Big Data in Information Security

Similar documents
How To Get A Big Data Project To Work

Understanding ediscovery and Electronically Stored Information (ESI)

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

Why You Need to Test All Your Cloud, Mobile and Web Applications

An Oracle White Paper November Leveraging Massively Parallel Processing in an Oracle Environment for Big Data Analytics

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Operational Efficiencies of Proactive Vulnerability Management

The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014

Big Data Executive Survey

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

How Big Data is Different

Big Data Services From Hitachi Data Systems

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January kpmg.com

How To Make Data Streaming A Real Time Intelligence

How Extended Validation SSL Brings Confidence to Online Sales and Transactions

Leveraging Information For Smarter Business Outcomes With IBM Information Management Software

The 4 Pillars of Technosoft s Big Data Practice

Big Data Working Group. Comment on Big Data and the Future of Privacy

9 Reasons Your Product Needs. Better Analytics. A Visual Guide

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

2H 2015 SHADOW DATA REPORT

The Evolving Threat Landscape and New Best Practices for SSL

Architected Blended Big Data with Pentaho

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Redefining Incident Response

Reference Architecture: Enterprise Security For The Cloud

Best Practices - Remediation of Application Vulnerabilities

The Role of the Operating System in Cloud Environments

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

The Big Data Paradigm Shift. Insight Through Automation

Big Data Research Sponsorship

ByteMobile Insight. Subscriber-Centric Analytics for Mobile Operators

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Secure Thinking Bigger Data. Bigger risk?

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

The IBM data governance blueprint: Leveraging best practices and proven technologies

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Cybersecurity is for everyone. not just the IT department

A New Era Of Analytic

Analytics, Big Data, & Threat Intelligence: How Security is Transforming

Understanding Your Customer Journey by Extending Adobe Analytics with Big Data

Making Big Data Analytics Fast and Easy Big Data Not Delivering? Context is the key.

CONNECTING DATA WITH BUSINESS

How To Protect Your Organization From Insider Threats

NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES

SALESFORCE MARKETING CLOUD ROOM & BOARD

Automating Healthcare Claim Processing

TOP 3. Reasons to Give Insiders a Unified Identity

The Future of Payments 2015: Financial Institutions. The Payments Value Chain is Driven by Customers

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Digital Enterprise Unit. White Paper. Securing Patient Information HIPAA and Mobile Healthcare Applications

White. Paper. EMC Isilon: A Scalable Storage Platform for Big Data. April 2014

This Symposium brought to you by

Module 1: Introduction to Designing Security

How To Harness The Power Of Big Data For Fleet Management

DETECT MONITORING SERVICES MITIGATING THE EPSILON BREACH SUMMARY

2015 Global Payments Insight: Bill Pay Services. With big change comes big opportunity

Big Data Executive Survey 2013:

IBM Software Four steps to a proactive big data security and privacy strategy

Solve Your Toughest Challenges with Data Mining

A New Era of Cybersecurity Neil Mohammed, Sales Engineer

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

An Oracle White Paper January Oracle Database Firewall

Making Critical Connections: Predictive Analytics in Government

Information Security Policy

An Oracle White Paper January Oracle Database Firewall

GUIDE TO IMPROVING INFORMATION SECURITY IDENTIFYING WEAKNESSES & STRENGTHENING SECURITY

Enhancing Cybersecurity with Big Data: Challenges & Opportunities

Solving Your Big Data Problems with Fast Data (Better Decisions and Instant Action)

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Converged, Real-time Analytics Enabling Faster Decision Making and New Business Opportunities

It s Time to Revisit your Complaint Management System. January 2014

5 Big Data Use Cases to Understand Your Customer Journey CUSTOMER ANALYTICS EBOOK


Security for a Smarter Planet IBM Corporation All Rights Reserved.

SQLstream Blaze and Apache Storm A BENCHMARK COMPARISON

Customized Report- Big Data

RETHINKING CYBER SECURITY Changing the Business Conversation

Five Things to Consider in an Enterprise CRM Evaluation. An Oracle White Paper July 2010

Compliance in the Corporate World

White. Paper. Big Data Advisory Service. September, 2011

Data Security on Every Network Layer. Internet Security Days 2015, Phantasialand Brühl ADVA Optical Networking SE

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

RSA Security Analytics Security Analytics System Overview

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, :00PM EST

GlobalSign Malware Monitoring

IBM Security X-Force Threat Intelligence

Preemptive security solutions for healthcare

TRANSFORM YOUR BUSINESS: BIG DATA AND ANALYTICS WITH VCE AND EMC

Big Data, Big Risk, Big Rewards. Hussein Syed

The Future of Business Analytics is Now! 2013 IBM Corporation

What s Trending in Analytics for the Consumer Packaged Goods Industry?

