Harnessing the Power of Big Data to Fight Cyber Crime

By Leon Ward, Field Product Manager, Sourcefire.

  • Monday, 9th September 2013 Posted 11 years ago in by Phil Alsop

Organisations have been using big data tools and technologies to analyse everything from consumer buying patterns to competitors' product strategies. It was only a matter of time before the security industry took notice at the effectiveness of big data for analysing complex and varied types of data inputs and sought a way to make it work for today's security problems. And now, it's nearly impossible to hear about a new security product without mention of big data. So what is true in the rest of the world is true for security software, as well - more data means more intelligence. And good intelligence has long been a decisive factor in the battle again malware. But with threats multiplying exponentially, analysing information is becoming just as important as gathering it.


Over the past few years we’ve seen a dramatic shift in the threat environment. Whether the threats come from hackers, script kiddies, client-side attacks, advanced persistent threats, or state-sponsored actors, the attacks are targeted, unexpected and deadly. The perpetrators are organised, well-financed and relentlessly innovative.


With new threats targeting IT infrastructure at an unprecedented pace, traditional means of protection are no longer adequate. The days of manually analysing threats, creating signatures and deploying these signatures are long gone. In our research, nearly 75 per cent of threats are seen only once with lifetimes measured in hours and days. The continuous metamorphosis into variations of the same core threat makes timely response incredibly difficult.


In the face of today’s dynamic and fast-paced environment the IT security industry needs to incorporate the power of Big Data into their security arsenal. Emerging with the explosive growth of data, storage and processing power over the past couple of years, Big Data involves the use of tools, processes and procedures to create, manipulate and manage massively large data sets ranging in terabytes or petabytes. Search and social media have been using Big Data tools such as data mining and unstructured data processing to understand more about users and better tailor results and services to meet their needs. But Big Data can also be applied for insightful, up-to-the-minute protection, helping security managers make smart decisions while fighting against today’s continuous threats.


One of the powerful IT security applications of Big Data analytics is the ability to predict new malware by analysing malware data from extremely large user communities. IT security solutions with built-in Big Data capabilities continuously gather and scan data from millions of users simultaneously. Data mining algorithms leverage their understanding of existing malware to automatically predict threats that are mutations of existing threats and have never been seen before. These Big Data tools can use malware data collected from a single source to protect the entire community. Security analysts can then use the results of this predictive analysis to make informed decisions about protecting the environment.


When evaluating new security solutions for your organisation, be sure to ask your vendor the following:
1.) How do they know their solutions are working in real environments with real data?
2.) Do the solutions have built-in, automated analysis capabilities to understand if threats are real or benign, and to make intelligent decisions about remediation?
3.) Do their solutions provide you with in-depth, actionable forensic data about the actual threats your organisation is facing on a daily basis?
In today’s environment, organisations need security solutions that work in the real world – that can continuously draw from volumes of data to identify suspicious activity, leverage automation to keep up with the volume of threats, correlate that data to home in on real threats, and provide up-to-date and timely protection.


Cyber criminals are constantly looking at new ways to penetrate our IT infrastructure with damaging results. Organisations need a new way to evaluate and protect their environments with intelligent decision making. Look for Big Data to play a more integral role in your security strategy.