My friend Aamir Lakhani, AKA Dr. Chaos, posted this blog recently on his website,www.drchaos.com. The topic is on combining big data analytics with software-defined networking in order to build anomaly-based detection and mitigation systems for internal networks.
In the blog he discusses reasons why traditional security doesn’t work and why innovations are necessary. He argues that in cases where attacks leverage legitmate applications, protocols and user creditentials to gain unauthorized access, traditional security protections prove useless.
However, using advanced analytics, along with modern security tools, security teams can identify anamolous behavior even if the attacker has valid credentials. The key is establishing baselines and running sophisticated analysis on large data sets.
As he points out, “Data science experts will tell you that no matter how often an abnormal behavior occurs — whether it’s one hundred times or just once — it’s still abnormal behavior and can be categorized once a baseline is established.”
It’s a fantastic read and very provocative. It ties back into our firmly held belief at RiskIQ that innovative detection methods are going to be the best defense for organizations, their brands and their customers in the modern world. RiskIQ also leverages large data sets and data analytics as inputs into our technology to manage external threats. It is a key factor in ensuring we provide accurate and timely data, which we strongly believe can make the difference in protecting an enteprise profile online.
Cybersecurity 2014: Breaches and costs rise, confidence and budgets are low Following a year of…
Year-to-date Statistics 2014 Breaches up nearly 30% To date this year, the ITRC has tracked…