Security could be the most important use for Big Data

Talk about this potential unity of factors has simmered below the surface for some years, but recently some major players have brought the subject to the surface.

For example, says The Boston Consulting Group in a report, "A new approach to personal data is needed in order to strike a balance between protecting individuals and unlocking innovation."

"The world has changed, yet our current approaches to managing personal data have not kept pace," says Alan Marcus, senior director of IT and telecommunications at the World Economic Forum, which collaborated on the report. "We need to shift away from trying to control the regulation of data itself and to focus on the management of how data is used."

Gartner points out in a recent study an example of how the world has changed. It says that 25% of distributed denial of service attacks in 2013 will be application based, a continuation of a trend that developed last year.

(A DDoS attack involves a deliberate inundation of a target organization's computers in order to overload and shut them down. Originally, a basic DDoS attack involved the piping in of five gigabytes per second to the server; the application-based brand of DDoS can involve 70 gigabytes per second.)

"2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe, and they will grow in sophistication and effectiveness in 2013," says Avivah Litan, vice president and distinguished analyst at Gartner. "A new class of damaging DDOS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes, and systems."

RSA, the security division of EMC, clearly declared the potential of Big Data as a "transformative solution to security challenges."

"An intelligence-driven security strategy that uses powerful Big Data analytics will help security practitioners regain the advantages of vigilance and time to better detect and defend against advanced threats," says Art Coviello, executive vice president of EMC Corp., and executive chairman, RSA, at that company's recent conference.

Mark Clancy, managing director, Technology Risk Management, at the Depository Trust & Clearing Corp., adds this: "As the sophistication and technological means of cyber criminals increase, the financial industry and government need to move to a risk-based framework that incorporates the dynamic nature of the threat landscape. We need to move from a world where we ‘farm' security data and alerts with various prevention and detection tools, to a situation where we actively ‘hunt' for cyber attackers in our networks."

The effectiveness of using analytics to boost security revolves around two fundamental factors: the ability to place data in context, and the ability to do this in real time.

On the first, Coviello says: "Organizations will need to have the right level of context to build specific information about digital assets, users, and systems. Big Data architectures can and should be scalable enough to meet each organization's unique requirements. Organizations will then be able to spot and correlate abnormal behavior in people, transactions, and the flow and use of data to identify potential attacks and fraud."

Similarly, says John Rose, senior partner at BCG, "To unlock the value of data, we need to shift to a usage-based, contextual approach to managing rights and permissions. Companies will have to establish principles and codes of conduct, develop tools and processes to manage compliance with them, and rethink the way they engage consumers to ensure their trust."

Regarding the value of real-time evaluation, IBM is touting its own "breakthrough" product that combines security intelligence and Big Data. "The new solution combines real-time correlation for continuous insight, custom analytics across massive structured data (such as security device alerts, operating system logs, etc.) and unstructured data (such as emails, social media content, full packet information, and business transactions), and forensic capabilities for evidence gathering."

It's not the only company that does this. Prolexic, which specializes in DDoS mitigation, announced recently that it provides its customers with real-time data and analysis of their network perimeter.

"[Customers] want to be able to diagnose potential problems as they happen. That means important details can't be glossed over and then summarized 15 minutes or several hours later," says Stuart Scholly, president, Prolexic.

In fact, numerous similar examples from the vendor community are starting to pop up. Here's just a sample of solutions based, more or less, on advanced analytical capabilities:

• RSA Authentication Manager 8 provides visibility into access control risk by building user profiles based on device and behavioral characteristics to detect and permit normal behavior and challenge or block anomalous activity.

• FICO Falcon Fraud Manager recently gained three patents for its ability to provide intelligent profiles, self-calibrating analytics, account customer profiling, and customer-connectivity informed fraud detection.

• SilverSky offers a "security-as-a-service" platform which "manages, secures, and monitors organizations' vital information assets with a comprehensive portfolio of software and managed services."

• Easy Solutions provides "a multilayered approach to securing transactional environments from online fraud, while leaving legitimate users unaffected."

All of which comes down to the notion of finding ways to gain the initiative against the bad guys, instead of always being on the defensive. Of course, technology advances are a tide that lifts all boats. As RSA's Coviello points out: "New tools and techniques are coming online to analyze all of this data. It won't be long before Big Data applications and stores become the crown jewels of an organization. And those crown jewels will be readily accessible in the cloud and via mobile devices across our hyper-connected enterprises-and not just by us, but by our adversaries as well."

A sobering thought, but also an incentive to always factor security into business decisions concerning data access and use.

Sources used for this article include:

Current Approach to Governing Personal Data Needs Updating for a Big Data World

Easy Solutions selected by Dunbar to enhance digital armored solutions

FICO Awarded 10 New Patents for Decision Management and Fraud Protection

Gartner Says 25 Percent of Distributed Denial of Services Attacks in 2013 Will Be Application-Based

IBM Announces Breakthrough with Combination of Security Intelligence and Big Data

Prolexic Provides Real-Time, Granular DDoS Attack Data for Deep Network Analysis

RSA's Art Coviello Points to Big Data as Transformative Solution to Security Challenges

RSA Transforms Enterprise Authentication with Big Data-Driven Risk Analytics

SilverSky to Showcase Industry's Only Advanced Security-as-a-Service Platform and Newly Launched Email Protection Suite at RSA Conference