Uploaded byFemi Ashaye
Big Data Analytics for Cyber Security: A Quick Overview
The document discusses the evolution of cyber security in relation to big data analytics, emphasizing the need for advanced analytical tools to address increased and evolving cyber threats. It highlights the limitations of traditional SIEM systems and advocates for integrating big data analytics to enhance threat detection and response capabilities. The conclusions stress the importance of adopting a more data-centric and agile approach to security intelligence, while also suggesting future investments in security analytics capabilities.
More Related Content
Similar to Big Data Analytics for Cyber Security: A Quick Overview
![Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/apachesparkgettingstarted-260203175547-8361bcc3-thumbnail.jpg?width=640&height=640&fit=bounds)
Big Data Analytics for Cyber Security: A Quick Overview
- 1. Big Data Analyticsfor Cyber Security: A Quick Overview By Femi Ashaye
- 2. Introduction –Addressing Cyber Security (2013) Managing Cyber Threats (2013) Big Data Analytics in SIEM Managing Cyber Threats (2016) Cyber Security Control Model Conclusion Agenda
- 3. Previous presentationon Cyber Security http://www.slideshare.net/fashaye/addressing-cyber-security-26632216 addressed approach required to deal with Cyber threats in mid 2013 – threat landscape in 2016 has increased and evolved. Risk based approach of 2013 is still relevant, utilising relevant, but more linear, ISO 27001 processes and activities (Plan->Do->Check->Act->Check->Act->Check->Act->Check->.... ): Risk Assessments conducted to understand likelihood of threats and vulnerabilities and impact to the organisation (Plan & Check) Prevent, detect and respond to security incidents, reviewing existing state of security (Check & Act) Measurement of control effectiveness and maturity of overall security to enable when, where and how to improve overall security posture (Check & Act) SIEM provides recording of security incidents and risk related information such as: Malicious traffic to specific systems Suspicious activity across domain boundaries User session activity.. and more... Outcome is that the approach is required to understand the scale and impact of Cyber Threats. Indicators for risk exposure and control effectiveness identifies key risks over time. Data and system centric processes and key controls already exists for dealing with Cyber Threats. Might require help from other disciplines such as criminologists, sociologists, psychologists. lawyers etc.. leading to people and behaviour centric controls. Introduction – Addressing Cyber Security (2013)
- 4. Managing Cyber Threats(2013) Threat Firewall Identity and Access Manager DLP Vulnerability Vulnerability Scanner Asset Preventative and Detective Controls IDS/IPS Suspicious Login or Access Event Malicious Port Scanning Event Malware Event Data Theft Event Mitigates or stop attack against... Discovers attack against.. Suspicious Network Access Event Application; DB and OS etc.. information Asset Inventory and compliance Information Un-patched OS/Application Denial of Service Event Mounts attack on.. Can be exploited to attack Discovers and protects against Discovers and protects against. Threat Correlation/Aggregation Vulnerability Correlation/Aggregation Asset Correlation/Aggregation Event Logging and Reporting Risk Information SIEM & Logger AV Gateway ALARM Security Incidents
- 5. Digitalisation (specificallyInternet-of-things) and business ecosystems introducing proliferation and disparate connected systems and devices, means variety of security data are creeping up to higher volumes now more so than ever (Gartner – Security data expect to slowly double up every year through to 2016, since 2014). Threat landscape in 2016 has evolved, and is increasing. Cyber criminals typically blend into background operational noise, performing undetected reconnaissance of networks over long period of time, before carrying out attacks. Identifying these threats amongst the growing volumes of security data presents greater challenges Data centric controls outlined, but not detailed, in 2013 approach is now more relevant. Big Data analytics applied to Cyber Security provides another level of context. It identifies threat anomalies, patterns and predict threats not typically derived from the traditional risk-based context. Traditional SIEM not able to capture proliferation of new data - New generation of SIEM tools incorporate Big Data Analytics to provide Security Analytics. Security analytics will better consolidate all security data from disparate security tools, business applications, IT applications, cloud applications, digital business ecosystems and business processes to deal with enterprise level threats at real-time. Security analytics will have the capabilities to seamlessly mine data, structured and unstructured, to enhance threat landscape analysis and provide better visualisation of such data to further aid forensics capabilities. Security Analyst skillset requires high level of data science and big data analytics expertise Big Data Analytics in SIEM
- 6. Managing Cyber Threats(2016) Threat Firewall Identity and Access Manager DLP Vulnerability Vulnerability Scanner Asset Preventative, Predictive and Detective Control IDS/IPS Suspicious Login or Access Event Malicious Port Scanning Event Malware Event Data Theft Event Mitigates or stop attack against... Discovers attack against.. Suspicious Network Access Event Application; DB and OS etc.. information Asset Inventory and compliance Information Un-patched OS/Application Denial of Service Event Mounts attack on.. Can be exploited to attack Discovers and protects against Discovers and protects against. Unstructured Security Event Correlation/Aggregation Threat Correlation/Aggregation Vulnerability Correlation/Aggregation Asset Correlation/Aggregation Event Logging and Reporting Predictive Modelling Risk Information SIEM w/Security Analytics AV Gateway ALARM Security Incidents Business & IT application Unstructured security events Cloud systems Context aware identity data Predicted Threats
- 7. Cyber Security ControlModel THREATS INCIDENTS COMPLIANCE NEGATIVE BUSINESS IMPACT PREDICTIVE CONTROLS DETERRENT CONTROLS PREVENTATIVE CONTROLS CONTAINMENT CONTROLS ASSURANCE CONTROLS EVIDENTIAL CONTROL CORRECTIVE CONTROLS DETECTIVE CONTROLS VALUE ASSETS Demonstrates Reduce Have Results in VULNERABILITIES Triggers Triggers Triggers The model illustrates the basic relationships between Risks and Countermeasures driven by the control capabilities of Security Analytics. It demonstrates how prediction and detection of threats enables proactive response to definitive, and potential risk scenarios. Exploit Causing Affecting CountermeasuresRisk Model Informs
- 8. Conclusion Big datadriven security enables organisations to gain richer context for assessing Cyber threats against their specific business and compliance requirements Enables a more data centric approach to traditional risk-based security intelligence Enables a more agile approach to traditional risk-based security intelligence Address Advanced Persistent Threats Improve security monitoring Data architecture to incorporate and catalogue all relevant security information across the business required for Security Analytics Future security strategy will feature investment and alignment of security tools enhanced with big data analytics capabilities – This is the next challenge Security Analytics currently addresses Cyber Threats by combining traditional human led risk analysis with machine led data-driven, behavioural analysis - This will evolve to a machine only led, risk and data driven, Security Analytics. Thank You!!