Most IT service desk managers are aware that big data is useful for security purposes, but this concept is a bit nebulous to them. Many aren’t sure exactly how to get the useful data and then how to use analytics to identify and stop security threats. There are several tools available to help collect, analyze and stream data for real-time security. Here is how big data aids in improving IT security, how to use data analysis to identify threats, and what tools are available to assist your security efforts.
How Big Data Identifies Security Risks
Big data allows IT to set a baseline of network and user activity by which unusual activity can be compared and analyzed for threats. Usually, hackers make their way into networks and systems by stealing or guessing an authentic user’s user name and password. The hacker then works behind the scenes, often upgrading the level of their stolen password to increase their level of access, and stealing or corrupting sensitive internal data. The big data gives you the baseline of normal activities by which to compare suspicious behavior.
For example, let’s say Sue’s user name and password are stolen. She is a production worker, with a relatively low level of system access. Over the course of days, weeks, or months, Sue’s access level increases, so that she is able to access a significant amount of high-level data. Her user account then shows high numbers of file transfers, some at night when Sue is home with her family, and much of it transferred to a country to which Sue has never been. Only with the baseline — Sue’s usual user activity — can you identify the nefarious behavior of the hacker who has stolen her information and is using it to steal your data.
Top Tools for Big Data Analytics to Improve Security
A number of tools are available to help IT departments identify and stop these types of attacks. First is good asset management software. Asset management allows you to identify, monitor, and control what users access the network on which devices, where those devices are, and when the user typically accesses the system. It also helps you control what software is in play on your network.
Hadoop is another powerful tool for data analytics, and has numerous features specifically for security. Hadoop is an open-source tool for handling unstructured and variable data that does not fit well within a typical database structure. Hadoop is highly scalable, and a number of Hadoop products are available specifically for security.
A useful tool is RiskVision, which is currently in version 7. This product allows you to mine data from ERP systems and third-party business applications to produce security risk data, as well as data for operational intelligence.
IBM has recently partnered with Narus to offer another option. IBM’s InfoSphere BigInsights, combined with Narus’ nSystem allow IT to run streaming data on exceptionally huge data flows to deliver real-time security intelligence.
Many of the Hadoop products and tools are free. The other tools are paid, brand-name products. Before delving into big data analysis for security, you’ll need to migrate the data so that is accessible on Hadoop or whatever analytics structure you choose to use.