Sec Integrated Strategies, a consultancy in Grimsby, Ontario. "Most generals fight the previous war. We're seeing the same thing in cybersecurity."
Boisvert said many businesses are still relying primarily on firewalls that are designed to prevent any and all penetrations into their networks. The problem, he added, is that it's a relatively archaic approach developed decades ago. Threats have grown much more sophisticated now, and it is virtually impossible to guarantee the total security of a network.
Data analysis keeps an eye on intruders
That's where analytics comes in. Boisvert said he feels comfortable with having intruders in his clients' networks as long as he knows they're there and can see what they're doing. By analyzing network data for anomalous activity, such as exceptionally large data requests from a single source, businesses can accurately predict and identify malicious attacks, he said.
Numerous software vendors offer security analytics products, but Boisvert cautioned that there are a lot of "snake-oil salesmen" among them. Many products have relatively limited analytics capabilities and fail to deliver the level of protection they promise, he said. In addition, he advised that choosing software should be part of an overall organizational strategy for developing analytics-driven security capabilities. "You have to look at cybersecurity as the heart of your business. Look at it as an entire enterprise approach," Boisvert said.
As part of that enterprise approach, businesses need to analyze network data in real-time to detect and eliminate threats before they can do harm, said Jim Davis, executive vice president and chief marketing officer at SAS. He said there's little point in identifying breaches that happened a month or two ago. By that point, the hackers have already made off with and likely used customer credit card information or other sensitive data, according to Davis.
Given the increasing availability of security analytics tools and the ever-growing threats that companies face, Davis said it's time for more businesses to get their acts together and make security analytics a top priority. "There's no reason we can't do this," he said.
Fertile ground for security analytics
Jack Phillips, co-founder and CEO of the International Institute for Analytics, a research and consulting firm in Portland, Ore., said he expects the market for security analytics software to increase in the next couple years. Because threats are growing, more businesses are seeing security and big data analytics as fertile ground for preventing breaches, Phillips said.
But one problem, he added, is that most of the software available now is geared toward threat detection. While that capability is helpful and a step up from the actions most organizations are currently taking, threat prediction is what they really need, he said. "The bad guys are way ahead of the good guys, and the threat landscape continues to move out."
For businesses that fail to secure their networks, though, the costs could be severe. Boisvert said costs associated with remediating security problems, such as malware left behind by network intruders, continue to increase. Then there's the reputational harm that can come from a breach, which can be hard to quantify in dollars.
Given the level of the threats and their potential ramifications, and the amount of data that organizations are generating and collecting, blending big data and security analytics has never been more important, Boisvert told conference attendees. "So many companies have so much of their information out there that they don't even realize it's been stolen," he said.