Connecting the Cyber-Threat Dots Through Big Data

The managed security services market has been in play for more than a decade. Not surprisingly, it continues to show vibrant growth, fueled in part by cloud-related factors. Research and Markets, in a January 2015 report, estimated that market growth will run from $14.3 billion in 2014 to $31.9 billion by 2019 (with a CAGR of 17.3%).

The managed security services market has been in play for more than a decade. Not surprisingly, it continues to show vibrant growth, fueled in part by cloud-related factors. Research and Markets, in a January 2015 report, estimated that market growth will run from $14.3 billion in 2014 to $31.9 billion by 2019 (with a CAGR of 17.3%). Growth for security services touches just about every industry, and all sizes of organizations.

Managed services providers are tasked with marrying expertise in cybersecurity and cloud with big data analytics to deliver comprehensive protection and proactive measures to their clients. Proactive cybersecurity services call for the implementation of far-reaching and sophisticated data and event management technologies and services, to improve the aggregation and analysis of security event big data. Managed security services should address the imperative for integrating many disparate sources, including big data sources, to derive event correlation that can be aligned with other analytics to continuously improve alerts, preemptive processes, and real-time reporting.

Today’s cyber security threats frequently operate as patterns that usually deviate from the expected behavior for most authorized users or for activity on particular devices or IP addresses. To identify and fight such attacks, security teams need technology services that can find and analyze deviant trends. This is a natural fit for big data mining and analytics combined with state-of-the-art cybersecurity programs.

Machine-generated data provides fertile ground for using big data analytics to root out cyber security threats. Machine data lives in the IT infrastructure: network logs, event logs, firewall and security system data, web logs, email logs – anything and everything operating in the infrastructure. But machine-generated data can be quite problematic for aggregation, data mining and analytics. Such data must be processed very quickly, frequently in real-time and usually exists in large volumes that are continuously proliferating. Machine data sources are quite variable, many of which are multi-structured formats that further challenge data mining efforts.

Once data has been extracted from machine-generated sources it can be enriched with other kinds of data to establish context, and elicit patterns and trends related to cyber attacks. Managed analytics services can take on a forensics quality while searching through data for patterns of irregular or unexpected activity. For instance, realtime endpoint forensic data capture and analysis is on the rise to plug yet another hole in systems infrastructure, in order to block data breach entry points.

Situational awareness is another important aspect of fighting cyber attacks. The overarching value of situational awareness is continuously knowing what is going on around the organization, to “instantly” respond to certain events. Big data analytics strengthen situational awareness primarily through fast real-time assessments that can reduce time to decisions and actions in response to potential threats and certain anomalies. These sorts of analytics also require corroboration from subject matter experts, to help make the best decisions based on the data at hand. And this opens up yet another “cybersecurity frontier” for managed services providers where knowledge and expertise are just as important as optimally running technologies.

Image source: platfora.com