Cyber criminals are continually seeking new and sophisticated ways to access health, financial, and other protected data.
One risk that has emerged in recent years is the advanced persistent threat (APT), in which an unauthorized person gains access to a restricted system for a long period of time with the intent of committing ongoing data theft or destruction.
To combat APTs, information security professionals need to move beyond threat detection and response. New and sophisticated security analysis tools, software, and experts are needed. This is where big data comes in.
How can big data promote information security?
Big data refers to the large volume, variety, and velocity of information that is created every day by enterprises of all kinds. It provides unique opportunities to use ongoing analysis to address the specific challenges of APT.
A 2015 report by IT research and strategy firm Enterprise Strategy Group calls for information security tactics that leverage big data to combat today’s most dangerous cyber threats. According to the ESG report, this approach, named analytics-driven cybersecurity, improves enterprise cybersecurity in four important ways:
- Casting a wider net on relevant data. Collecting data from a wide variety of sources, making data available to all members of the security group, and conducting historical analysis can help address the ways in which multidimensional attacks can cross numerous systems, networks, and files.
- Enhancing data to add context and make it actionable. Security teams need the ability to tag, index, enrich, and query data elements to get a wider perspective for threat detection and response.
- Using a wide-angle data lens. To investigate systems, protocols, network traffic, and historical timeframes, security teams need to shift from one data element to another using any data field or value. This perspective makes it possible to follow the evidence from field value to context, and trace the steps attackers have taken.
- Improving usability. For security teams to effectively query and understand data, a simple user interface and search-based access to data is a must. Systems should permit dashboard and report creation and offer visual analytics to provide a view of relationships and historical trends.
Analytics-driven cybersecurity gives organizations an effective way to make data work in service of information security. By helping analysts take a big-picture, historical look at systems, networks, users, and activities, security teams can find and combat attackers who have already penetrated secure information systems.
Capella University’s information cybersecurity degree and certificate programs can help prepare you to create secure systems, analyze data, and combat cybercrime.