data analytics for information security: from hindsight to ... · big data analytics can improve...

3

Click here to load reader

Upload: vutram

Post on 10-Apr-2018

218 views

Category:

Documents


6 download

TRANSCRIPT

Page 1: Data Analytics for Information Security: From hindsight to ... · Big data analytics can improve information security and increase cyber resilience Information Security Forum •

“We knew we had the data – we just needed to fi nd it and make sense of it.”

With the capability to properly analyse threats, risks and incidents from a wide array of data sources, the insight from big data analytics helps executives and boards better manage the risk/reward balance in cyberspace. Big data analytics can lead to improved information security, greater organisational agility, better cyber resilience and decreased business impact.

As information risks and cyber security threats increase, organisations need to move away from reacting to incidents toward predicting and preventing them.

Threats are numerous and complex. Incidents can have many facets, making it diffi cult to understand their reach, business impact and resolution. Organisations need a more holistic and in-depth view of the risks and incidents they face, yet can’t see the big picture if they’re drowning in data.

Big data analytics – the capability to gain insight by analysing vast and disparate data sources, both internal and external – is standard practice in many aspects of business. Data warehousing, visualisation and a variety of sophisticated analyses are commonplace, but the insights they can provide are not yet being widely realised in information security.

Big data analytics provides a step change with the potential to provide the same calibre of actionable insight into information security as it does in marketing, science and medical research.

Based on our research and insights from our global Membership, Data Analytics for Information Security shows the value of using big data analytics to improve information security. It identifi es the capabilities that organisations should develop to move on from the retrospective, single-incident snapshot view that is commonplace today.

“Nirvana would be data analytics predicting the future and enabling the prevention of all incidents.”

Data Analytics for Information SecurityFrom hindsight to insight

Action

About the ISFFounded in 1989, the Information Security Forum (ISF) is an independent, not-for-profi t association of leading organisations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefi t from harnessing and sharing in-depth knowledge and practical experience drawn from within their organisations and developed through an extensive research and work program. The ISF provides a confi dential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

ContactsFor further information contact:Michael de CrespignyTel: +44 (0)20 7213 1745Fax: +44(0)20 7213 4813Email: [email protected]: www.securityforum.org

DisclaimerThis document has been published to provide general information only. It is not intended to provide advice of any kind. Neither the Information Security Forum nor the Information Security Forum Limited accept any responsibility for the consequences of any use you make of the information contained in this document.

Reference: ISF 12 06 02 Copyright © 2012 Information Security Forum Limited.All rights reserved. Classifi cation: Public, no restrictions

p g p p y

“Nirvana would be data analytics predicting the future and enabling the prevenentitionon o off alalll inin iciddents.”

Information Security Forum nor the Information Security Forum Limited accept any responsibility for the consequences of any use you make of the information contained in this document. y p g g pp

Reference: ISF 12 06 02 Copyright © 2012 Information Security Forum Limited.All rights reserved. Classifi cation: Public, no restrictions

AbbbAbAbA ouououttt hhthththeee ISISISISISFFFFF

Where next?The Data Analytics for Information Security report is available from the ISF’s Member website, ISF Live. It helps organisations understand how big data analytics can provide actionable insight to threats to information security, and it provides practical guidance on getting started.

It does this by:

• setting the scene and explaining what big data analytics is• describing how big data analytics is currently creating value• showing how big data analytics could improve information security • explaining how to get started using big data analytics for information

security• outlining a process for applying big data analytics to information security

problems.

Input for the report was gathered from workshops and online meetings with ISF Members around the world, interviews with ISF Member experts and other experts, Member case studies, and thought leadership provided by the ISF Global Team.

The report is supported by an implementation space on the ISF Member website, ISF Live, which contains a facilitated forum for Members to discuss related issues and solutions, along with additional resources including a webcast and presentations.

The ISF’s Data Analytics for Information Security report is available free of charge to Members of the ISF. Non-Members are able to purchase a copy of the report by contacting Steve Durbin at [email protected].

Page 2: Data Analytics for Information Security: From hindsight to ... · Big data analytics can improve information security and increase cyber resilience Information Security Forum •

Big data analytics can improve information security and increase cyber resilience

Information Security Forum • Data Analytics for Information Security Data Analytics for Information Security • Information Security ForumInformation Security Forum • Data Analytics for Information Security Data Analytics for Information Security • Information Securityy Fororumum

KEY FINDINGS

1 Big data analytics is delivering value today

2 Big data analytics has the potential to reduce cyber security risk and increase agility

3 Despite its potential, big data analytics is not yet mature within information security

4 Big data analytics is challenging, but manageable

5 Existing big data analytics capabilities can be leveraged to improve information security

6 It can be easy to get started and get early results

ACTIONS

1 Identify information security issues that big data analytics can help address

2 Exploit the existing data analytics capabilities within your organisation

3 Start small by performing a limited pilot to prove the value of big data analytics

4 Share your experiences with other ISF Members at meetings and on the ISF Member website, ISF Live

Identify the business issue Analyse Act on results

BIG DATA

ANALYSIS PROCESS

BUSINESS ISSUE

BIG DATA ANALYTICS ENABLERS

BUSINESS VALUE

Opportunity

Efficiency

Risk

Create Hypothesis

Select data

Analyse data

Revise Hypothesis

Examine results

Act on insights

Information security examples:

ExternalInternal

@Email

Video

Cloud

HR

Web

Logs

Application Voice

Instant messaging

IM

Regulatory sources

IntelligenceSocial Media

Industrial and market data

Tools Techniques People Visualisations+ + +

specialists

security specialists

An organisation suspected the presence of a deeply embedded

cyber-criminal operation within its systems. By using advanced and persistent attack methods, criminals had penetrated the organisation’s systems to set up a fraudulent operation around the organisation’s business processes. With thousands of servers and a complex systems architecture, the criminals managed to establish an entrenched presence. Attempts at eradicating their presence with traditional security defences (patching, fi rewalls, IDS, DLP) were ineffective, and left the organisation fi ghting a losing battle.

