A new report released today by Teradata Corporation, and the Ponemon Institute, contains several key findings showing that big data can an effective tool in the fight against cyber attacks, but adoption levels remain low. Enterprises and governments face increasing cyber attacks as other countries and even domestic competitors look for ways to get to high value datasets. Types of attacks including malware, zero day and advanced persistent threats continue to get more sophisticated.
Teradata Corporation provides data analytics solutions. The Ponemon Institute is an organization focused on information and privacy management. The survey included responses from more than 700 Information Technologists (IT) and IT security practitioners across the United States. The study covered experts in the financial services, manufacturing and government industries with an average of ten years’ experience. All respondents were familiar with their organization’s defense against cyber security attacks and have some level of responsibility for managing the cyber security activities within their organization.
“Cybersecurity is fundamentally a big data problem,” says Sam Harris, Director, Enterprise Risk Management, Teradata in an interview with CivSource. “Disparate databases can be vulnerable without active monitoring.”
According to the survey, only 20% say their organizations are more effective at stopping cyber attack. The greatest areas of cybersecurity risk are caused by mobility, lack of visibility, and multiple global interconnected network systems. More than half of respondents said they are aware of the technologies that provide big data analytics, and that those tools will solve security issues but only 35% have them. 61% say big data is in their future.
Government at all levels is the biggest player in the big data space, and is already running into issues like storage and security. As this site has previously reported, some studies indicate that the federal government will add another petabyte of data in the near term. On the state and local level, the scale is somewhat smaller, although, the same issues are on the table. However, uncertain funding and turnover in appointed positions, add another layer of challenges.
Harris notes that there are ways to scale cybersecurity responses and the use of big data to defend against attack. “Many organizations use access control, log analysis, or packet capture but these are still reactive responses. Closing the window from the time of incursion to full response is critical. If you work with technology providers to examine risk and needs up front there are economical ways to approach big data.”
Big data analytics can allow IT shops to prioritize potential threats and vulnerabilities as well as response plans. Controlling access points like devices and new connections to networks can also be done with this technology. Survey data shows that less than half (just over 40%) of organizations are vigilant in preventing anomalous and potentially malicious traffic from entering networks or detecting such traffic. Only 47% of respondents said that their organizations consider big data analystics as an important component of cyber defense. In fact, cybersecurity and defense may actually be decreasing in some places even as threats rise – 33% said that their organization’s cybersecurity posture had become less effective in the past 12 months.
Skills gap, uncertainty top challenges
IT shops in both the public and private sector now find themselves presented with a plethora of new tools and new technologies both to create threats and manage against them. 80% of survey respondents said they wanted to see big data tools combined with anti-malware or anti-DoS/DDoS to add additional layers of security.
Harris says that in the cybersecurity realm, effective defense means managing and analyzing volumes of network transaction data in near real time. “Many security teams have realized that it is no small feat to quickly sift through all of their network data to identify the 0.1 percent of data indicating anomalous behavior and potential network threats.” He explains that with big data analytics security, staff can see a distributed denial of service (DDoS) attack before it hits layers of organizational security and files, allowing for a more comprehensive and targeted response.
However, much of this work relies on a skill set that is still missing from many IT shops, as big data and its underlying technology are still relatively new. While some of the most well-resourced enterprises have been able to bring on talent, many are still lacking. This is especially true in government where hiring freezes, furloughs and extended procurement cycles can put IT offices behind, leaving government to rely on vendors, and hope protections are in place.
“With big data analytics you’re looking at new data structures, and new types of security analysis. This requires different skills than you’re typically going to see in a security group,” Harris says. This skills gap was one of the top three barriers to cyber defense listed by survey respondents.
A variety of new technologies and vendor supported solutions to this skills gap will be on display at the RSA Conference currently underway in San Francisco. Teradata will be presenting its solution as will many others including Big IT contractors. Vendors and technologists alike will also use this conference as an opportunity to lobby members of Congress in attendance for a better understanding at the federal level, of cyber threats as well as the private sector players involved.
The Center for a New American Security, a think tank focused on cyber defense which includes members from many military and technology experts, as well as previous defense appointees, and retired career military officials, released a report ahead of the conference calling for greater federal clarity around cyber defense. The paper in essence lays out a policy framework, and calls for establishing rules of engagement on active cyber defense (ACD).
“The U.S. government needs to provide greater clarity on which ACD actions are legal and which ones are not. Without such guidance, two problematic situations may arise. First, organizations may choose not to take actions that are legal because of fears of breaking vague provisions of existing law. Second, organizations may take actions that they believe are legal but that government authorities view as being illegal. In the former case, corporations are bypassing ACD options that could help protect valuable information. In the latter case, companies are taking actions that could lead to serious financial and legal risks and could also undermine U.S. national objectives (such as U.S. efforts to establish norms in cyber space). Clearer guidance will enable organizations to protect themselves from advanced cyber attacks to the greatest extent possible without putting themselves in legal jeopardy,” writes Dr. Irving Lachow, Senior Fellow and Director of the Program on Technology and U.S. National Security the Center for a New American Security in the paper.