The rise of Big Data platforms such as Hadoop and Splunk has made it easier to collect massive amounts of data. The challenge now is building and deploying the analytics applications that make use of that data to make it possible to detect anomalies in an IT environment much faster.
As FBI director James Comey once famously quipped that “there are two types of companies in the U.S. Those that have been hacked and those that don’t know they’ve been hacked.” Comey was specifically referring to the cyberespionage efforts that China allegedly employs to gather everything from defense intelligence to intellectual property it uses to advance its economic agenda. In a similar vein of thought the National Security Agency (NSA) has observed that because of cybersecurity attacks we’ve actually been witnessing nothing less than the largest transfer of wealth in history.
Given the IT security reality it now behooves organizations of all sizes to proactively look for malware residing inside their systems. In the past most companies have tended to rely on a reactive approach that was only really employed once a breach had been discovered. There are a whole host of firewall and anti-virus software that do admirable jobs of preventing most malware from every getting inside an organization. But because of more sophisticated social engineering approaches that leverage any number of human foibles, a lot of malware is still getting past these defenses.
A Big Data analytics application should make it easier for IT organizations to discover where that malware actually went. In fact, a new “Big Data Cybersecurity Analytics” report conducted by the Ponemon Institute on behalf of Cloudera, a provider of a distribution of Hadoop, finds that organizations that make use of Big Data analytics as part of their cybersecurity strategy are more than twice as likely to discover a security breach within hours or even minutes of it occurring.'Organizations that make use of Big Data analytics as part of their cybersecurity strategy are more than twice as likely to discover a security breach within hours or even minutes of it occurring.' @mvizardClick To Tweet
To its credit Splunk has already taken that concept a step further by creating an Adaptive Rapid Response initiative though which security vendors are feeding cyber intelligence data into a Splunk platform specifically designed to make searching machine data easier. The idea is to then take the results of an analytics application running on top of Splunk to then automate the remediation process associated with any known vulnerability or recently discovered piece of malware. Rather than trying to find someone with the skills needed to master Hadoop, a big part of the cybersecurity case being made by Splunk is that large number of IT organizations have already deployed Splunk to allow them to better manage their IT operations. Cybersecurity professionals would be essentially leveraging a pool of machine data that already exists inside their organization.
Regardless of the approach taken to Big Data analytics it’s clear that IT organizations have new tools at their disposal to help root out malware wherever it hides inside their organization. While that may not put an end to all IT security threats, it most certainly will go a long way to evening odds that everyone today knows are heavily stacked against IT cybersecurity professionals.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.