What Is Big Data Analytics?
Security is a Big Data Problem: It Belongs in the Cloud
Like almost anything else in IT, security itself is moving effectively to the cloud. But to what extent are firms investigating predictive security in the cloud? What are they using it for? In the average company scenario, what is the reality of success for existing endpoint or on-premise security detection and prevention, and how are these infrastructures coping in specific threat situations?
Big data analytics is the general term applied to the process of collecting wide arrays of data and intelligence and applying sophisticated technologies, such as behavioral and machine learning algorithms, against them with the purpose of analyzing and understanding data in ways humans are unable to alone due to the time and computational capacity required to process.
In the context of next-generation endpoint security, the data arrays come from endpoints scattered across any given enterprise, including computers, servers, mobile devices and IoT devices, and threat intelligence gathered from security researchers, vendors and public databases. This data is used to provide a predictive approach to endpoint security.
Next-generation endpoint security today is all about keeping pace and staying ahead of attackers. And one of the only ways to do so is through comprehensive insights that can only be derived from big data analytics. Without big data analytics, companies can only focus on finding and stopping known methods and attacks, which leaves them vulnerable to new and emerging attacks. Security people must be able to predict and prevent not only known attacks, but future and unknown ones too. Innovative processes like big data analytics take advantage of all available data – unfiltered endpoint data, event streams, attackers’ tactics and techniques, global threat intelligence, and more – to provide the most comprehensive protection possible. With the power of big data analytics, security teams can uncover the most disruptive and damaging hidden tactics, identify root causes, and stop malicious threats before they are fully developed.
When it comes to traditional endpoint security, many companies only use data that is generated from detecting an already-known threat on the endpoint – and everything else is filtered out. Operationally speaking, this helps to keep costs low of the solution at large, but the trade-off to this approach makes it almost impossible to discover and identify malicious behavior related to unknown attacks that have not yet been identified by security vendors or public organizations.
With unfiltered data, security personnel have access to what’s going on across every facet of their endpoints – leaving no place for attackers to hide undetected. Security personnel can look at data from every application and see all actions associated with it, such as where it ran, when it ran, who it spoke to, and what changes were made. And in doing so, they can dive deep, discover patterns of suspicious activities and identify new threats.
In its 100 Data and Analytics Predictions through 2021, Gartner suggests that big data and analytics are expected to become even more mission-critical for almost every business, in every industry. This is already occurring in endpoint security.
In fact, research from Enterprise Strategy Group (ESG) indicates that 38% of organizations collect, process, and analyze more than 10 terabytes of data as part of security operations each month. This includes everything from firewalls and security devices to log data from network devices, user activity, and applications.
Not all organizations are taking advantage of the potential of big data analytics however. That’s because they have yet to move their IT and security systems to the cloud, generally due to operational, resource and cultural constraints.
The analyst group Wikibon recently share a key trend about how the convergence of siloed big data in the cloud is speeding enterprise time-to-value. This is particularly evident in endpoint security.
As companies recognize the need to collect vast amounts of data, they need the storage and processing power of the cloud to maximize the value of this data. With endpoint security in the cloud, companies can start to connect the dots between individual events, identifying and tracking “event streams” to stop attacks in progress and assess the root cause of them. Security personnel now have the power to combine their own data along with global threat intelligence to make discoveries that result in protection that comes into play in advance of threats becoming major incidents or breaches.
The cloud provides massive processing power that allows for the analysis of hundreds of billions of individual events, which in turns enabled the ability for companies to predict new threats – not just those based on malware, but also fileless threats that are becoming more problematic and more pervasive. It drives the ability to solve security problems that aren’t getting solved today.