Big Data & Predictive Analytics Can Identify Cyber Risks

Uploaded on 2016-03-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments, TECHNOLOGY--Resilience

Framework for big data and analytics for semiconductors manufacturing.

In today’s fast-moving, dynamic digital environment, there is no crystal ball that can tell you the form or target for the next cyber attack.

The IT product development cycle has become so fast and centered on functionality that security is rarely in focus. Most developers assume that the layers upon which they build provide the necessary security. Unfortunately, the platforms upon which most of these systems have been built are porous, and attackers are actively looking to exploit the holes in these systems at all levels.

Since the form or morphology of these attacks can change so dramatically between iterations, CISOs must assume that some will succeed even as they continuously strengthen their defenses and strive to handle the volume of alerts generated by their current tools. In fact, it is best that CISOs assume it’s a case of “when we get hacked, not if.”

Big data and predictive analytics show great promise when it comes to cyber defense because of their ability to transform massive amounts of data into actionable intelligence. Predictive indicators can identify new emergent risks before they result in significant losses and help your security staff deal, with alert overload.

Today’s cyber criminals have learned that snatch-and-grab attacks, where they attempt to quickly steal large amounts of data from a network, are easily detected by network defenses such as firewalls and anti-virus, which will effectively shut down or quarantine access. Therefore, criminals have evolved a more patient approach, constructing layered software that is designed to steal small fragments of data over a longer period of time.

Because many of these pieces of software are disguised as commonly used formats, jpg and pdf for example, they often can go undetected by many systems. The industry average before a network breach is detected stands at around 200 days. The result for the victim is death by a thousand cuts.

Predictive analytics can detect these data anomalies early on, looking for new patterns of data access, including hidden data that is being exfiltrated into another format and/or encrypted to avoid detection. By finding these anomalous patterns, predictive analytics help reduce a company’s overall risk exposure by limiting the amount of time that it’s inside the network.

Managing Cyber Alerts Effectively
One of the most common issues that CISOs face in regards to cyber security is “alert fatigue,” which results from the sheer volume of the alerts generated by cyber defense systems during the course of a given day.

With predictive analytics, risks are evaluated and ranked on a sliding scale of importance. If suspicious or malicious behavior is suspected, the analytics engine alerts the right people about the suspicious behavior, ranking it from highest to lowest risk. Leveraging vast amounts of data, but processing it efficiently, ensures predictive analytics can provide real-time responses in contrast to older approaches that are time-consuming, inefficient and expensive.

Predictive analytics are not perfect, however, and the desire to go unobserved causes cyber criminals to mimic normal behavior if possible. Therefore, managing the predictive analytics process requires an organization to handle the false positives and false negatives that are generated during the threat surveillance process.

On one hand, the system must have a very low tolerance for false negatives since missing active threats can lead to the disaster we’re trying to avoid. Conversely, they need to determine how many false positives have been received to ensure that neither the system nor the people are overburdened.

Alternatively, it cannot be too restrictive as to block out legitimate traffic, i.e. customer e-mail, etc. which can lead to reduction in profits or customer service. It is a balancing act, and how you manage the process is crucial to obtaining the best results.

With limited resources, organizations need to identify the most severe cases first by prioritizing alerts based on potential impact and then handling all alerts efficiently. One approach is to have levels of security analysts with different skill levels.

First level analysts should try and handle an alert in five minutes, otherwise escalate it to the experts who can distinguish a targeted attack from a generic attack. This way, critical resources are freed up so that organizations are only engaging the most valuable assets on the most important threats. Businesses must address both known and unknown (emergent) risks when developing a cyber defense program. Once risks become “known,” a standard form of defense should be constructed. Companies need to save their most skilled resources for discovering the “unknown risks” and defending against them.

Using predictive indicators to detect the unknown risk is incredibly challenging, but by assessing losses and anomalous behaviors, businesses, along with their partners, can use big data to solve big problems.

Information-Management: 

« Great Wall: China Bans Foreign Online Publishing
IT Spending Predicted To Slow »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Information Commissioner's Office (ICO) - UK

Information Commissioner's Office (ICO) - UK

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

Applause

Applause

Applause provides real-world software testing for functionality, usability, accessibility, load, localization and security.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

Open Cloud Factory

Open Cloud Factory

Open Cloud Factory is a European based security company, that strives to ease the pressure on IT managers, by providing tools to implement your Security Strategy in an effective and easy manner.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

CyberAI Group

CyberAI Group

CyberAI's mission is to pioneer the evolution of the cybersecurity landscape globally, by strategically acquiring and elevating IT consulting firms into leaders of cybersecurity innovation.

CyVent

CyVent

CyVent helps you select the right cybersecurity solutions at the right price for your unique situation, without the need to invest endless time evaluating the ever-evolving options.

Sensfrx

Sensfrx

At Sensfrx, we are dedicated to revolutionizing the landscape of online fraud prevention.