Welcome!

Big Data Journal Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, Roger Strukhoff

Related Topics: Big Data Journal, Security, SDN Journal

Big Data Journal: Article

The Role of Big Data in Threat Detection

The promise of Big Data lies in the ability to derive insight, reduce risk, and improve future security performance

Arriving at Actionable Insight: The Role of Big Data in Threat Detection

According to Gartner, Big Data refers to "high volume, high velocity, and/or high variety information assets" - and, this is the key - "that require new forms of processing to enable enhanced decision making, insight discovery and process optimization." While Big Data may seem like an invaluable tool that all security teams should try to leverage, it is not practical for everyone to attempt to harness it on their own. Finding insight from data is rarely as simple as it seems. We are still in the early stages of the Big Data revolution, with people only now beginning to understand what is possible, and what it takes to get there. Simply investing in tools and development is not enough. The fact is security teams are still struggling to identify and respond to incidents in an effective way. The Verizon Data Breach Investigations Report of 2013 noted that outside parties, whether it be a telecom provider, credit card issuer, third-party vendor or the FBI, were responsible for 70% of data breach notification, demonstrating that security teams are still missing the signs of detrimental threats that face organizations each and every day.

There is clearly promise in Big Data, but how do organizations get there? First, there is a need for human talent and expertise, as tools alone are not enough. Beyond creating a security operations center (SOC) to coordinate a cyber security strategy, it is critical for organizations to employ a data scientist or someone who is capable of consuming and analyzing the information to create effective models for identifying threats. Unfortunately, there is a vast talent gap in the field of data science, particularly at the intersection of data and security. There are also technical hurdles preventing development. Integrating high volumes and varieties of data sources and formats, both internal and external, into a security framework requires both technical expertise and resources. In many ways, these programs are for select organizations. Enterprises must facilitate financial resources, technical know-how, and data science expertise to execute a holistic and effective Big Data program.

The promise of Big Data lies not in the collection of millions of records, but in the ability to derive insight, reduce risk, and improve future security performance. So, if the barriers to an internal Big Data program are high, but the potential benefits are great, how do we arrive at the insight needed to reduce risk and improve future security performance? Fortunately, there are options available for organizations to gain these advantages without having to make the commitment to a full-scale Big Data program.

One emerging option is the possibility of Big Data as a Service (BDaaS). Through the perimeterless nature of the Internet, vendors can access, analyze, and provide actionable insight into potential - or even future - threats. For example, card issuers often turn to outside vendors for Common Point of Purchase (CPP) analysis to detect potential fraud associated with theft or breach. By outsourcing the collection and analysis, businesses can streamline their path to insight.

Organizations of all sizes face challenges of data collection and analysis on a daily basis. In order to gain insight from data, companies must invest in the tools, strategies, and staff needed to make sense of accessible information. Once the appropriate protocol is in place, insight from Big Data may function as a way of reducing risk, protecting enterprises from our hostile threat landscape.

More Stories By Stephen Boyer

Stephen Boyer cofounded BitSight in 2011 and serves as Chief Technology Officer. Prior to founding BitSight, he was President and Cofounder of Saperix, a company spun out of the MIT Lincoln Laboratory focused on vulnerability and network topology risk analysis. Saperix was acquired by FireMon in 2011.

While at the MIT Lincoln Laboratory, Stephen was a member of the Cyber Systems and Technology Group where he led R&D programs solving large-scale national cybersecurity problems. His work at the MIT Lincoln Laboratory included research, development, and evaluation of next generation intrusion detection correlation architectures, attack graph vulnerability analysis, large-scale cyber situational awareness, security risk measurement, and cyber simulation and testing.

Prior to joining the MIT Lincoln Laboratory, Stephen designed, developed, and tested products at one of the earliest Linux startup companies, Caldera Systems.

Stephen holds a Bachelors degree in Computer Science from Brigham Young University and Master of Science in Engineering and Management from the Massachusetts Institute of Technology.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Latest Stories from Big Data Journal
The cloud provides an easy onramp to building and deploying Big Data solutions. Transitioning from initial deployment to large-scale, highly performant operations may not be as easy. In his session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, will discuss the benefits, weaknesses, and performance characteristics of public and bare metal cloud deployments that can help you make the right decisions.
Cisco on Wedesday announced its intent to acquire privately held Metacloud. Based in Pasadena, Calif., Metacloud deploys and operates private clouds for global organizations with a unique OpenStack-as-a-Service model that delivers and remotely operates production-ready private clouds in a customer's data center. Metacloud's OpenStack-based cloud platform will accelerate Cisco's strategy to build the world's largest global Intercloud, a network of clouds, together with key partners to address cu...
When one expects instantaneous response from video generated on the internet, lots of invisible problems have to be overcome. In his session at 6th Big Data Expo®, Tom Paquin, EVP and Chief Technology Officer at OnLive, to discuss how to overcome these problems. A Silicon Valley veteran, Tom Paquin provides vision, expertise and leadership to the technology research and development effort at OnLive as EVP and Chief Technology Officer. With more than 20 years of management experience at lead...
Amazon, Google and Facebook are household names in part because of their mastery of Big Data. But what about organizations without billions of dollars to spend on Big Data tools - how can they extract value from their data? Ion Stoica is co-founder and CEO of Databricks, a company working to revolutionize Big Data analysis through the Apache Spark platform. He also serves as a professor of computer science at the University of California, Berkeley. Ion previously co-founded Conviva to commercial...
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again.
Where historically app development would require developers to manage device functionality, application environment and application logic, today new platforms are emerging that are IoT focused and arm developers with cloud based connectivity and communications, development, monitoring, management and analytics tools. In her session at Internet of @ThingsExpo, Seema Jethani, Director of Product Management at Basho Technologies, will explore how to rapidly prototype using IoT cloud platforms and c...
BlueData aims to “democratize Big Data” with its launch of EPIC Enterprise, which it calls “the industry’s first Big Data software to enable enterprises to create a self-service cloud experience on premise.” This self-service private cloud allows enterprises to create 100-node Hadoop and Spark clusters in less than 10 minutes. The company is also offering a Community Edition via free download. We had a few questions for BlueData CEO Kumar Sreekanti about all this, and here's what he had to s...
Labor market analytics firm Wanted Analytics recently assessed the market for technology professionals and found that demand for people with proficient levels of Hadoop expertise had skyrocketed by around 33% since last year – it is true, Hadoop is hard technology to master and the labor market is not exactly flooded with an over-abundance of skilled practitioners. Hadoop has been called a foundational technology, rather than ‘just’ a database by some commentators – this almost pushes it towards...
Are your Big Data initiatives resulting in a Big Impact or a Big Mess? In his session at 6th Big Data Expo®, Jean-Francois Barsoum, Senior Managing Consultant, Smarter Cities, Water and Transportation at IBM, will share their successes in improving Big Decision outcomes by building stories compelling to the target audience – and our failures when we lost sight of the plotline, distracted by the glitter of technology and the lure of buried insights. Our cast of characters includes the agency head...
Scene scenario: 10 am in a boardroom somewhere, second round of coffees served, Danish and donuts untouched, a quiet hush settles. “Well you know what guys? (and, by the use of the term guys I mean to include both sexes here assembled) – the trouble that we have as a company is that we are, to put it bluntly, just a little analytics poor,” said the newly appointed Chief Analytics Officer. That we should consider a firm to be analytically deficient or poor is a profound comment on our modern ag...