Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Network Security Needs Big Data

374 views

Published on

The second half of 2014 witnessed serious security incidents starting with Heartbleed, Bash Bug (Shellshock) to the recent Poodle bug; add to that the highly publicized security breaches at Target, Home Depot, K-Mart, and Chase. Which raises the old question or quest, can we ever have a perfect secure network? The quick answer is “no”, but not too fast, there are ways to minimize risks and lower vulnerabilities of computer networks to the lowest possible level.

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

Network Security Needs Big Data

  1. 1. Network Security Needs Big Data There are two types of organizations now: those that have been breached, and those that just don’t know it yet. As attacks have become too sophisticated for signature-based detection, there is a need for solutions that quickly notice anomalous and potentially dangerous behavior to prevent breaches or — failing that — detect malicious behavior once a breach has occurred, and minimize its impact, as Neill Occhiogrosso mentioned in his excellent article about this topic. The second half of 2014 witnessed serious security incidents starting with Heartbleed, Bash Bug (Shellshock) to the recent Poodle bug; add to that the highly publicized security breaches at Target, Home Depot, K-Mart, and Chase. Which raises the old question or quest, can we ever have a perfect secure network? The quick answer is “no”, but not too fast, there are ways to minimize risks and lower vulnerabilities of computer networks to the lowest possible level. The traditional approach to network security is failing. According to the 2014 Cyberthreat Defense Report, more than 60 percent of organizations fell, victim to one or more successful cyberattacks. Given the extent to which today’s organizations continue to rely on perimeter-centric strategies, this finding should come as no surprise. Studies have shown that between 66% and 90% of data breaches are identified not by organizations that are breached, but by third-party organizations. The simple truth of the matter is that perimeter-based approaches to security are no longer effective. According to Forrester Research report, information security professionals should readjust some widely held views on how to combat cyber risks. Security professionals emphasize strengthening the network perimeter, the report states, but evolving threats—such as increasing misuse of employee passwords and targeted attacks— mean executives need to start buffering internal networks. Teams within enterprises, with and without the support of information technology management, are embracing new technologies in the constant quest to improve business and personal effectiveness and efficiency. These technologies include virtualization; cloud computing; converged data, voice, and video networks; Web 2.0 applications; social networking; smartphones; and tablets (BYOD). In addition, the percentage of remote and mobile workers in organizations continues to increase and reduce the value of physical perimeter controls
  2. 2. proving that the “disconnect” between the security and network operations teams is at the heart of the problem. So what is the solution? One strong candidate in answering these questions is Zero Trust Model (ZTM). Zero Trust Model (ZTM) "Zero trust" is an aggressive model of network security that monitors every piece of data possible, assuming that every file is a potential threat .The Zero Trust Model of information security requires that all resources must be accessed in a secure manner, access control must be on a need-to-know basis and strictly enforced, systems must verify and never trust, all traffic must be inspected, logged, and reviewed, and systems must be designed from the inside out instead of the outside in. It simplifies how information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model—“trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify. This model was initially developed by John Kindervag of Forrester Research and popularized as a necessary evolution of traditional overlay security models. In the “zero trust security model”, companies should also analyze employee access and internal network traffic, grant minimal employee access privileges. It also emphasizes the importance of log analysis and increased use of tools that inspect the actual content or data “packets,” of internal traffic “sandbox control “. A commissioned study conducted by Forrester Consulting on behalf of IBM, results some of interesting outcomes: many firms today are already on the path to support Zero Trust Model. Respondents of the survey indicate that many have already adopted key Zero Trust concepts today, whether they are aware of Zero Trust or not. This is encouraging. Implementation of the Zero Trust Model then becomes less of a stretch for companies and more of an extension of the activities currently in place. Anywhere from 58% to 83% of respondents are already behaving in ways that support Zero Trust concepts, depending on activity (e.g., logging and inspecting all network traffic). Big Data and ZTM The convergence of Big Data and Network Security is a direct product of “Applied Big Data “and it’s a prime example of using analytics technologies to tackle a current business problem such as cyberattacks. Using ZTM will generate enormous volume of real-time data to analysis, which will have IT managers drowning in log files, vulnerability scan reports, alerts, reports, and more, but the data is not actionable at that stage. The magic in using Big Data analytics is in analyzing this data to give IT managers a comprehensive view of their security landscape. Exposing what is at risk, how severe the risk, how important the asset is, and how to fix it. A natural progression of the use of analytics is to track and protect business assets regardless of the location
  3. 3. as the perimeter of the network expanding with BYOD and the use of Cloud technologies. A promising approach in using Big Data is to apply behavioral analytics to data already resident in networks to prevent a broad range of suspicious activity. This is just one example of applying data science to existing data sets to address more nebulous threats, and generating profiles to anticipate future attacks. Research firm Gartner said that big data analytics will play a crucial role in detecting cyberattacks. By 2016, more than 25 percent of global firms will adopt big data analytics for at least one security and fraud detection use case, up from current eight percent. Going forward, big data will have an impact that will change most of the product categories in the field of computer network security including solutions, network monitoring, authentication and authorization of users, identity management, fraud detection, and systems of governance, risk and compliance. Big data will change also the nature of the security controls as conventional firewalls, anti-malware and data loss prevention. In coming years, the tools of data analysis will evolve further to enable a number of advanced predictive capabilities and automated controls in real time. Finally, the use of Big Data Analytics in Network Security needs efficient data capture and analysis that can look broadly and historically across an infrastructure, sometimes trailing several months, to see when and how a breach occurred, and what the consequences were. This process involves great volume, variety, and velocity of data. It’s an open field for companies to introduce new products, services, and harvest the profit. References http://stellartechnews.wordpress.com/2014/04/02/network-security-with-a-zero-trust-approach/ http://blogs.forrester.com/james_staten/14-10-23-grading_our_2014_cloud_predictions http://public.dhe.ibm.com/common/ssi/ecm/en/wgl03038usen/WGL03038USEN.PDF http://www.vcsolutions.com/news-events/blog/entry/zero-trust-network-security-only-trust-data-as- far-as-you-can-throw-it http://www.computerweekly.com/news/2240185636/Zero-trust-model-key-to-security-success-says- Forrester http://www.cyber-edge.com/2014-cdr/#lightbox/0/ http://techcrunch.com/2014/10/25/security-will-need-big-insight-not-just-big-data/ http://cloudtimes.org/2014/02/12/gartner-report-big-data-will-revolutionize-the-cybersecurity-in-next- two-year/

×