The Symantec Smartphone Honey Stick Project

Transcription:

SECURELY ENABLING BUSINESS White Paper Big Data in Information Security By Matt Sharp, Strategic Services Director The ousting of Target CEO Gregg Steinhafel was at least partially due to a major data breach (Vigna, 2013). By observation, this has placed the topic of Information Security at the top of executive agendas throughout the country. At the same time, the Big Data discipline continues to mature such that 91% of executives claim that their organization has a Big Data initiative planned or in progress (Davenport T. H., 2013). In this paper, we will explore how Big Data is different from data approaches of the past and attempt to extrapolate how Big Data will impact Information Security approaches today and in the future. Data Analysis To understand how Big Data is affecting Information Security, we first turn our attention to a short definition of Big Data followed by a summary of how businesses are using big data. Finally, we will examine the impact of such technologies on Information Security. What is Big Data, and how is it different from previous approaches? Big Data is a term used to describe collections of data so large, complex or requiring such rapid processing (sometimes called the volume/variety/velocity problem), that they become difficult or impossible to work with using standard database management or analytical solutions (Davenport T. H., 2013). Big Data is frequently used to quantify the amount of data in the literal sense; however, most experts in the know consider this to be a marketing term. The true analytics and knowledge that power such initiatives are more commonly referred to as data science. Nevertheless, I will stick with the term Big Data for this briefing. Organizations that capitalize on Big Data stand apart from traditional data analysis environments in three key ways (Davenport, Barth, & Bean, 2012): Abstract As the Big Data discipline continues to mature, the impact to information security will be felt. This paper examines Big Data, how businesses are using Big Data and how information security approaches will need to adapt. Table of Contents: Introduction...1 Data Analysis...1 Conclusions...3 Works Cited...5 www.fishnetsecurity.com/6labs LEARN MORE About our Industry Expertise at: www.fishnetsecurity.com Corporate Headquarters / 6130 Sprint Parkway / Ste. 400 / Overland Park, KS 66211 / 888.732.9406

FishNet Security White Paper BIG DATA IN INFORMATION SECURITY 2 They pay attention to data flows as opposed to static data warehouses. They rely on data scientists as well as product and process developers rather than data analysts. They are moving analytics away from the IT function and into core business, operational and production functions. Business Value of Big Data Investments in Big Data include those in human resources and technology solutions, including database management platforms (e.g., Hadoop, EMC/Greenplum, Teradata/Aster, IBM/Netezza), analytics and visualization capabilities (e.g., Revolution R, Palintir, Tableau), or text-processing and real-time streaming solutions (Davenport T. H., 2013). See Figure 1. Interestingly, most Big Data initiatives do not currently require an ROI payback analysis to justify their current investment. However, analysis shows that executives were expecting three primary benefits resulting from Big Data investments including (Davenport T. H., 2013): Accelerate the analytical velocity of delivering insights and answers to business questions. Integrate a greater variety of data sources. Analyze larger volumes of data. Surprisingly, most Big Data initiatives were linked to efforts that enhance analytics capabilities (66%) and enterprise risk and analytics initiatives (54%) (Davenport T. H., 2013). See Figure 2. Big Data Impact on Information Security Big Data and Information Security overlap to create several distinct outcomes. Big Data improves the speed at which firms can identify and respond to threats, and at the same time, Big Data can have significant privacy implications as the aggregated data is a new target for hackers. Accelerated Threat Detection Figure 1 In short, firms are largely utilizing investments in Big Data to help security teams detect threats quicker and speed up response. One notable study stated: Critical to controlling the costs [of a data breach] is keeping customers from leaving. The research reveals that reputation and the loss of customer loyalty does the most damage to the bottom line. In the aftermath of a breach, companies find they must spend heavily to regain their brand image and acquire new customers Efficient response to a breach and containment of the damage has been shown to reduce the cost of breach significantly (Ponemon Institute, 2014).