“How do you quickly secure the entire organisation’s network?”

AnA oprese

cyber-crimBy using a

1

se securicurity sty specipecialisaliststs

re,

This insight provided the organisation not only with the ability to shut down

the immediate cyber-criminal attack, but also with a richer understanding of the nature of the threats it faces. Analytical and visualisation tools allowed the organisation to take focused and directed action against the sources of the breach – as opposed to the traditional network-wide canvassing – saving money and reducing the remediation time. Armed with a better understanding of its most vulnerable assets and likely attack vectors, the organisation was able to apply a more effective and effi cient approach to securing its systems from external and internal breaches.

ThT is not o

thhe immealso with

3

There is an ever-increasing amount of data available to help improve information security.

• Data volumes are growing massively: ninety percent of the data in the world today has been created in the last two years, and about 2.5 million terabytes are created every day. • Data types are more varied and harder to understand: an estimated 80 to 90 percent of any organisation’s data is complex or less structured.• There are endless new types and sources of data, both internal and external. From blogs and social media to video and GPS logs, the ubiquity of mobile devices adds to the volume, variety and complexity.

The case study shows how an organisation used big data analytics to remove a deeply embedded cyber-criminal operationand contain the incident before it caused further damage

The balance of power shifted once the organisation started using big data analytics. They considered the abundance of rich sources of information. They

correlated business information (payroll, customer, and vendor data) with fi rewall logs, scanner reports and vulnerability analyses. They applied a variety of advanced analytic techniques and augmented the analysis with details from servers containing high-risk data. The results were displayed using an assortment of visualisation techniques, including geographic mapping. The results showed that criminals were abusing internal processes to launder illegal cash through the business.

“For the fi rst time we have the ability to store and analyse the data, and quickly visualise it in real time.”

ThT e analy

rrelatecoranner rsca

2

Page 3: Data Analytics for Information Security: From hindsight to ... · Big data analytics can improve information security and increase cyber resilience Information Security Forum •

“We knew we had the data – we just needed to find it and make sense of it.”

With the capability to properly analyse threats, risks and incidents from a wide array of data sources, the insight from big data analytics helps executives and boards better manage the risk/reward balance in cyberspace. Big data analytics can lead to improved information security, greater organisational agility, better cyber resilience and decreased business impact.

As information risks and cyber security threats increase, organisations need to move away from reacting to incidents toward predicting and preventing them.

Threats are numerous and complex. Incidents can have many facets, making it difficult to understand their reach, business impact and resolution. Organisations need a more holistic and in-depth view of the risks and incidents they face, yet can’t see the big picture if they’re drowning in data.

Big data analytics – the capability to gain insight by analysing vast and disparate data sources, both internal and external – is standard practice in many aspects of business. Data warehousing, visualisation and a variety of sophisticated analyses are commonplace, but the insights they can provide are not yet being widely realised in information security.

Big data analytics provides a step change with the potential to provide the same calibre of actionable insight into information security as it does in marketing, science and medical research.

Based on our research and insights from our global Membership, Data Analytics for Information Security shows the value of using big data analytics to improve information security. It identifies the capabilities that organisations should develop to move on from the retrospective, single-incident snapshot view that is commonplace today.

“Nirvana would be data analytics predicting the future and enabling the prevention of all incidents.”

Data Analytics for Information SecurityFrom hindsight to insight

Action

About the ISFFounded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organisations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organisations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

ContactsFor further information contact:Steve DurbinUK Tel: +44 (0)20 7213 1745US Tel: +1 (347) 767 6772Fax: +44(0)20 7213 4813Email: [email protected]: www.securityforum.org

DisclaimerThis document has been published to provide general information only. It is not intended to provide advice of any kind. Neither the Information Security Forum nor the Information Security Forum Limited accept any responsibility for the consequences of any use you make of the information contained in this document.

Reference: ISF 12 06 02 Copyright © 2012 Information Security Forum Limited.All rights reserved. Classification: Public, no restrictions

Where next?The Data Analytics for Information Security report is available from the ISF’s Member website, ISF Live. It helps organisations understand how big data analytics can provide actionable insight to threats to information security, and it provides practical guidance on getting started.

It does this by:

• setting the scene and explaining what big data analytics is• describing how big data analytics is currently creating value• showing how big data analytics could improve information security • explaining how to get started using big data analytics for information

security• outlining a process for applying big data analytics to information security

problems.

Input for the report was gathered from workshops and online meetings with ISF Members around the world, interviews with ISF Member experts and other experts, Member case studies, and thought leadership provided by the ISF Global Team.

The report is supported by an implementation space on the ISF Member website, ISF Live, which contains a facilitated forum for Members to discuss related issues and solutions, along with additional resources including a webcast and presentations.

The ISF’s Data Analytics for Information Security report is available free of charge to Members of the ISF. Non-Members are able to purchase a copy of the report by contacting Steve Durbin at [email protected].