Why Big Data Analytics Is the Answer to Cyber-Threats

Quick, check your email inbox. How many messages are from people you actually know — or from companies you do business with?

If you’re like most people, you probably receive dozens of spam messages every day — and promptly delete them.  By some estimates, there are more than two billion spam messages sent every day, many of which direct recipients to websites full of malicious codes designed to steal data from unsuspecting victims. Every day, new websites pop up — and disappear — creating a significant challenge for Internet security professionals charged with protecting computers and data.

Photo from http://www.123rf.com/photo_16995817_a-computer-virus-detection-symbol-illustration-with-word-virus.html

These days, creating viable security solutions requires more than just blocking known entities. Thanks to the sheer volume of data created every day — one estimate is 2.5 quintillion bytes each day — it’s important for security teams to use big data analytics to determine, and combat, new threats.

Understanding Big Data

Security vendors today have to address the three Vs when handling big data to find threats: volume, velocity and variety.

Volume refers to the amount of data collected. In the security field, that means looking at huge amounts of data regarding threats — where, when and how attacks occur.

Velocity refers to the speed at which new data are created and analyzed. Because criminals are turning to zero-day and zero-hour attacks, waiting even a few hours to locate and address a threat can be too late. The Internet changes by the minute; what was a legitimate website at breakfast could be infected with malicious code by lunch, and thousands of visitors could have also been infected by dinner. Security vendors need to be able to quickly analyze big data to identify and contain such threats.

Finally, variety plays a role in big data analysis. Once upon a time, malware was limited to personal computers and emails. Today, criminals are constantly looking for new ways to attack their victims and have mobile devices, social media and other means to spread their destruction. Threats might also be geographically specific, targeting IP addresses in one country, for example, or an individual or specific organization might be the target.

Why Big Data Is the Answer

Because there are so many threats coming from so many sources with so many targets, collecting and analyzing massive amounts of data is really the only way to provide a comprehensive security solution. Consider a scientific study. When scientists want to make a large-scale assessment, the larger the sample size, the more valid their findings. Stating that half of all women love chocolate, for example, after only interviewing a dozen women, is not accurate. Asking a million women about their preferences, though, makes the findings more valid and allows the researcher to identify trends and more specific information with greater certainty.

The same principle applies to big data analysis in the security world. By looking at billions of bytes of data, security analysts can identify patterns of threats and effectively develop solutions to stop them.

What Big Data Means to You

The average computer user may not realize he is an important part of big data collection; however, user data is a key component of the analysis process. Many times when you use a security solution, you agree to a licensing arrangement that allows analysts to collect anonymous data from your machine. The data collection will analyze your patterns looking for anomalies; for example, if you suddenly deviate from your usual usage patterns or start visiting new domains that never existed before, that information will be logged and analyzed. That data, combined with that from thousands of other users, allows analysts to identify threats, often in real time.

Big data analysis also allows your virus and security protection to stay up to date — and adjust to new threats in real time. Your Web-reputation manager might block a malicious site, for example, and your virus protection will update to address the new threat.

As cybercriminals get more creative with their attacks and find new ways to access data, the challenges for security professionals grow as well; however, as big data analysis capabilities improve, security vendors can quickly identify and protect against threats, saving customers time and money.


About the Author: As an IT consultant, Malcolm Eubanks relies on big data analytics solutions information from Smart Protection Network to protect his client’s data. Malcolm writes about security issues for several blogs and teaches computer science courses at his local community college.