Big Data at the Heart of a New Cyber Security Model
The traditional cyber security model has become almost useless as a result of the massive proliferation of smart phones, Web-based apps, social networks, and Internet-connected machines. But just as the new world of big data provides cover for cyber attackers, big data is also the only answer for devising a next-gen security system that can cope with emerging threats, RSA executive chairman Art Coviello said at a conference last week.
Speaking at the Third Annual International Cybersecurity Conference in Tel Aviv, Israel, Coviello highlighted how today’s approach to information security is losing effectiveness, and laid out plans for a new “intelligence driven” approach that can spot the signal in the noise, and cope with the rapid fire growth of technology.
“In the first two decades of the new millennia, we’ll have gone from a cyber attack surface that has just a few points of egress and ingress through a controlled firewall perimeter, to almost infinity, when you think of the impact of mobility, web apps, big data, social media, and the Internet of things,” Coviello said in a video of the speech.
“Already in 2013, we’re in a hyperconnected world that has facilitated access and productivity for all of us, but with unintended consequence of doing the same for our adversaries,” he said. “And if all that weren’t enough, it’s getting easier and easier with the advent of social media for our adversaries, to trick, spoof, and assume our digital personas.”
Coviello recommends that organizations stop spending up to 80 percent of their security budgets on building perimeter defenses that have steadily been losing effectiveness against attacks from rouge states, “hactivists,” and cyber criminals. Instead, organizations ought to prepare for the transition to intelligence-driven systems that have big data at their hearts.
This new system, which Coviello also discussed at the RSA conference earlier this year, will be characterized by the use of “dynamic and agile controls” on the perimeter and a central management system “that has the ability to analyze vast streams of data from numerous sources to produce actionable information.”
The central security management system “must be able to gain full visibility into all data–unstructured, structured, internal, and external. The underlying big data architectures will be scalable enough such that all data will be analyzed, no matter how expansive or fast changing,” he said.
“As a result, organizations will be able to build a mosaic of specific information about digital assets, users, and infrastructures… and correlate abnormal behavior in people and in the flow and use of data,” Coviello said. “The management system must be well integrated with GRC [governance, risk, and compliance] systems and specific tools, so that we can detect those attacks early or even in advance, and then trigger automated defenses, such as blocking network traffic, quarantining systems, and requiring additional identity verification.”
The access controls will also be smart in the new big data-driven security world. “They will also have the capacity to be self learning,” he said. “They will be able to inform or be informed by other controls. They’ll be able to feed or receive intelligence from security management systems, and report to and receive instructions from GRC systems. Armed with a thorough understanding of risk at the outset, this big data oriented management and control environment completes a vision of intelligent driven security.”
Such a big data-driven security system will be able to “find the hidden patterns, the unexpected correlation, the surprising connections” between data points in the wild, he said. “It’s about analyzing vast and complex data sets at high speed, which in our case will allow us to spot the fake signal of an attack. Because at some point, no matter how clever the attacker, they must do something anomalous.”
Today, the most a cyber attacker can expect to achieve is to disrupt an organization’s activities, such as through a denial of service attack. But thanks to the proliferation of big data and greater sophistication and coordination on the part of attackers, destructive attacks executed solely through the Internet will soon become the norm, Coviello said.
“Despite the hype, destructive attacks are still next to impossible to carry out solely through the Internet without manual intervention,” he said. “But as we transition to IPV6 and create the Intenet of things, IP enabling more and more elements of our physical infrastructure, attacks on digital systems that result in physical destruction will become a reality–a chilling, sobering thought.”
There must be a sense of urgency among stakeholders to deal with the “ongoing expansion of the attack surface and the escalation of the threat environment,” he said. “The only way to reach and maintain the appropriate level of understanding is through knowledge,” he said. “From a much higher level of collaboration between public, private, and vendor organizations, knowledge will replace fear with confidence, knowledge will guide our actions.”