10. Weekly count from FireEye Web MPS appliances across global customer base
These levels reflect the number of Web-based malware attacks that originated
outside the target organization, successfully evaded traditional filters, and were
blocked or infected target systems
11. The Post Breach Boom, Ponemon Institute, February 2013
Survey of 3,529 IT and IT security practitioners in US, Canada, UK, Australia,
Brazil, Japan, Singapore and UAE
12. The Post Breach Boom, Ponemon Institute, February 2013
Survey of 3,529 IT and IT security practitioners in US, Canada, UK, Australia,
Brazil, Japan, Singapore and UAE
The deployment of Big Data for fraud detection, and in place of security incident and event management (SIEM) systems, is attractive to many organisations. The overheads of managing the output of traditional SIEM and logging systems are proving too much for most IT departments and Big Data is seen as a potential saviour. There are commercial replacements available for existing log management systems, or the technology can be deployed to provide a single data store for security event management and enrichment. Taking the idea a step further, the challenge of detecting and preventing advanced persistent threats may be answered by using Big Data style analysis. These techniques could play a key role in helping detect threats at an early stage, using more sophisticated pattern analysis, and combining and analysing multiple data sources. There is also the potential for anomaly identification using feature extraction. Today logs are often ignored unless an incident occurs. Big Data provides the opportunity to automatically consolidate and analyse logs from multiple sources rather than in isolation. This could provide insight that individual logs cannot, and potentially enhance intrusion detection systems (IDS) and intrusion prevention systems (IPS) through continual adjustment and effectively learning “good” and “bad” behaviours. Integrating information from physical security systems, such as building access controls and even CCTV, could also significantly enhance IDS and IPS to a point where insider attacks and social engineering are factored in to the detection process. This presents the possibility of significantly more advanced detection of fraud and criminal activities. We know that organisational silos often reduce the effectiveness of security systems, so businesses must be aware that the potential effectiveness of Big Data style analysis can also be diluted unless these issues are addressed. At the very least, Big Data could result in far more practical and successful SIEM, IDS and IPS implementations.
In reality, Big Data is more about the processing techniques and outputs than the size of the data set itself, so specific skills are required to use Big Data effectively. There is a general shortage of specialist skills for Big Data analysis, in particular when it comes to using some of the less mature technologies. The growing use of Hadoop and related technologies is driving demand for staff with very specific skills. People with backgrounds in multivariate statistical analysis, data mining, predictive modelling, natural language processing, content analysis, text analysis and social network analysis are all in demand. These analysts and scientists work with structured and unstructured data to deliver new insights and intelligence to the business. Platform management professionals are also needed to implement Hadoop clusters, secure, manage and optimise them.Vendors such as Cloudera, MapR, Hortonworks and IBM offer training courses in Hadoop, offering organisations the opportunity to build their in-house skills to address Big Data challenges.