Finding Needle In The Security Data Haystack

watchguard

We live in a world where analytics and data have become the pulse of organizations globally.As we grapple with speed and magnitude at which the information around us grows at an exponential pace, we have also inadvertently developed a healthy appetite for big data.The strategic direction of organizations now depends on the information that we gather and then try to analyze and understand it to make calculated moves forward. However, most of the data we gather and acquire is text or number heavy and it is up to the humans to make logical sense of it. Furthermore, identifying relevant pieces of information from the colossal data haystack is also a challenge.

Connected to vulnerabilities: In the world of network security, in addition to the explosive growth in the amount of available data, there is a parallel issue of increased mobility, connectivity and changing employee expectations. With the proliferation of BYOD, each and every employee has now become an entry point constantly creating new vulnerabilities for an organization. This is further compounded with the issue that there is a global cyber security skills deficit.It has, therefore, become critical to ensure that the IT departments and professionals have proper training and tools to bring the level of sophisticated cyber security strategies up to speed with the level of sophistication in the cyber-attacks.

Cyber criminals are always one step ahead of the security measures in place by organizations because most businesses are operating under minimal applicable policies and with security measures in place for only known threats. Everyone is a target although the motives of the attacks may vary - may it be a startup or a well-established brand from any vertical or even a government agency. As per the Indian Computer Response Team (CERT-In) tracking report, a total number of 78 government websites were hacked in the year 2013 (up to June).Another report based on a global study conducted by Verizon RISK team published in Verizon’s 2013 Data Breach Investigations Report (DBIR) reveals that as much as 66 percent of security breaches remain undiscovered for months and of the breaches that are identified, 41 percent took days to contain and 36 percent took weeks to months to resolve. As more and more organizations move towards cloud adoption to reduce costs and increase their time-to-market, the nature and vector of cyber-attacks also changes. Getting visibility into dark areas of the network, reinforcing security policies with a few relevant technologies can help protecting information and infrastructure in cyber space.

Why Visualize? Over the next five years 2.5 billion people are forecasted to be connected to the Internet globally and it has become more important for organizations than ever before to identify and address security issues fast and accurately.Human error in identification of threats and oversight is a luxury that organizations simply cannot afford.Adoption of proactive security strategies is the only way to prevent from new forms of attack.This is where visualization turns security data into actionable insights by providing a comprehensive ‘at a glance’ view of security reports resulting in timely identification of potential threats.

There are several reasons why visualization works better than linear data reports to help understand complex data sets. Data delineates factual information but visualization tells us a story.The human brain is programmed from a young age to hear, retain and understand stories especially when the stories were accompanied with pictures. It is a fact that most people are inherently visual thinkers and cannot process large amounts of analytics, security professionals being no outliers.

Closing the visibility gap: Organizations are taking steps to gather information about employee behavior and control & monitor use of applications, it is time consuming to analyze data and see patterns to identify threats before they happen. Furthermore, the speed, magnitude and complexity of data are rapidly growing as more and more employees becoming increasingly connected.However, the increase in amount of information that we can access or gather presents another set of challenges.A recent research from Frost & Sullivan shows that information security professionals don’t have nearly enough visibility into the information they are tasked with.This combined with the skills shortage in security space can have significant repercussions for organizations. The visibility gap can lead to data loss and being susceptible to attacks, especially when it comes to unknown evolving threats. Visualization of security reports overcomes this challenge by arranging data in a visual format such as heat maps, graphs, highlighted reports, thereby closing the visibility gap by facilitating identification of complex behavior patterns that may signal the need for immediate investigation. A classic example of this would be the failure of security professionals to detect an unusual pattern of behavior from Edward Snowden where he was downloading more files than usual.Had that triggered an early alert or the pattern identified by the security professionals, an early investigation would have prevented the mass leakage of information from NSA. (Would our technology really have caught that?)

The human element: Visualization is also critical in mitigation of human error in interpretation and analysis of data.When the ‘human’ factor is introduced to the complex task of extraction, consolidationand interpretation of data, errors are inevitable. A study by Carnegie Mellon University has shown that human performance tends to degrade when undertaking repetitive tasks, when stress levels are raised and a when situation becomes more complex (Shelton, C. 1999). There is a lot riding on the decisions and actions of security professionals and therefore, the increased stress levels combined with the increasing amount of complex information they need to decipher, can lead to oversight.Visualization that enhances security data visibility shows clear patterns and relationshipsand filters out valuable and relevant information leads to a better understanding of the big picture, mitigating such risks and should from a part of any effective security strategy.

Time is money: Cyber criminals are generally well funded and extremely organized.Therefore, in orderto protect the valuable data and prevent crippling attacks, security solutions need to be an ongoing investment.This is not as simple as it sounds when it comes to tight security budgets making it critical for organizations to extract maximum value from the security measures with minimal costs.Technologies that create visual roadmaps of data offera multidimensional view of the information at hand resulting in increased visibility into bandwidth usage, application control and other vital information.Thisnot only protectsthe data, but also detects potential data exposure in a fraction of time that it would normally take to go through a linear data stack.The result is significant saving of time and resources in the search and analysis process, which also reduces inefficiency and prevents costly oversights and misinterpretations of available data ensuring business continuity.

Keeping the finger on the pulse: A proactive security strategy involves identification of some key behaviors and patterns as well as monitoring inbound and outbound traffic in real time to prevent known and novel attacks.Security reports that use data visualization to extract relevant information fast can provide quick access to the relevant information that is needed by security professionals including:

 

- Who is using the most bandwidth?

- Which applications are using the most bandwidth?

- What sites has a particular user visited?

- What applications does a user use?

- How many viruses were blocked?

- Were intrusionattempts stopped?

- Is private data leaking from our company?

- How effective is our anti-spam solution?

 

Until now, asking those questions has been daunting.In fact,in a recent report from the SANS Institute, only 10 percent of respondents felt confident in their organizations ability to analyze large data sets for security trends, even though 77 percent are collecting logs and monitoring data from systems and security devices.Fortunately, a new era of real time network security intelligence has emerged.New solutions bring big data style visibility instantly. As cyber criminals usher in new malware, make sure the solutions you choose can keep up with them. With the right solutions, the needle in the haystack is no longer hidden.