Cyber Security - Predictive Data Analytics - Just a thought!
Monday Morning it is - Fun @ work starts by this - ! Let's get straight to the point ! The purpose of this post is not to educate on big data or data mining - its about how cyber security crucial decision-making might be done by analyzing the existing data (by extract) and external threat intelligence.
Data mining/Knowledge discovery!
Art of generating new information by analyzing large set of data from different perspectives. It is the process of finding patterns and correlations among dozens of fields in large relational database.
It is proven that by data mining one might be able to get a good hold on financial conditions, Economic conditions, Consumer interests, Changing regulations and so on and so forth. The analysis has resulted in optimizing operating costs, resource management, communications, clarity in assets,systems and processes and also developmental opportunity.
Challenge
Wait - why am i talking about this? Most of the executives are aware of that value that lies within their data but they may not fully comprehend its full potential.
The goal of data mining obtain meaning full data from the archive. In performing data mining plenty of decisions need to be made regarding the choice of methodology, the choice of data, the choice of tools, and the choice of algorithms.
Big data At-A-Glance
Big data starts with 3 "V's" are often mentioned: Volume, Variety and Velocity! But this itself is not sufficient - let's add 4 more V's - Variability, Veracity, Value and Visualization.
More information could be found at https://datafloq.com/read/3vs-sufficient-describe-big-data/166
Going beyond Big data and analytics - what is required?
- Data understanding
- Data preparation
- Data refinement
- Model building
- Model evaluation
- Practical deployment
Why - why does this matter for cyber security?
A a normal range the below are the category of Networks -
- Large scale networks 100,000-250,000 Endpoints
- Medium scale networks 5000-100,000 Endpoints
- Small scale networking 1-5000 Endpoints
SIEM (Security Information and Event Monitoring) is enough? to generate and extract meaning full data and make a call? - Nope it is not, Still have a challenge how many skilled people do we have who has covered every single asset to route on SIEM.
Comprehensive logs for the below to deal with the Bid data problem in Cyber security
- Network devices
- Security Devices
- Servers
- Devices on the edge
- IDS/IPS
- Network DVR
Developments in hacking culture and enterprise technology mean that big data-led intelligence defences are the future of the security industry!
Skills will remain the top challenge in the solving the puzzle ;)
My friends always say that 99% secure still makes you 1% vulnerable - "No matter what you will be hacked".
Conclusion
In this data era, Importance of Predictive Cyber analytics
Past - Re-active - responding to the events that has already happened (incidents, breaches, etc)
Present - Pro-active - Actively seek identification of vulnerabilities (penetration testing, code review etc)
Future - Predictive - Analyse the process, system to identify potential future incidents (TAXII, STIX + Critical Security Log data mining)
Cyber analytics should be able to provide top and bottom-line of a company's cyber risks with a clear line-of-sight from the data from open source threat intelligence and by existing security logs through to the value drivers of the security performance. Strategic decision-making for mitigating cyber risk prior!