As data multiplies, technology helps tackle more challenging security issues

Machine learning, behavior analytics help organizations stay a step ahead of cyber criminals

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

IT sys­tems have nev­er been more pow­er­ful or acces­si­ble to busi­ness­es. How­ev­er, the scope and scale of cyber crimes con­tin­ues to out­pace tech inno­va­tion.

For years, the chal­lenge for inter­nal IT and secu­ri­ty teams has been to use exist­ing com­pa­ny data to con­struct an inte­grat­ed pic­ture of odd­i­ties and unex­pect­ed actions on their net­work. Recent advance­ments in machine learn­ing and behav­ior or anom­aly-based ana­lyt­ics that lever­age exist­ing enter­prise logs have pro­vid­ed secu­ri­ty teams with much more accu­rate intel­li­gence than ever before.

Relat­ed pod­cast: How machine learn­ing helps plug secu­ri­ty gaps

In the past, secu­ri­ty exper­tise was embod­ied in sig­na­tures, rep­re­sent­ing par­tic­u­lar and spe­cif­ic types of mal­ware. In time, the experts couldn’t keep up, sig­na­tures were out of date or not installed quick­ly enough, and hack­ers began to take full advan­tage. An attack from an employ­ee account is sig­na­ture-less, mak­ing con­ven­tion­al secu­ri­ty approach­es that rely on black­lists inef­fec­tive.

Secu­ri­ty experts quick­ly real­ized that pat­tern patch­ing alone wouldn’t work, so they added rules, such as the cor­re­la­tion rules found in secu­ri­ty infor­ma­tion and event man­age­ment (SIEM). For exam­ple, if an HR employ­ee has been ter­mi­nat­ed and begins access­ing sales data for the first time, some­thing is like­ly wrong, and an alert will imme­di­ate­ly be sound­ed.

Tech­nol­o­gy out­paces analy­sis

As the num­ber of end­points (i.e. mobile devices) sky­rock­et­ed, so did the vol­ume of data to be ana­lyzed by firms, mak­ing it more dif­fi­cult for secu­ri­ty experts to rely on cut-and-dried rules. Existing—not to men­tion expensive—intelligence tools, typ­i­cal­ly some form of SIEM, were sup­posed to pre­dict and detect these types of threats, but were unable to keep up. This left com­pa­nies at an all-time vul­ner­a­ble state for both insid­er threats and hack­ers.

Experts pre­dict a 4,300 per­cent increase in annu­al data pro­duc­tion by 2020 and IDC antic­i­pates that the “dig­i­tal uni­verse” of data will reach 180 zettabytes in 2025 (that’s 180 fol­lowed by 21 zeroes). Thank­ful­ly, open source big data sys­tems have pro­vid­ed a way to col­lect, process and man­age mon­strous amounts of data.

Open source big data tech­nolo­gies such as HDFS and Elas­tic­search enable solu­tions that han­dle petabytes of secu­ri­ty data with ease. This not only allows firms to store a wide range of data sources, but also reduces over­head cost of data stor­age alto­geth­er, which can reach mil­lions of dol­lars annu­al­ly for large orga­ni­za­tions, due to the cost of ven­dor data man­age­ment hard­ware and ven­dor per-byte pric­ing mod­els. Con­se­quent­ly open source big data frees up the bud­get to invest in stronger ana­lyt­ics.

Algo­rithms crunch data

Anoth­er major advance­ment that has for­ti­fied cyber­se­cu­ri­ty tools is machine learn­ing. The method of analy­sis flips the expert approach on its head; instead of requir­ing expert rule-writ­ers to guess at attacks that might come, machine learn­ing algo­rithms ana­lyze trends, cre­ate behav­ior baselines—on a per user basis—and can detect new types of attacks very quick­ly using base­lines and sta­tis­ti­cal mod­els. These sys­tems are more flex­i­ble and effec­tive than any pure expert-dri­ven pre­de­ces­sors.

Tech­nol­o­gy options avail­able to enter­pris­es are at an all-time high, and so are the num­ber of cyber crimes that are com­mit­ted. For­tu­nate­ly, as tech­nol­o­gy has advanced, so has the abil­i­ty to seek out cyber crim­i­nals that may have been vir­tu­al­ly invis­i­ble in the past. User and enti­ty behav­ior ana­lyt­ics and machine learn­ing tech­nol­o­gy con­tin­ue to pro­vide chief infor­ma­tion secu­ri­ty offi­cers with the accu­rate insights they need to thwart attacks before severe dam­age is done.

More sto­ries relat­ed to cyber­se­cu­ri­ty tech­nol­o­gy:
Machine learn­ing picks up where tra­di­tion­al threat detec­tion ends
What is nor­mal? Orga­ni­za­tions use machine learn­ing to fer­ret out data anom­alies
For cyber­se­cu­ri­ty indus­try, it looks like AI rev­o­lu­tion is here to stay