Mining Big Data for Better Security Intelligence
Today, IBM Security Systems announced a “Breakthrough with Combination of Security Intelligence and Big Data – Data Analytics Helps Organizations Hunt for Cyber Attacks.” By combining the worlds of business and security intelligence, organizations have the ability to analyze data in new ways resulting in the ability to detect threats that they would have previously missed and react faster with more accurate and timely results. Sandy Bird, CTO for IBM Security Systems, wrote an interesting blog post on this topic where he talks about how the security strategy of the future will be built on the underlying premise that every new source of data is a blessing and not a curse.
Excerpt from the IBM Smarter Planet Blog:
Over the years the game of cat and mouse between attackers and people tasked with defending networks against their advances has evolved to become increasingly more complex. Every new advance in defensive technologies has forced attackers to adopt new tactics, and every new attack technique has produced a new security start-up. The result of this game has been that some of the most diligent and advanced security organizations in the world have deployed over 60 different security products, products that infrequently communicate with one another. Unfortunately, this has not proven a sustainable long-term approach to the security challenge as attacks have become more complicated, difficult to detect and even far reaching. Realistically, we can’t rely on any single product to be successful 100% of the time. The question is, if we understand the realities associated with perfection, why do we continue to embrace strategies that seem to rely on products being successful in isolation?
We need a different, foundational approach to the security challenges associated with sophisticated attackers….the security strategy of the future will be built on the underlying premise that every new source of data is a blessing and not a curse.
Read Sandy’s full post on the IBM Smarter Planet Blog for answers to questions like “How to identify and combine those subtle data indicators of an attack?” and “Does a security strategy need to change just because another piece was added to the puzzle?”
If you are interested in learning more about IBM Security Intelligence for Big Data be sure to check out:
VIDEO The Role Big Data Plays in Solving Complex Security Problems
INFOGRAPHIC on A Big Data Approach to Security Intelligence
IBM Security Systems website: For access to more product information, white papers and more
Late last month, the IBM X-Force team released their mid-year trend and risk report. This 100+ document includes research on the latest attack trends, risks and threats, and is full of tips on how to avoid them and keep your organization safe. For those of you who haven’t had time to read the full report, one highlight that I’d like to point out is the contribution from Michael Applebaum, product marketing director at Q1 Labs. He contributed a terrific write up on using security intelligence for advanced threat protection, which also includes a list of best practices for anomaly detection. If you have a few minutes, check out this post Michael wrote for the IBM Software blog- and if you are interested in reading the full IBM X-Force report, download it here.
Excerpt from the IBM Software Blog:
Not every security breach is the result of an advanced persistent threat (APT). In fact, only a small fraction probably are.
But the industry is buzzing about APT’s today because the business impact of an APT can be massive. Victims of these attacks are keenly targeted, and a successful breach can expose customer data, financial data, intellectual property and other information assets. Recovering from this kind of attack can be a costly and long term challenge, since trust takes years to build, but moments to destroy. Regaining the confidence of customers and other stakeholders is inevitably the most difficult part of recovering.Perhaps surprisingly, APT targets aren’t always Fortune 500 corporations and government agencies. It was reported that one long-running APTcompromised real estate firms, construction companies and even a national Olympic committee. The lesson is that any organization with information of value to others is a potential target...
Read his full post for answers to questions like “Do I really need to worry about an APT attack?” and “How does security intelligence work?”.
What would you do if someone was repeatedly trying to break in your front door? Would you add an extra lock and hope that was enough? Would you completely ignore the back door? If you lived in a neighborhood where lots of homes had been broken into, would you do some research to see what the common entry points were and maybe take some precautions to better address those risks- even if your house had been safe so far?
I’d like to think you’d do just about anything in your power to protect your home, and definitely your business. But finger crossing and dead bolt- equivalents seem to be the approach a lot of organizations take when it comes to security, especially network security. Those organizations are resting on hope; hope that they won’t be targeted by a cyber attack, hope that no disgruntled insiders will take a shot, hope that their network security analysts won’t miss something in the piles of log data being generated every minute, and hope that their first generation solutions are working good enough to catch modern attackers.
Earlier this week I read an article in Network World about the failure of CSOs to properly evaluate risk in their security strategy. It asked the important question- “what happens if your security strategy doesn’t work?” I’m betting there’s a lot of organizations out there who don’t know the answer to that question, and if they did, they wouldn’t be happy.
To truly be secure, you need to know where your vulnerabilities are and then figure out how to fix them. Your team needs to be prepared to identify and respond quickly to attempted and successful breaches (because inevitably, some will get through). They also need to know how to minimize the damage that can be caused by an incident. They need to be able to find the who, the what, the when, the where and most importantly, the how- and they need this information in real time! This is the essence of Security Intelligence. Do you have it?
Government agencies, like their private sector brethren, are knee deep in IT security challenges, threats, and regulations. While that’s not much of a shock, this might be – according to the Government Accountability Office, the number of reported security incidents increased by over 650 percent during fiscal years 2006–2010. At the same time, government agencies have widespread deficiencies in security controls, leading to vulnerabilities undetected breaches, and insider fraud.
To help meet these challenges, the federal government is implementing a risk-based IT security strategy based on deploying enterprise continuous monitoring solutions. These solutions will continually assess the actual security state of agencies’ IT networks and systems, while providing scoring information that managers can use to prioritize actions needed to reduce risk and improve their security grades. Continuous monitoring will enable agencies to determine their own security health and compare it to other agencies. Scoring will also allow the different lines of business within an agency to more effectively work together, while enabling agencies to gain the same operating efficiencies from IT investments that Fortune 500 companies have realized.
Recently, along with our friends at 1105 Media and partner Accuvant, we discussed the importance of continuous monitoring and related steps agencies should take while approaching it. Security intelligence plays a critical role in achieving continuous monitoring because of its ability to centralize information into a single console from various data sources.
Most importantly, we talked about how many government agencies are successfully addressing previously disparate functions — including SIEM, risk management, log management, and network behavior analytics — into a total security intelligence solution that fits the constrained budgets and resources of government agencies. The QRadar Security Intelligence Platform enables our customers to leverage existing assets, stabilize budgets, and easily comply with new mandates while maintaining a proactive stance on risk management and security.
If you missed the webinar, or just want to revisit it, watch the whole thing HERE. For a deeper look at how security intelligence helps federal agencies adopt a continuous monitoring security program without requiring additional resources, download this white paper.