Nowadays, most CISOs readily acknowledge that it’s not a matter of “if” they’ll be breached, but “when” the breach will occur. In fact, the rapidly shifting threat landscape, fueled by a burgeoning cybercrime economy, has many organizations asking themselves, "Are we already breached and just don’t know it?"
[Related: How to Get Your Arms Around Big Data ]
Today, simply thinking, planning and investing in the necessary security infrastructure won’t keep the criminals out and proprietary information secure.
The new cyberthreat reality is even more concerning when you consider the data that shows most organizations are ill-equipped to recognize the signs of a breach. The 2011 Verizon Data Breach Report showed that 85 percent of reported breaches originally went undetected by the breached organizations. In addition, The 2012 Cyber Threat Readiness survey conducted by LogRhythm reported that less than 30 percent of IT Security Professionals were confident they’d know when user credentials were compromised or hosts were breached. So what’s needed to address the new threat reality for most organizations?
It starts by acknowledging that if the bad guys want to get in, they will. IT security teams need to focus more on real-time monitoring, extending the “net” of data capture, applying context to the information being collected and analyzed and being empowered with actionable intelligence to respond swiftly and effectively when an advanced threat or breach is detected.
Focusing more on detection and response doesn’t mean that point defense technologies (e.g., firewalls, anti-virus/anti-malware, etc.) are no longer relevant. They are as critical as ever because they produce valuable information about what’s happening in and around the enterprise. But for companies to swiftly and efficiently detect and respond to today’s new advanced threats, they need to do more with wealth of information generated across the enterprise and turn it into an actionable plan.
For midsize and large enterprise organizations, the volume of log data generated throughout a network is massive, usually tens or hundreds of millions of logs every day. The volume grows even more when you add important independently generated activity information such as which files are being accessed and by whom, or what processes are starting or stopping on critical servers. No matter how you look at it, we’re talking about Big Data.
Security Information and Event Management solutions (SIEMs) have been handling Big Data for years. They offer a central point of collection, analysis, monitoring and reporting for enterprise activity data. To address the new threat landscape, advanced information security professionals are leveraging next generation SIEM solutions for Big Data real-time security analytics, and do so within an adaptive intelligence framework.
Adaptive intelligence is rooted in the ability to understand what’s normal, so you can recognize what’s abnormal. Historically, network behavioral anomaly detection (NBAD) has provided this capability at the network layer. The concept is still very useful today, but it needs be expanded and applied across the entire enterprise, not simply at one layer.
Organizations need to also be able to quickly analyze all activity on specific hosts, applications, users and networks and establish a baseline of normalcy across all layers. Once that baseline is established, they should add internal and external context feeds such as vulnerability data/state, IAM data, asset classification information, threat intelligence feeds and geo-location data to further clarify what’s normal or acceptable. Once “normal” is established and the dynamic context feeds are in place, enterprise behavior anomaly detection (EBAD) is achievable.
Today’s rapidly advancing cyberthreat landscape requires IT security teams to employ an adaptive intelligence framework that takes Big Data security analytics beyond just after-the-fact forensic investigation and applies it in real time to recognize the indicators of an advanced threat or breach.
An adaptive intelligence framework based upon next generation SIEM can deliver the Big Data real-time security analytics necessary to help customers remove blind spots and identify sophisticated threats and breaches today and tomorrow.
- Protecting The Business From Cloud Application Security Risks
- The Massive SaaS Opportunities For VARs
- A Reseller's Guide: Recipe For Channel Partnership Success
- Cloud Connection: Seven Steps To Effective Public Cloud Services
- From CapEx To OpEx: Channel Strategy In The Federal Push To The Cloud
- A Reseller's Guide: Coming Out On Top In The Face Of Channel Conflict
- How To Create A Case For Disaster Recovery Plan
- How To Offset Your Customers' BYOD Risks
- How To Ease Client Anxiety About Private Cloud Deployments
- How An SMB Cloud Provider Can Create 'Swagger' In A Competitive Market
- A Reseller's Guide: Creating A Successful Solution Provider Event
- How to Prepare for the Future of the IT Solutions Industry
- How to Consolidate Data Protection Services for Greater Customer Value
- 10 Attributes to Support Revenue Marketing and Sales Success.
- How To Improve Efficiency: Upgrade Mountain Lion and iOS6
- How To Cash In On the Cloud Through Collaboration
- How To Sell Cloud Storage In Five Steps
- How To Protect High-Value Data Assets
- Moving Data to the Cloud: Options for SMBs and Small Enterprises
- How To Apply Big Data Security Analytics to Detect Advanced Threats and Breaches