In a previous blog post we highlighted the importance of big data and analytics in the eternal fight against cybercrime. SAS has been working hard to turn their experience solving complex business analytics challenges to the detection of suspicious network activity. This has led to the creation of SAS Cybersecurity, a solution that will be generally available by the end of 2015.
One of the major forces in SAS’ Cyber Security is Senior Business Director Stu Bradley. In a recent Insights article, he shed his light on cybersecurity intelligence and the need for big data and analytics in the evolving cybersecurity world. We will share some highlights here.
On the growing complexity of cybersecurity: “Before you can protect data, you have to know where sensitive data is. For many organizations, that often sounds easier than it is. With the growth of the Internet of Things (IoT) and bring your own device (BYOD) policies, there are so many additional ways into an organization’s network. The volume and variety of devices connected to the network, plus the extension of the network to third-parties like contractors and partners, gives attackers more entry points than before. Organizations are only as secure as their weakest link. Plus, you can’t overlook human error and carelessness. That’s something that will always be an easy target for hackers.”
On the limitations of traditional cybersecurity tools: “These individual solutions don't integrate data, and thus don't create the necessary context at an enterprise level that's required to better mitigate cyber risk. In addition, many traditional methods are based on rules or signatures and only prevent against known threats. What’s needed is something that can capture the in-between phase, when the attacker is in the network gathering information. This is where behavioral analytics monitoring the network in real time can play an important role.”
On the need for preventive analytics: “In many large-scale cyberattacks, attackers were in the organization’s network for weeks or months. Behavioral analytics – particularly those that understand not only network interactions but the business relevance of those interactions – can help find those movements and patterns that may indicate malicious activity. The analytics should be performed in real time to give the organization immediate situational awareness that allows it to take fast action and mitigate any potential risks that arise.”
On the need for big data analytics: “Behavioral analytics and frameworks like Hadoop can help improve security at a much faster rate. Ultimately, big data analytics can help organizations learn more about attackers’ activities than attackers know about organizations’ networks.”