Big Data Analysis Can Detect Cyber-Attacks Before It's Too Late
NEWS ANALYSIS: Harnessing the wealth of data produced by cyber-security systems can give security professionals the insights they need to detect cyber-attacks as they occur.WASHINGTON, D.C. —"Times have changed," warned security consultant Mischel Kwon, former director of US-CERT. "We can't afford to wait for an antivirus warning or to have malware trip a firewall." Kwon was kicking off a high-level seminar of government cyber-security experts gathered by FedInsider, a management publication for federal government executives. The panel Kwon was chairing included speakers from agencies ranging from the Department of Homeland Security (DHS) to the North Atlantic Treaty Organization (NATO), all of whom were addressing the role of big data in providing warnings of cyber attacks as they were about to happen. But dealing with the data that describes the attack environment is a daunting task, pointed out J. R. Reagan of Deloitte & Touche. "We are amassing huge amounts of event data," Reagan said, noting that the volume of data "is beginning to outstrip the human ability to see patterns." He noted that one of the most significant advances in cyber-security is the ability to produce visualizations of that data that make it possible to see patterns that wouldn't be visible otherwise.
"We can see pictures about sixty thousand times faster than we can read text," Reagan explained. "Now we can see the point of attack." He said that by producing the right visualization of the event data, security officers can see patterns in the events leading up to the attack that they never would have been able to see otherwise, and as a result can see the attack as it starts. He said that by the time a security event actually happens, it's too late.