Report: Big Data Analytics Can Predict Attacks, But Necessary Skills Lacking

Crunching data from the myriad systems in the enterprise could yield new insight into how to protect sensitive data and even predict the next cyberattack, but many firms will be forced to seek outside help to reap the benefits, according to a new study.

Over the next three to five years, big data analytics tools will advance rapidly, according to a new report conducted by security experts at Booz Allen Hamilton and Northeastern University. The study, sponsored by RSA, The Security Division of EMC Corp., predicts that risk assessments and threat detection will be automated to the point that security response teams can predict an incident before it happens and take action to thwart attacks.

"There's no precision in the model that allows us to do threat predicting around an anomalous authentication event, and that speaks to the failure of perimeter-based security," said Eddie Schwartz, vice president and chief information security officer at RSA in an interview with CRN. "Forecasters are ignoring data that can provide immediate value to advanced threat management."

[Related: How to Get Your Arms Around Big Data ]

Big data analytics has become a trending buzzword at security conferences in recent years. Security experts first pointed out that security information and event management (SEIM) systems would provide the log collection necessary to detect anomalous activity and aid forensics teams to determine the extent of a data breach. But network security analysis systems like NetWitness, which was acquired by RSA in 2011, are being built out to provide more extensive analytical capabilities. Other competitors include Solera Networks, Niksun and Damballa.

The report, "Big data fuels intelligence-driven security," (.pdf) issued this week, recommends organizations undergo a risk assessment and an industry peer comparison. It said a shared data architecture for security information is needed to collect captured information in a data warehousing system. Despite being in different formats, new tools will help index and normalize the data for analysis.

NEXT: Point solutions dismissed; Lack of skilled analysts a challenge

The report's authors also dismiss point security products, calling on organizations to create a unified security architecture. It dismisses static analytics tools based on threat signatures or network boundaries, and calls on organizations to look for tools that are flexible and scalable to adapt to corporate infrastructure and threat landscape changes. It also calls for the addition of external threat intelligence services.

"Organizations need to think strategically about which security products they will continue to support and use over several years, because each product will introduce its own data structure that must be integrated into a unified analytics framework for security -- or deliberately omitted as a potential blind spot," according to the report.

Despite readying security systems and the IT architecture the report does, however, warn about a major hurdle: A shortage of skilled analysts needed to perform statistical analysis. It warns that emerging security technologies will be powerful enough to provide deep analysis into the data, but security teams may not be ready for the data science skills necessary to perform the analytics.

"Security leaders should consider adding data scientists to their teams," according to the report's recommendations. "Specialists will not only need to manage the organization’s big data capabilities efficiently, but they will also need to understand business risks and cyberattack techniques in sufficient depth to develop analytical models that detect, and even predict, illicit activities," according to the report.

RSA's Schwartz admits that organizations will have some major challenges ahead to make big data analytics a reality. It can become a reality beyond large organizations with the available cash and staff to invest in such systems. It's going to take VARs and distributors to set this up in the midmarket, and managed services could help provide the skilled staff necessary to do the analysis, Schwartz said.

"We must work to take away the limits and also the new skill sets needed on both the vendor side and on the security team side," Schwartz said.

PUBLISHED JAN. 15, 2013