How Cybersecurity Analytics Are Evolving - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management // Big Data Analytics
Commentary
2/23/2017
11:05 AM
Lisa Morgan
Lisa Morgan
Commentary
Connect Directly
Twitter
RSS
50%
50%

How Cybersecurity Analytics Are Evolving

Cyber security continues to be an arms race as organizations race to protect against new kinds of attacks. Here's how analytics IS making a difference.

As the war between the black hats and white hats continues to escalate, cybersecurity necessarily evolves. In the past, black hats were rogue individuals. Now they're hactivists, crime groups, and hackers backed by nation states.

"Hackers have gotten a lot more sophisticated," said Sanjay Goel, a professor in the School of Business at University of Albany. "It used to be they'd break into networks, do some damage, and get out. Now they have persistent attacks and targeted execution."

Hackers are automating attacks to constantly search for vulnerabilities in networks. Meanwhile, fraudulent communications are getting so sophisticated, they're fooling even security-aware individuals. Analytics can help, but nothing is a silver bullet.

Moats Are Outdated

Organizations used to set up perimeter security to keep hackers from breaching their networks. Since that didn't work, firewalls were supplemented with other mechanisms such as intrusion detection systems that alert security professionals to a breach and honey pots that lure hackers into a place where they can be monitored and prevented from causing damage.

Those tools are still useful, but they have necessarily been supplemented with other methods and tools to counter new and more frequent attacks. Collectively, these systems monitor networks, traffic, user behavior, access rights, and data assets, albeit at a grander scale than before, which has necessitated considerable automation. When a matter needs to be escalated to a human, analytical results are sent in the form of alerts, dashboards, and visualization capabilities.

"We really need to get away from depending on a security analyst that's supposed to be watching a dashboard and get more into having fully-automated systems that take you right to remediation. You want to put your human resources at the end of the trail," said Dave Trader, chief security officer at IT services company GalaxE.Solutions.

Predictive analytics analyzes behavior that indicates threats, vulnerabilities, and fraud. Slowly, but surely, cybersecurity budgets, analytics, and mindsets are shifting from prevention to detection and remediation because enterprises need to assume that their networks have been breached.

"All the hackers I know are counting on you not taking that remedial step, so when there's a vulnerability and it's a zero-day attack, the aggregator or correlators will catch it and then it will go into a ticket system so its three to four days before the issue is addressed," said Trader. "In the three to four days, the hackers have everything they need."

Why Break In When You Can Walk In?

Fraudsters are bypassing traditional hacking by convincing someone to turn over their user ID and password or other sensitive information. Phishing has become commonplace because it's effective. The emails are better crafted now so they're more believable and therefore more dangerous. Even more insidious is spear phishing which targets a particular person and appears to be sent from a person or organization the person knows.

Social engineering also targets a specific person, often on a social network or in a real-world environment. Its purpose is to gain the target's trust, and walk away with the virtual keys to a company's network or specific data assets. Some wrongdoers are littering parking lots with thumb drives that contain malware.

Behavioral analytics can help identify and mitigate the damage caused by phishing and social engineering by comparing the authorized user's behavior in the network and an unauthorized user's behavior in the network.

Bottom Line

Breaches are bound to happen. The question is whether companies are prepared for them, which means keeping security systems up to date and training employees.

Far too many companies think that hacking is something that happens to other organizations so they don't allocate the budget and resources they need to effectively manage risks. Hackers love that.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll