The pace of change in technology is continuing to accelerate, bringing with it unintended consequences. Cybercriminals of even limited skills can buy exploits on the dark web for less than the price of tickets to the Broadway musical "Hamilton" and in return realize tens of thousands of dollars in profit from a successful data breach.
Cyber-attacks are becoming increasingly sophisticated, from drive-by downloads to watering hole attacks to the most common attack vector: Spear phishing. Malware is now polymorphic, changing its thumbprint as many as thousands of times per minute to evade corporate defenses.
Advanced persistent threats (APTs) are now constantly targeting specific organizations, often starting with spear phishing emails which compromise systems to gain network access and eventually deploying additional tools to fulfill attack objectives.
As you might imagine, it's nearly impossible to detect these attacks and protect against them using traditional defense-in-depth approaches. Perimeter protection fails when threats are no longer "outside of the moat," but rather "inside the castle." Using signature-based threat detection is ineffective in the face of attacks specially built to evade signature detection.
A few more factors that complicate the situation are companies tend to rely on too many discrete and diverse point solutions as part of their defense mechanisms. Combined with their use of diagnostic rather than predictive security procedures, they wind up with too many false alarms that lead to security staff alert fatigue. That desensitization makes it easier for the real security threats to slip by unnoticed.
At the same time this total volume of data being transported grows, companies' are increasingly moving to software-defined networks (SDN) and network function virtualization (NFV). While the move brings benefits for dynamically provisioning network services and streamlining operations, the switch to using virtual images that interact with each other for routing or firewalls or session border controls, rather than individual appliances, may also increase the security risks to the network from a single compromised device.
A better way
As big data gets bigger and its value ever more enticing to the bad guys, truly actionable intelligence that would enable security teams to effectively patrol their organizations often doesn't exist. But it can.
It's time for security teams to evolve their approach to this new age of major threats. The way to do it is by leveraging big data analytics – especially in combination with machine learning, AI and human guidance to:
- Understand normal network behavior
- Distinguish normal from true abnormalities
- Reduce the volume of false alarms
Feeding the knowledge gained from analytics in an ongoing loop back into the organization's systems, as well as to a global security operations center, enables security to continually learn about and automatically predict real threats amidst the huge amount of network data.
According to Masergy's Security Control Center (SCC) experts, an integrated approach to cybersecurity can reduce the volume of alerts and zero in on actual threats. Consider these factors:
- A typical customer generates 1M+ alerts per month
- The SCC distils that down using human research and threat intelligence
- This results in 7–18 external trouble tickets that require customer mitigation
- Customers usually discover false positives in 3–5% range
- That's far less than they would with discrete point solutions
Indeed, the more that's monitored, the smarter the analytics become – and the better an organization gets at handling threats.
Not only that, but forensic analysis grows more effective too: security operations centers can leverage big data analytics to recreate actual incidents across multiple systems to discover how an exploit is carried out and even simulate potential defenses against it.
Big data analytics gives organizations a chance to even the odds with cybercriminals. Given the current threat landscape, it's arriving not a moment too soon.