Big-data analytics is making IT security a reality

Posted on March 19, 2015 12:01 am

Public and Private organizations are facing sophisticated security threats.The source of such attacks remains contentious but i’ve no doubt that nation-state attacks and well-funded cyber criminals are involved. Would it be great to be IT security professional in this day and age? Think about it. The existing detection-only defenses are stuck in the present and as a matter of fact is that they conduct inspection at a single, initial point in time and they have no memory. In one case, they allowed through anything they couldn’t recognize immediately as a threat, and forgot that the file ever existed. Capitalizing on such limitation, advanced malware writers have innovated and continues to use a variety of techniques to obscure malware and make it much harder to initially detect. Security threat landscape continues to develop on a every now and then, as malware authors and cyber criminals progress in the complexity and depth of attacks they push out. Sadly, organizations are ineffective in fending off such threats, simply because their approach is not evolving as quickly as threats are.

It therefore comes as no surprise that there is always an increase in detected security incidents including in 2014.These are key reasons why businesses and organizations have a feeble approach to security. Many security products have evolved only as point solutions to point problems. Those of us who’ve aged in the industry knows that antivirus software was developed because viruses popped up on our computers while firewalls were created to lock out attackers attempts to break into networks. To detect, understand and stop these increasingly evasive threats, Organizations need new tools and techniques that enable them to always watch, never forget and then take action should a file be determined to be malicious at a later time. While such approach have worked, attackers have come too far, too fast. There are so many new emerging threats that organizations are unable to keep up even by adding more security layers. The result is that businesses spend too much money, time and resources to research, purchase, understand and deploy products that ultimately fail to address their needs. As organizations try to make sense of disparate tools available in the market, systems which gather, organize and display alerts from several products are emerging as safe bet. The downside is that such solutions still requires IT professional to go through data in search of a real danger.It takes time and resources as many organizations become plagued with false positives and even worse, false negatives that result in  IT professionals failing to notice the connection amidst all the noise.

In effect, Organizations need to be able to turn back clock. Technology has advanced to make this possible especially big data-powered continuous capability and retrospective security as Big data adds ‘memory’ to security. The widespread availability of affordable storage capacity and processing power, along with sophisticated data-mining techniques, means Organizations no longer have to discard files that aren’t recognized as threats upon initial inspection.Retrospective security uses this continuous capability to let Organizations, in essence, retrospectively identify which devices have been exposed to malware as well as the point of entry and prevent reinfection, automatically.I am one of those who believe the next generation of security has to be comprehensive, simple and coordinated.Businesses are facing the problem of inconsistent and uncoordinated security.Lack of consistency helps explain failure of technology to adequately protect against coordinated attacks.It is critical for security professionals to enforce policies consistently throughout their organizations. Products focusing on endpoint protection do not know what encryption or network firewall product is doing which results in malware and advanced threats slipping through the gaps, exploiting the lack of coordination.Me thinks solution is for technologies to work together, communicating and collaborating across products to better identify and respond to threats.To effectively protect organizations against modern threats, all these issues have to be addressed.

Contador Harrison