Security Analytics – Big Data Use Case
Another day, another data breach. Just received another “We’re sorry you got hacked”…letter.
This is the fifth letter I have received in the past 3 months: Forbes.com, Target, Neiman Marcus, credit card company and a previous employer. What is going on?
Why aren’t firms investing in beefing up their predictive ability to spot the cyber-security intrusion threats? What’s taking them so long to identify? Why is the attack signature - sophisticated, self-concealing malware - so difficult to spot? Do firms need to invest in NSA PRISM type threat monitoring capabilities?
The three impediments to discovering and following up on attacks are:
- Volume, velocity and variety – Not collecting appropriate security data
- Immaturity and not identifying relevent event context (event correlation)
- lack of system awareness and vulnerability awareness
Obviously… where there is pain…there is opportunity for entrepreneurs see below – data from IBM). There is a growing focus on big data use case for security analytics after all the breaches we are seeing. General Electric announced it had completed a deal to buy Wurldtech, a Vancouver-based cyber-security firm that protects big industrial sites like refineries and power plants from cyber attacks.
Here are three recent examples that I was personally affected by – Forbes, Target, Neiman Marcus.
Dear Forbes.com Member:
Recently, Forbes.com was targeted in a digital attack.
Our publishing platform was compromised and email addresses for registered members have been exposed. (Forbes subscribers should note that no credit card information or subscription details were revealed.)
We have notified law enforcement and are taking the matter very seriously. Your Forbes.com password was encrypted in our database, but if you used the same password on other Web sites or accounts, we strongly suggest you change them. We have currently disabled log-in functionality on Forbes.com and invalidated all passwords.
During this time, you will not be able to access your account or add your comments to the site. We will send you a follow-up email when log-in is reopened with simple instructions on how you can reset your password to a different one. Meanwhile, we urge you to be cautious about interacting with email, especially from senders that are unknown to you, as the list of email addresses may be used in phishing attacks or scams. All of us at Forbes respect your privacy and apologize to you and all of the members of our community for this breach.
Sincerely, Mike Perlis Chief Executive Officer
This follows the massive breach at Target. Target disclosed on Dec. 19 2013 that the data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. Then on Jan. 10 it said hackers also stole personal information—including names, phone numbers, and email and mailing addresses—from as many as 70 million customers Here is a letter from Target’s CEO after their data breach.
They’re offering victims a year of credit monitoring, deep regrets, and some basic advice.
Retailer Neiman Marcus has announced customers who used a credit card at one of its stores during the holiday shopping period may have had their data compromised. Around a million people may have been affected.
Here is the link to the Neiman Marcus letter… http://www.neimanmarcus.com/NM/Security-Info/cat49570732/c.cat
Security Intelligence – Emerging Use Case
The new target goal – identify malicious/problematic sessions and traffic before it causes substantial harm to the assets or customers.
With major security breaches, fraud incidents and advanced persistent threats making headlines, every type of organization has to take new steps to address the growing problems of malware, spoofing, social engineering, advanced threats, fraud, and insider attacks.
Just doing traditional data source monitoring of logs, events, flows, network traffic, alerts might not be enough. Legacy security monitoring platforms based on real-time correlation mostly lack the sophisticated learning based threat and risk detection required to detect and protect against such attacks. At best, they solve a single facet of the problem.
How to identify malicious activity camouflaged in the masses of an organization’s data? Smart cyber criminals can skirt traditional defenses and blend into the operational noise. They’re skilled and patient enough to perform stealthy reconnaissance of an organization’s network over months or years, eventually seizing the right opportunity to steal sensitive information assets – intellectual property, credit card numbers, customer databases – commit fraud, or otherwise damage the enterprise.
Multiple approaches are needed to keep up with the ever-changing enemy… signatures/blacklists, behavioral models, algorithmic and some old-fashioned forensics. IBM had a good conceptual representation of this emerging problem facing every CIO and CISO of Fortune 1000 companies.
Basic theme… today’s security analytics tools can’t keep up with Capture, Store, Manage, Analyze needs. Imagine adding 6-10 terabytes of new data every month to every expanding data store.
Is your CIO or CISO doing their Job?
Do you think Target’s CIO, Beth Jacobs, in the hot seat. You betcha. Beth resigned on 3/5/2014.
CIOs of consumer facing organizations have to double down as the threats grow. Incident detection/response skillset is at a premium. But the key issue how to upgrade security infrastructure quickly from the 1st generation systems to 3rd generation systems.
- 1st Generation: Intrusion Detection Systems
- 2nd Generation: Security Information and Event Management (SIEM). Also called “1st Generation SIEM”
- 3rd Generation: Big Data Analytics in Security (Also called “2nd Generation SIEM”)
Current solutions will not suffice. The next generation is based on the notion that the enemy is ever-changing and infinitely intelligent. New attack vectors are more difficult than ever to detect… Polymorphic, Randomized, changing payloads. Sounds like the Matrix movie…where you run multiple algorithms across the data..multiple passes on the data.
No company is immune to this non-stop security threat. Apple recently released a software update to fix a serious security weakness in its iOS mobile operating system that allows attackers to read and modify encrypted communications on iPhones, iPads and other iOS devices.
The flaw allows an attacker to intercept, read or modify encrypted email, Web browsing, Tweets and other transmitted data, provided the attacker has control over the WiFi or cellular network used by the vulnerable device. The company says it is working to produce a patch for the same flaw in desktop and laptop computers powered by its OS X operating system.
As world gets more digital…security spend will grow exponentially. The problem is only going to get worse as criminals find easy targets and money.
Notes and References
1) NSA PRISM - Big Data and NSA Monitoring
3) BIG DATA ANALYTICS FOR SECURITY INTELLIGENCE - According to Solarwinds IT Security Survey…59% of the organizations don’t know whether they are collecting security data in real-time or not.
4) Top 5 Data Breaches in 2013 - LivingSocial (50 M user e-mails and passwords); Evernote (resets 50 M account passwords after data breach); U.S. Department of Homeland Security finally corrected a four-year error in the software it uses to process employees’ background checks; Adobe reported that 3 million customers’ credit card information was stolen; System bug exposes 6 million Facebook users’ personal data in yearlong breach.
5) Security Analytics capabilities that are “need-to-have” not just “nice-to-have”