The consensus among industry experts is that the 2016 shopping season in the run-up to Christmas will be another record-breaking period for cybersecurity breaches. For any sized company across all industries, cybercrime IS a problem that costs businesses billions of dollars each year. Additionally, governments are holding company executives accountable, with the potential to someday hold these individuals personally liable. Indeed, there is a lot at stake.
Until recently, technology has struggled to stay one step ahead of the criminals, in part because cybersecurity is about so much more than just what’s happening within your network. All the pieces – your extended network, the cloud, third-party platforms, telemetry and IoT data – need to be connected. And it’s not just about big and unstructured data sources. The blending of these sources with structured, corporate data is helping to prevent cybercrimes. An example is combining social data, which provides clues about sentiment and future intention, with corporate data, which gives information on users’ past behavior, which taken together can revolutionize cybercrime prevention by providing patterns and a much more complete picture of criminal intent.
You might think this sounds a bit futuristic. But trust me, it’s not. I recently spoke with Oliver Newbury, CTO of BT Security, to learn more about how BT addresses these challenges. As one of the world’s leading global communications services companies, BT has a unique challenge. Maintaining cybersecurity is no longer just about keeping an eye on what is happening within the network, but also about connecting together all the pieces of the extended network: the cloud, third party platforms, telemetry data, and IoT data. With an adept use of big data blending and advanced analytics, BT is able to pick out important clues from this torrent of information and develop better situational awareness in order to rapidly identify threats and vulnerabilities.
How does BT do it? At the organization’s foundation is its network – the underlying fabric that joins the existing enterprise and glues together hybrid architectures even as they extend out to the cloud. As a result BT must analyze an enormous amount of network metadata to understand the webs of communication – how information is moving across the network, how data is moving across systems, and which systems are contacting which other systems. As you layer in third party environments, cloud platforms, telemetry data and more, you can appreciate that an intelligence operations team might have their hands full.
It was with these challenges in mind that BT created its big data security platform, called Assure Cyber. Assure Cyber embeds Pentaho’s big data integration and analytics platform to bring together event data and telemetry data from a rich variety of data sources including business systems, traditional security controls, and advanced detection tools. It then applies a whole suite of analytics engines and advanced visualization tools across those datasets to accelerate threat detection. Assure Cyber has drastically reduced the amount of time it takes BT’s customers to address a threat.
However, it wasn’t always this easy. Previously, much of the data that companies needed for understanding their exposure to a security vulnerability was scattered across an organization. People literally needed to pick up the phone or request files from other teams to gain access to it, and the environment was so complex that it was almost impossible to have a full view of how all the data fit together. But the world has changed. Assure Cyber is analyzing data from a rich variety of structured and unstructured data sources, ensuring that insights can be harvested much faster than ever. Vulnerabilities and incidents that would have previously taken days or weeks to detect can now be identified immediately, helping companies prevent attacks before they have a chance to inflict damage.
To see how organizations are designing efficient infrastructures for cybersecurity analysis in a big data environment, take look at Pentaho’s cybersecurity blueprint.