A recent report released by the Security for Business Innovation Council (SBIC) indicates that the trends toward cloud computing, social media, mobile and Big Data are the main drivers that affect and change the current IT security scene. With the accelerating worldwide spending on public IT cloud service expected to approach US$100 billion in 2016, and the growing openness of today’s network – such as the pervasiveness of Big Data and the increasing volume of “Internet of Things” we create daily – enterprises will need to find ways to effectively enhance their security tools in order to minimize the damage caused by the expanding threat landscape and new risks exposed.
Growing Sophistication of Advanced Threats
Amongst all potential victims of cyber attacks, financial institutions are among the few top targets for global cyber criminals, along with critical governing bodies and authorities. The recent incidence of skilled hackers paralyzing the computer network of the three major South Korean banks demonstrates that the growing intensity of these disruptive attacks has the potential to not only cause significant economic loss but also trigger a loss of public confidence. Unfortunately, existing security systems, which are often perimeter- and signature-based, are unable to cope with today’s insidious threat landscape, and often fall short in key areas: –
1) Unable to identify and investigate targeted attacks in a timely manner
Signature-based technologies can only detect “known bad” files and communications, thus the growing number and types of Advanced Persistent Threats (APT), which work around known defenses, are not bound by the recognition of any signature-based scan, allowing zero-day vulnerabilities and attacks to happen. Also, the lack of integration between different independent security tools can create perilous blind spots, hindering the effectiveness of analytical tools in making sense of the data collected, which can lead to longer investigation time and may not produce the information needed to support effective decisions.
2) Cannot keep up with today’s data collection and processing needs
Many Security Information and Event Management (SIEM) platforms are based upon off-the-shelf SQL databases or proprietary data stores which are incapable of dealing with the large scale of security relevant data, e.g. logs, network packets and threat intelligence reports, generated by companies each day, hence slowing down the incident detection and response rate and increasing the security risk.
3) Depend excessively on customization and human skillsets
Enterprise security analysis is complex and requires specialized skills and very experienced security practitioners, and many security systems are designed to be used only by advanced security analysts who are able to constantly fine-tune and customize these tools. But in situations where these skills are in short supply, security tools have to provide more intelligence rather than administrative work.
The way forward – Intelligence-driven Security Strategy
As cyber criminals advance their capabilities, enterprises are left with no choice but to adopt new strategies and defenses, and an Intelligence-driven Security Strategy is the way forward.
Big Data security analytics provides a comprehensive and up-to-the-second view of IT activities, so that security analysts and executives can make timely and data-driven decisions. This security strategy transformation requires enterprises to be Big Data ready, and, from a technology perspective, they will need the new system to offer: –