Sergey Nivens - Fotolia
Big data analytics is a useful tool for enabling organisations to become more resilient in the face of increasing cyber attacks, according to a software market analyst and IT consultant.
“A recent survey found that 53% of organisations that are using big data security analytics report a ‘high’ business benefit,” said Carsten Bange, founder and managing director of the Business Application Research Center (Barc).
“The survey also found that 41% reported a ‘moderate’ benefit and only 6% said benefit was ‘low’, so there is fairly strong evidence of the business benefits of big data security analytics, ” he told Computer Weekly.
While adoption across the board is still relatively low, more than two-thirds of the more advanced companies surveyed are adopting advanced big data security analytics technologies, such as user behaviour analytics, the Barc survey revealed.
The more advanced companies, which classified themselves as having “much better” skills and competency in security analytics than their companies, represented 13% of the total sample, with 68% saying they have deployed user behaviour analytics.
“Of the 87% who did not consider themselves to be in the more advanced group, only 27% have deployed user behaviour analytics,” said Bange.
User behaviour analytics can help improve an organisation’s cyber security resilience, he said, by tracking user behaviour across all IT systems, for example, to identify whenever there are significant deviations from normal behaviour to warn of potential malicious activity.
“There is nothing new in being able to identify patterns of behaviour – most of the analysis techniques are 30 to 40 years old – but now we are able to apply them to extremely large data sets across multiple information technology systems,” said Bange.
“Organisations need to know there is now the technology to support this kind of analysis that can be very beneficial in the field on information security. It can enable organisations to become more resilient through data-driven security decision-making, planning and incident responses,” he said.
Because attackers do things like inject malcode into legitimate processes using a technique known as process hollowing and deploy other deception techniques, Bange said big data security analytics is not a panacea.
However, he said it is a useful tool to add to an organisation’s arsenal of defence measures to detect unknown threats and use in conjunction with other intrusion detection technologies. He added that all attackers have a goal, such as sending data outside an organisation.
“When they go in pursuit of that final goal, that is usually when they have break cover and behave in a way that is abnormal for legitimate users, which will be picked up by user behaviour analytics technologies,” he said.
Although advanced attackers may find ways around user behaviour and other analytics systems, Bange said research shows that in the main, better analysis of security log data and other security system data does provide useful insight for improving organisations’ cyber defence capability.
Read more about security analytics
- Expert Dan Sullivan compares how the top-rated big data security analytics tools measure up against each other to help you select the right one for your organisation.
- Analytics must form part of a comprehensive defence-in-depth strategy, according to Ciso Vickie Miller at software firm Fico.
- Recent months have seen an uptick in announcements by security suppliers around behavioural analytics, but what is driving this trend?
- A six-hospital NHS Foundation Trust is using real-time IT analytics to deliver quick responses to security and other incidents to ensure high availability and security for all its IT services.
Organisations that are developing an in-house big data security analytics capability are not in any particular industry sectors, he said, but they do tend to be larger organisations as these typically have more money, skills and other resources.
“The basic technologies to integrate, store and analyse data exist and are reasonably mature, but applying that capability and building systems around it – particularly in a security context – is where development is taking place and more organisations should focus their attention,” said Bange.
Smaller companies, however, are also benefiting from a big data security analytics approach to understand what is happening in their IT environments in real time, as well as being able to make predictions about the future by accessing services through managed security service providers (MSSPs) or cloud service providers.
Bange is to discuss big data security analytics and the results of the Barc survey in more detail in his presentation entitled “How Big Data Technology can help Increasing Cyber Attack Resilience” at the European Identity & Cloud Conference 2016 in Munich from 10 to 13 May 2016.