Sunday , 25 June 2017


Big Data’s Response to the Growing Threat of Enterprise Cyber Attacks

Sergii Shelpuk

Enterprise Cyber Attacks

Sergii Shelpuk, the Director of Data Science at SoftServe, an enterprise-class software development company

Seconds matter when your enterprise is under a cyber-attack. Your company’s financial security and intellectual property are at risk. Worse, your company’s reputation is on the line. One report of a security breach may result in an extensive PR campaign to save your business. Customers have a history of abandoning those believed unable to protect them — perception equals reality.

The issue isn’t if your business is vulnerable or may someday be attacked; the issue is when and will you be prepared.

With widespread adoption of enterprise cloud computing, SaaS and smart devices, your business is inherently more vulnerable than ever to external and internal attacks on your information and communication systems. Given the participation rate and informal nature of social media, more is publicly known about your corporate structure, processes, and technical configurations than ever before. With a modicum of patience, damaging information can be gleaned from a company’s online activity – and exploited by those seeking to do harm for profit, social justice or sport.

The combination of big data and advanced analytics promises to be the best line of defense from such a potentially catastrophic attack on your business, providing swift detection of security threats and enabling analytics to protect your data systems and company.

Detecting a Security Threat with Big Data

For many, collecting big data is the easy part, but as with all analysis of past and current events, your understanding is limited by the data you collect. Your ability to quickly detect threats, assess damage and discover the origin of an attack are dependent on the data you collect and warehouse.

The data you collect must be comprehensive, to include, but not be limited to:

  • Collecting user data on everything from rudimentary user authentication and access location, date and time to user profiles including privileges and roles, travel and business itineraries and associated access and activity behaviors.
  • Capturing device information such as the type of device accessing your network, software revisions, security certificates and protocols can be used to flag suspicious user behavior.
  • Recording information on network assets such as access locations, destinations, date and time; new and non-standard ports and code installation.

Your objective when collecting data is to capture and store as many user and network events as possible, not knowing what may be important later when investigating a threat. You don’t want your ability to detect and respond to a cyber-attack artificially limited by data overlooked for monitoring and collection. All data points are critical when assessing a threat.

Leveraging Big Data to Protect your Data Systems and Business

The proliferation of smart devices, SaaS and cloud computing allows an ever increasing amount of data to be collected on your data systems and their associated use. As noted earlier, this is good, as more data provides a greater opportunity to detect, diagnose and protect your enterprise from cyber-attacks, as well as combat them while underway. Being able to quickly correlate events and discern unusual, but benign, user behaviors from legitimate security threats can hinder, minimize or completely eliminate financial or other losses due to a security breach.

Timely analysis of large amounts of data is the greatest challenge in dealing with a cyber-attack. This is where advanced analytics can leverage big data to examine large amounts of different data types to quickly uncover hidden patterns, unknown correlations and other useful information derived from disparate data collection to detect and diagnose cyber security threats.

This intelligence-driven security of your data systems is instrumental in protecting your business from a variety of cyber, flagging suspicious activity in your network that may indicate a cyber-attack is underway:

  • Traffic anomalies to, from or between particular servers
  • Suspicious activity in high value or sensitive elements of your data network
  • Suspicious user behavior such as varied access levels, location access, and information destinations
  • Newly installed software or different protocols used to access sensitive information
  • Identify listening ports used to aggregate traffic for external offload of data or information

Advanced analytics can be highly effective for identifying a cyber-attack already underway and recommending a course of action to counter the attack to minimize or eliminate loss. Advanced analytics feed on the volume of data collected from your data systems to protect your business, and can provide you with timely analysis and recommendations to thwart even the most heinous attack.

Conclusions

Cyber-attacks aren’t a thing of passing fancy — they’re a current and future reality we all have to face. The safe assumption is your business will be under attack at some point in the future. The issue to deal with is how will you identify and counter potential financial, intellectual property and other losses. Companies who lose trust in their ability to protect customer data are in danger of catastrophic loss of revenue. Cyber-attacks aren’t something to scoff at or assume will never happen to you.

Preparedness is the key to dealing with an attack, and that begins with the comprehensive collection of user and network data. Not knowing what data may be valuable later as part of a forensic effort to identify and counter an attack, it’s best to put systems and protocols in place to capture and warehouse as much data as possible on the configuration, use, and norms of your data systems and user behaviors.

If there’s a problem with collecting vast amounts of data, it’s the ability to quickly correlate disparate events to flag suspicious behavior or anomalies indicating a security breach and cyber-attack is underway. Time is of the essence when dealing with an attack. This is where advanced analytics enters the topic of discussion and leverages big data to provide insight into security issues otherwise unknown or undiscovered until losses become substantial.

Big data and advanced analytics are ideally suited to identify unusual behaviors in real-time, alerting personnel and other systems of a threat underway, to take immediate action to minimize or prevent losses and identify the source of the threat.

As Director of Data Science at SoftServe, Inc., Sergii Shelpuk is a leading expert in deep learning neural networks, machine learning, artificial intelligence, and predictive analytics. A graduate of the Kyiv Polytechnic Institute and the Yaroslav Mudryi National Law Academy of the Ukraine, Sergii leads the development of innovative data science models for a wide spectrum of industries.

Host in Ireland