IDC calls it ‘cyberanalytics’, the intersection of Big Data, analytics, and cybersecurity .
Through appropriately timed, cyberanalytics context can be provided so that patterns and anomalous behaviours can be identified that are indicators of fraud, theft, or other security breach, according to a new report by IDC analysts Alan Webber, Robert Eastman, and Michael Versace.
The report, Big Data and Predictive Analytics: On the Cybersecurity Front Line, says organisations need to shift from reactive to proactive strategies that seek to understand a threat before an attacker can cause damage.
Such requires constant monitoring of network behaviour, so that unusual activity can be distinguished from normal behaviour, according to the report, which was sponsored by SAS and released at the SAS Global Forum this week.
“If optimised, big data presents a significant opportunity to add context for more accurate and faster threat detection,” says Stu Bradley, senior director of security intelligence at SAS.
The report was linked to the release of SAS Cybersecurity, which uses high-performance analytics to process and evaluate billions of daily network transactions in real-time.
Read more: A CIO’s handbook: Planning for the long game
The research explains that effective big data solutions must differ from existing, reactive “collect and analyse” methods, since technology now exists to use information in timeframes and manners not possible in the past. To derive value from big data, organisations need behavioural analytics and frameworks like Hadoop to improve security at a much faster rate.
While the threats are unlikely to abate anytime soon, the new situational awareness that advanced and predictive analytical tools can deliver means that enterprises have an important technology ally on their side, according to the report.
IDC interviewed information security executives, practitioners, and industry experts in three industries: federal government, financial services, and energy. The goal was to understand evolving cybersecurity threat landscape, and how big data and predictive analytics should be deployed to better address threats and risks they face every day.
For government, the report notes that IT security is neither a small nor inexpensive problem. The US Computer Emergency Readiness Team (US-CERT) cited more than 46,000 incidents at US federal government agencies in 2013.
The new situational awareness that advanced and predictive analytical tools can deliver means that enterprises have an important technology ally on their side.
IDC estimates US federal government agencies alone will spend over US$14.5 billion in IT security to thwart attackers and address incidents. In addition to multi-layered security defenses, government agencies have highly complex infrastructures composed of a range of technologies, from older mainframe systems to cloud-based and mobile apps. By turning to predictive behavioural cyberanalytics, these agencies are able to shift toward a more proactive defense posture.
In the utility and energy industry, the IDC research finds advanced and predictive analytics critical for advancing a wide array of cyber mandates, including regulatory compliance. Utilities are just beginning to appreciate the opportunities for threat identification and remediation that big data analytics deliver.
For financial services, cybersecurity strategies remain a top agenda. The IDC research predicts the financial services industry will spend over US$40 billion in 2015 on managing operational risks, including cyberthreats. They note that $27.4 billion would be earmarked for IT spend on information security and fraud. With shrinking response windows and the complexity of threats to digital channels, advanced, predictive threat intelligence solutions and services have become top items for chief risk officers, data officers, executives, and regulators.
The report concludes all organisations will be challenged in integrating solutions against an “upward spiral” of cyber attacks that target data for financial, reputational, and political gains.
Read more: The future of cybersecurity
It lists four steps organisations can take to improve security and reduce risk:
Step one: Map and tap into existing data sources. Organisations need to map data sources and figure out what is already available, what is easily accessible, and what data is buried deeper but worth the effort. Once the data has been mapped, it then needs to be evaluated for its value in further analysis.
Step two: Contextualise and connect the data. Once the organisation understands the data it has, it needs to establish the context of the data and then correlate the data with other data, network information, and architectural components. “This builds the foundational picture of the active risks and threats to the organisation. Analytics can then be layered onto the correlated data to provide nuance to the picture.”
Step three: Use deep analytics to refine and sharpen the picture. Understanding the context of the data and then connecting the pieces of data is just the beginning, the report states. Using some of the newer analytics capabilities sharpens the picture through the operation of models, providing useful metrics, adequate information, and recommendations for decision making for current, ongoing, and future risks.
Step four:Move from reactive to proactive to real-time. Once analytics are in place and in use, it needs to move to real-time evaluation such that threats can be proactively mitigated before significant loss occurs. Analytics can also be done more holistically to detect "slow and low" threats that emerge over time.
Divina Paredes is attending the SAS Global Forum in Dallas, Texas, as a guest of SAS.
Send news tips and comments to firstname.lastname@example.org
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter:@cio_nz
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.