Unstructured Data: Threats You Cannot See

Every day, IT security teams are inundated with data, security events, network flows, configuration information, and so on, which then must be collected and analysed for potential vulnerabilities. Your team probably has a solid, established approach or even a documented strategy for doing this. If so, great. But is that enough?

Security teams need to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.

The data collected by most security tools, such as firewalls and antivirus software, is structured, that is, organised in an easily searchable, relational database.

Structured data, however, amounts to only a small portion of a larger, more complicated puzzle. It's the remaining unstructured data that security teams struggle most to collect, analyse, and act upon, and the amount of unstructured data only continues to increase.

Think of how much security data flows from sources you don't control, including the massive swaths of unstructured data living on the Deep Web, from blogs, forums, or bookmarking sites.
 
This unorganised, often text-heavy data accounts for a majority of the Internet's data. IDG believes unstructured data is growing at the rate of 62% per year, and that by 2022, 93% of all data will be unstructured.

How can IT teams keep pace? The answer could lie in cognitive security, the use of big data platforms, data mining, AI, and machine learning to analyse raw data whether structured and unstructured.

But first, let's examine the problem.

Why It Matters

Understanding the magnitude of this issue requires examining the foundation of current security measures. Traditional security focuses on mitigating external threats, perimeter defenses to ward off the bad guys. As such, we often focus our security strategies on firewalls, antivirus software, and secure passwords.

Security innovation has almost always had this perimeter philosophy at its core. However, a myopic focus on perimeter protection severely limits the overall security strategy, potentially rendering it ineffective without complementary, proactive measures in place.

Consider the average IT organisation's reaction to the hundreds of thousands of daily security events. The process for today's security teams involves analysing data from antivirus software and firewalls, and then correlating that data to create a story, which in turn helps inform a solution.

In the process, security professionals are left with mountains of events to manually analyse and execute. Meanwhile, when they're busy responding to old threats, new threats continue to arise undetected. Consequently, the entire team finds itself fighting fires instead of solving or preventing problems. That doesn't leave much bandwidth for data aggregation and analysis.

Unstructured, Untold and Unknown

Next, let's think about how we, as IT professionals, share and consume security information, particularly during a major crisis. The current norm for security professionals is to update websites and social channels to explain how they've addressed a particular security issue and simply hope it reaches all relevant and necessary parties. Take, for example, this year's WannaCry attack.

The first real solution offered to organisations affected by WannaCry was explained via Twitter, by a user known as MalwareTech.

Although certainly helpful, social is by no means a perfect means of circulating widely sought, urgent information to security teams around the world.

Merely posting online assumes that in the middle of a major crisis, frantically busy security professionals are manually scouring the Internet for the information you're providing, something few people have time for in calmer times, let alone when the proverbial sky is falling.

Information sharing is critical to IT security, not only within individual organisations, but in the security industry as a whole. We rely on one another to share information about new and known threats, and often benefit from each other's knowledge and experience.

Unfortunately, the majority of information generated and shared by security professionals about breaches, threats, malware, etc., is unstructured, and thus much more difficult to unearth and apply in real time, particularly during critical security events that require immediate action.

How much time is lost and how much damage done, simply because we lack access to or awareness of viable solutions provided by our industry peers? Or because we lack a strategy for gathering and analysing the flood of unstructured data at our disposal? This is where cognitive security offers vital, immediate benefits.

Welcome to the Cognitive World  

A cognitive approach uses AI, data mining, and machine learning technologies to parse through thousands of security feeds and data sources, including the low-key, often invisible world of white- (and black-) hat bloggers and discussion forums, to aggregate and analyse unstructured and structured security data.

Meanwhile, a security professional works to perform predictive data analysis, ultimately training the system on best practices, organisational policies, and more.

Over time, the system begins to learn on its own, including how to prioritise events and recommend responses. While cognitive security cannot replace existing security tools, antivirus software, for instance, or intrusion prevention systems, the data generated can be plugged into traditional perimeter defenses. As a result, IT pros gain a better understanding of their data's meaning and how to convert insights into action.

Beyond the Perimeter

Unstructured data will only continue to proliferate. It's time to get ahead of it so that security teams can better locate analyse and respond to threats. That requires thinking beyond the perimeter and embracing security technologies that will bolster traditional defenses and provide a more proactive, intelligent security strategy.

Dark Reading:        Datamation

You Might Also Read: 

Transforming Your Database:

How To Keep Your Business Data Safe:

Get Your Data Strategy On Board:

 

« Poor North Korea Is A Cyber Superpower
AI: Experts Talk Ethical & Security Concerns »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

Dreamlab Technologies

Dreamlab Technologies

Over the last 20 years, Dreamlab Technologies has established itself as a source of constant innovation within the information security landscape.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

RCMP National Cybercrime Coordination Unit (NC3)

RCMP National Cybercrime Coordination Unit (NC3)

As set out in the Government of Canada's National Cyber Security Strategy, the RCMP has established the National Cybercrime Coordination Unit (NC3).

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

Offensive Security Manager (OSM)

Offensive Security Manager (OSM)

Offensive Security Manager is the ultimate AI software that will enforce offensive security automation, orchestration, coverage, ensure quality, and lets you manage whole process.

SyberFort

SyberFort

SyberFort offers a suite of SAAS-based platforms designed to fortify your digital defenses including Threat Intelligence and Brand Protection.

Right Hand Technology Group (RHTG)

Right Hand Technology Group (RHTG)

Right Hand Technology Group is a premier provider of IT services specializing in cybersecurity, managed IT solutions, and compliance.