Organizations are more than ever exposed to a large number and variety of threats and risks to cyber security. Big Data will be one of the main elements of change in the enterprises by supplying intelligence-driven models.
Research firm Gartner said that big data analytics will play a crucial role in detecting crime and security infractions. By 2016, more than 25 percent of global firms will adopt big data analytics for at least one security and fraud detection use case, up from current eight percent.
Avivah Litan, vice president and distinguished analyst at Gartner said big data analytics gives enterprises faster access to their own data than ever before. Big data analytics enables enterprises to combine and correlate external and internal information to see a bigger picture of threats against their enterprises. It is applicable in many security and fraud use cases such as detection of advanced threats, insider threats and account takeover.
She said information needed to uncover security events loses value over time, and timely intelligent data analysis is critical as criminals and bad actors move much more quickly to commit their crimes. For example, a year or two ago, hackers would look around, conduct extensive cyberespionage on their targets, and then go in for the theft — whether it was for money or information. Now, hackers — aware of more-effective security and fraud prevention measures erected by their target victim enterprises — simply go directly to the theft without a drawn-out reconnaissance phase.
Going forward, big data will have an impact that will change most of the product categories in the field of computer security including solutions, network monitoring, authentication and authorization of users, identity management, fraud detection, and systems of governance, risk and compliance. Big data will change also the nature of the security controls as conventional firewalls, anti-malware and data loss prevention. In coming years, the tools of data analysis will evolve further to enable a number of advanced predictive capabilities and automated controls in real time.
Gartner said organizations should align the capabilities security in a holistic cyber security strategy tailored to the threats and the risks specific to the demands of the organization, big data requires the collection of information from various sources and in different formats, a logical target is to have a single architecture to collect, index, normalize, analyze and share all the information, and organization should look for profile accounts, users or other entities, and look for anomalous transactions against those profiles.
Organizations should ensure that the continued investment in security products promote technologies that use approaches agile-based analysis, not static signature-based tools to threats or on the edge of the network.
While security solutions are emerging prepared for the big data, security teams may not. Data analysis is an area where internal knowledge of the staff may be lacking. The data scientists who specialize in security are few, and will continue to be in high demand. As a result, it is likely that many organizations will turn to external partners to compensate for the lack of skills of internal analysis.