Big Data Analysis Can Detect Cyber-Attacks Before It's Too Late
But just collecting the data, even if it's well visualized, isn't enough. To use those visualizations to thwart an attack before it's too late also requires sharing the data with people and organizations with the means to take remedial action. Such sharing is difficult, said Stephen Dennis, innovation director of the Homeland Security Advanced Research Projects Agency, which is part of DHS. "We're on the precipice of being able to really see information," Dennis said. He added that despite all of that data, it's still not exactly clear whether what they're dealing with is really big data or something else. "There's no definition of big data," he noted. The bad news is that there's so much data, and as a result handling it is tough. While storage costs continue to drop and the processing power required to manipulate that data has grown substantially, it's still hard to do. But the good news is that as more data accumulates, it becomes easier to use it to create the visualizations necessary to actually see a threat while there's still time to do something about it besides pick up the pieces. Unfortunately, visualization of attack profiles and the attack environment are just beginning to be developed. But that doesn't mean security organizations can simply wait. As Kwon explained, security operations need to be looking beyond firewall alerts and antivirus warnings. "We've been looking at the wrong things," Kwon said. "We must embrace our data. We have to look at how we take that data, how we use it to make our compliance team into a functional team."Researchers have started to look beyond just the government or specific industries to produce visualizations that are effective at seeing attacks before they become incidents. Reagan pointed to efforts by the financial services industry to produce visualizations of truly vast quantities of data. He also said that the gaming industry is an excellent example of how to do things. "The gaming industry in Las Vegas is good," he said. "They know how to protect their money. What can we learn from that industry?" There's still a lot to learn about how security officers can use big data to protect the data that others want to steal, but the process has moved beyond just looking for malware into the world of predictive analytics, and that can go a long way in protecting against attacks of all types.
But Kwon also said that security operations need to do more than look at visualizations. They must also make sure that what they're doing is having the right effect by making sure that incident numbers are going down and that penetration attempts are unsuccessful.