Welcome!

SDN Journal Authors: Pat Romanski, Liz McMillan, Mark Hoover, David Paquette, Olivier Huynh Van

Related Topics: @BigDataExpo, Cloud Security, SDN Journal

@BigDataExpo: Article

The Role of Big Data in Threat Detection

The promise of Big Data lies in the ability to derive insight, reduce risk, and improve future security performance

Arriving at Actionable Insight: The Role of Big Data in Threat Detection

According to Gartner, Big Data refers to "high volume, high velocity, and/or high variety information assets" - and, this is the key - "that require new forms of processing to enable enhanced decision making, insight discovery and process optimization." While Big Data may seem like an invaluable tool that all security teams should try to leverage, it is not practical for everyone to attempt to harness it on their own. Finding insight from data is rarely as simple as it seems. We are still in the early stages of the Big Data revolution, with people only now beginning to understand what is possible, and what it takes to get there. Simply investing in tools and development is not enough. The fact is security teams are still struggling to identify and respond to incidents in an effective way. The Verizon Data Breach Investigations Report of 2013 noted that outside parties, whether it be a telecom provider, credit card issuer, third-party vendor or the FBI, were responsible for 70% of data breach notification, demonstrating that security teams are still missing the signs of detrimental threats that face organizations each and every day.

There is clearly promise in Big Data, but how do organizations get there? First, there is a need for human talent and expertise, as tools alone are not enough. Beyond creating a security operations center (SOC) to coordinate a cyber security strategy, it is critical for organizations to employ a data scientist or someone who is capable of consuming and analyzing the information to create effective models for identifying threats. Unfortunately, there is a vast talent gap in the field of data science, particularly at the intersection of data and security. There are also technical hurdles preventing development. Integrating high volumes and varieties of data sources and formats, both internal and external, into a security framework requires both technical expertise and resources. In many ways, these programs are for select organizations. Enterprises must facilitate financial resources, technical know-how, and data science expertise to execute a holistic and effective Big Data program.

The promise of Big Data lies not in the collection of millions of records, but in the ability to derive insight, reduce risk, and improve future security performance. So, if the barriers to an internal Big Data program are high, but the potential benefits are great, how do we arrive at the insight needed to reduce risk and improve future security performance? Fortunately, there are options available for organizations to gain these advantages without having to make the commitment to a full-scale Big Data program.

One emerging option is the possibility of Big Data as a Service (BDaaS). Through the perimeterless nature of the Internet, vendors can access, analyze, and provide actionable insight into potential - or even future - threats. For example, card issuers often turn to outside vendors for Common Point of Purchase (CPP) analysis to detect potential fraud associated with theft or breach. By outsourcing the collection and analysis, businesses can streamline their path to insight.

Organizations of all sizes face challenges of data collection and analysis on a daily basis. In order to gain insight from data, companies must invest in the tools, strategies, and staff needed to make sense of accessible information. Once the appropriate protocol is in place, insight from Big Data may function as a way of reducing risk, protecting enterprises from our hostile threat landscape.

More Stories By Stephen Boyer

Stephen Boyer cofounded BitSight in 2011 and serves as Chief Technology Officer. Prior to founding BitSight, he was President and Cofounder of Saperix, a company spun out of the MIT Lincoln Laboratory focused on vulnerability and network topology risk analysis. Saperix was acquired by FireMon in 2011.

While at the MIT Lincoln Laboratory, Stephen was a member of the Cyber Systems and Technology Group where he led R&D programs solving large-scale national cybersecurity problems. His work at the MIT Lincoln Laboratory included research, development, and evaluation of next generation intrusion detection correlation architectures, attack graph vulnerability analysis, large-scale cyber situational awareness, security risk measurement, and cyber simulation and testing.

Prior to joining the MIT Lincoln Laboratory, Stephen designed, developed, and tested products at one of the earliest Linux startup companies, Caldera Systems.

Stephen holds a Bachelors degree in Computer Science from Brigham Young University and Master of Science in Engineering and Management from the Massachusetts Institute of Technology.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
There is growing need for data-driven applications and the need for digital platforms to build these apps. In his session at 19th Cloud Expo, Muddu Sudhakar, VP and GM of Security & IoT at Splunk, will cover different PaaS solutions and Big Data platforms that are available to build applications. In addition, AI and machine learning are creating new requirements that developers need in the building of next-gen apps. The next-generation digital platforms have some of the past platform needs a...
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service. In his session at 19th Cloud Exp...
SYS-CON Events announced today that Secure Channels will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The bedrock of Secure Channels Technology is a uniquely modified and enhanced process based on superencipherment. Superencipherment is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm.
While DevOps promises a better and tighter integration among an organization’s development and operation teams and transforms an application life cycle into a continual deployment, Chef and Azure together provides a speedy, cost-effective and highly scalable vehicle for realizing the business values of this transformation. In his session at @DevOpsSummit at 19th Cloud Expo, Yung Chou, a Technology Evangelist at Microsoft, will present a unique opportunity to witness how Chef and Azure work tog...
SYS-CON Events announced today that Numerex Corp, a leading provider of managed enterprise solutions enabling the Internet of Things (IoT), will exhibit at the 19th International Cloud Expo | @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Numerex Corp. (NASDAQ:NMRX) is a leading provider of managed enterprise solutions enabling the Internet of Things (IoT). The Company's solutions produce new revenue streams or create operating...
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care. I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind. Don't just log my data; use the relationship graph. In his session at @ThingsExpo, Ryan Boyd, Engi...
IoT is fundamentally transforming the auto industry, turning the vehicle into a hub for connected services, including safety, infotainment and usage-based insurance. Auto manufacturers – and businesses across all verticals – have built an entire ecosystem around the Connected Car, creating new customer touch points and revenue streams. In his session at @ThingsExpo, Macario Namie, Head of IoT Strategy at Cisco Jasper, will share real-world examples of how IoT transforms the car from a static p...
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, will discuss the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports. The session will include a working demo and a technical d...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data. In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?