FishNet Security White Paper BIG DATA IN INFORMATION SECURITY 3 Figure 2 Indeed, threat analysts need a combination of capture time, stream and batch analytics to detect and investigate a full range of threats (EMC Corporation, 2014). There [are] so many events happening at the network layer, the ability to do stream processing across those events and detect anomalous, malicious behavior is important (Prince, 2014). Logically, this is a natural result of the fact that IT systems and technology infrastructure generate data every second of every day. This machine data contains a categorical record of all user behaviors, service levels, cybersecurity risks, fraudulent activities and more. As one of the fastest growing and most complex segments of big data, machine data is also one of the most valuable (Splunk, Inc., 2014). Expanded Attack Surface However, Big Data is also a target for hackers. In fact, just as hackers find a clever exploit to intercept and spike an SSL session, or trick an app server into running arbitrary code, so they ll find an exploit for big data Attackers can corrupt information, blind an algorithm, inject falsehood, changing outcomes in subtle, insidious ways that undermine a competitor or flip an election. Attacks on data become attacks on people (Webb & O Brien, 2013). Finally, it is important to note that privacy protection has become an elusive goal in the big data era as researchers have shown that linkability threats can re-identity individuals In practice, such data is shared after sufficient removal of unique identifiers by the processes of anonymization and aggregation. This process which has led to very many instances of re-identification based on big data linkability needs to be strengthened. (Cloud Security Alliance, 2014).

FishNet Security White Paper BIG DATA IN INFORMATION SECURITY 4 Conclusions It turns out that volume, variety and velocity challenges addressed by Big Data are incredibly relevant to the analysis of anomalous and malicious activity on enterprise networks. While recent industry events have elevated the topic of Information Security in the board room and investments in Big Data continue to rise, the overlap of Big Data and Information Security present significant business opportunities. Exploiting the overlap of these emerging trends to reduce corporate risk exposure through rapid identification of enterprise threats is likely to produce more indirect benefits and therefore can be very difficult to justify with ROI calculations. Nevertheless, the consensus seems to be that modern risk management requires real-time data and business self-sufficiency so risk owners can respond to business, board and regulator demands in a timely and accurate fashion (Prince, 2014). At the same time, it is important to understand the security and privacy implications resulting from Big Data implementations supporting non- Information Security functions. Specifically, security obligated executives should be cognizant of how Big Data increases attack surface for hackers and understand how to protect against linkability threats. For More Information For more information about FishNet Security products and services, call 888.732.9406 or visit: www.fishnetsecurity.com. Copyright The information transmitted in this document is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination or other use of or taking of any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. Copyright 2014 FishNet Security, Inc. All rights reserved. The FishNet Security logo is a registered trademark of FishNet Security. All other products and company names mentioned herein are trademarks or registered trademarks of their respective owners. ABOUT FISHNET SECURITY FishNet Security - the leading provider of information security solutions that combine technology, services, support and training - enables clients to manage risk, meet compliance requirements and reduce costs while maximizing security effectiveness and operational efficiency. FishNet Security is committed to information security excellence and has a track record of delivering quality solutions to thousands of clients worldwide. LEARN MORE About our Industry Expertise at: www.fishnetsecurity.com

FishNet Security White Paper BIG DATA IN INFORMATION SECURITY 5 Works Cited Cloud Security Alliance. (2014). Comment on Big Data and the Future of Privacy. Davenport, T. H. (2013). Big Data Executive Survey 2013: The State of Big Data in the Large Corporate World. Boston San Francisco New York: NewVantage Partnes LLC. Davenport, T., Barth, P., & Bean, R. (2012). How Big Data is Different. MIT Sloat Management Review. EMC Corporation. (2014). RSA-Pivotal Security Big Data Reference Architecture. EMC Corporation. Ponemon Institute. (2014, March 05). 2014 Cost of Data Breach: Global Analysis. Retrieved from Ponemon Institute: http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-ofdata-breach-global-analysis Prince, B. (2014, February 27). Big Data A Big Focus Of Security Analytics Products. Retrieved from Dark Reading: http://www.darkreading.com/bigdata-a-big-focus-of-security-analytics-products/d/d-id/1141401? Splunk, Inc. (2014, May 10). Big Data Analytics: Delivering Insights on Realtime and Historical Data. Retrieved from Splunk : http://www.splunk.com/view/big-data/sp-caaagfh Vigna, P. (2013, May 05). Retrieved from The Wall Street Journal: http://blogs.wsj.com/moneybeat/2014/05/05/targets-ceo-ouster-wasntabout-just-the-data-breach Webb, J., & O Brien, T. (2013). Big Data Now. O Reilly Media, Inc.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information