The year 2014 became known as the Year of the Hacker, even before it mercifully came to an end. In fact, many security experts predict that the trend will continue into this year and beyond. Isn’t it time that we turned the tables and declared the Year of Cyber Security Success? This success can come from security intelligence. Big data is the key to locking the doors to cyber and even physical enterprise security. Here’s how.
What is Security Intelligence?
Security intelligence, also defined as threat intelligence, is defined by Gartner as, “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”
Security intelligence is information derived from big data analysis that can indicate when a particular system or business is under threat, who might be targeting the business, why the business might be a target, and how the attack might happen. It uses data analysis to identify anomalies and suspicious activities within any given number of data sets. When used properly, security intelligence can be used to identify, stop, and prosecute those attempting to engage or engaging in cyber and physical threats.
Where Does Security Intelligence Come From?
The best sets of security intelligence come from multiple sources. Rarely does a highly-organized and well-funded attack involve a single technique of intrusion. High-level attacks often involve a number of tactics, including phishing, testing for zero-day vulnerabilities, and sometimes issuing threats via email or social media. Security intelligence can be derived from a combination of telecommunications data, email, videos and audio, sensors, social media, mobile devices (including GPS data and call details), network traffic, financial transactions, log files, etc.
Obviously, many of these data sources involve unstructured data. Hence, Hadoop and other big data analytics tools are essential for analyzing these data sets to produce quality security intelligence. The best security intelligence comes from diverse data sets over the long term, which offers historical perspective on potential anomalies that can indicate a potential security threat.
How Can Security Intelligence Identify Gaps and Potential Nefarious Activity?
Often the goal of an attack is the theft of intellectual property, consumer data, or business intelligence. Motivations for intrusions range from data corruption to blackmail to hactivism to insider trading. Though countless mischievous hackers are out there trying to disseminate malware or steal passwords, those who are successful are highly skilled, well-funded, and exceptionally motivated. Sometimes the motivation is personal vindication, other times it is a sense of nationalism or personal gain.
When the data from network traffic, email, social media, transactions, mobile devices, and other sources are gathered and analyzed, it begins to paint a pattern. The analytics can identify correlations and put these into context. This analysis is most useful in identifying advanced persistent threats, which involve slow and methodical intrusions, unlike the readily identifiable frontal attacks like denial of service or malware infection.
In 86 percent of cases, the data necessary to identify and thwart an attack was recorded by the system; it just wasn’t identified as an attack because the low-profile, slow-moving attacks failed to trigger security alarms. This means there is a lot of progress to be made in tweaking security systems to pick up these savvier types of attacks by patient and capable intruders.
This security intelligence isn’t just useful for preventing cyber-attacks; it can also be used to identify and prevent physical threats. For example, when a particular group or individual begins attacking an organization on social media or harassing employees or executives via email, this could indicate an impending activist or terrorist attack. If the harassment coincides with anomalies in the transactional data, it might indicate a planned financial attack of some kind, such as extortion.
In order to leverage data analysis for your security intelligence endeavors, you need the security, power, and speed of the Full Metal Cloud. This fast, agile cloud service allows you to conduct deep real-time analysis so that you can identify and prevent physical or cyber threats against your organization quickly and completely. Visit Bigstep today for a free trial of the Full Metal Cloud’s potential.