The blurry line between cyber and physical security
Unfortunately, no organization or county can escape security threats. Rapid urbanization, increasing strain on natural resources and evolving global terror threats are the reality.
Advances such as social business, mobility and cloud increase opportunities for commerce and collaboration, but they also create the perfect disguise for criminals, hiding among the 2.5 quintillion bytes of data created daily throughout the world. Is there a criminal hiding in your data?
This question plagues law enforcement officers everywhere. At a recent conference of law enforcement officials, one officer described setting up a watch list of phrases on social media. When one of the important phrases was used, law enforcement officials were alerted and they immediately triggered deeper analytics to capture context and pinpoint persons of interest. Some of the analytical techniques used included geospatial analysis and entity recognition.
In another example, law enforcement officers were able to get to victims of violence and help those overly intoxicated because friends of the victims turned to Pinterest and Twitter to share the news with their friends before calling 911! In both of these cases, deep analytics about time series and past conditions or behaviors helped find victims and the perpetrators. The objective for these agencies is to set up real-time protection, especially during major city events, to deliver relevant and situational alerts, and enable a proactive response.
Another area of interest for law enforcement is around computer surveillance. Unfortunately, the human eye gets tired and doesn’t always spot subtle changes in video feeds. Many are turning to video analytics to identify and correlate incidents. The video analytics enables officers to process and respond to surveillance data both in real-time and post-event.
The blurry line between the cyber and physical word is now being picked up in the popular press. In a recent assault on Israel’s national road network, hackers used a Trojan horse virus to target security cameras, causing an immediate lockdown and disabling roadways for hours. As the line blurs between physical and logical realms, it becomes difficult for security analysts to predict where attacks will originate. Another example involves a malware-infected refrigerator spamming 750,000 email addresses.
Organizations need sophisticated real-time analytics to find a weak signal in the noise of big data; without deep insight most threats can’t be detected. Attackers are more sophisticated than ever. They are skilled, motivated, patient, persistent and even state sponsored.
Security intelligence from big data and analytics provides real-time insight across all data types including traditional security data types such as log files and audit trails and also big data types like social data, photos, sensor data and email. It enables organizations to sift through massive amounts of data, inside and outside the organization, to uncover hidden relationships, detect patterns and remove security threats. Blend real-time analytics on data in motion with historical analysis on data at rest for optimal results.
Security analytics enables organizations to:
- Enhance intelligence and surveillance insight. Analyze data in motion and at rest to find new associations or uncover patterns and facts. This type of real or near-real-time insight can be invaluable and even life-saving.
- Real-time cyber attack prediction and mitigation. Analyze network traffic to discover new threats early and react in real time.
- Crime prediction and protection. Analyze internet (for example: email and VOIP), smart devices (such as location and call detail records) and social media data to help law enforcement better detect criminal threats and evidence. Instead of waiting for a crime to be committed, prevent it and proactively apprehend criminals.
Security intelligence from big data analytics helps create a complete security strategy. For example, an organization could use real-time streaming security analytics for deep packet inspection. Deep packet inspection allows organizations to monitor web traffic, DNS lookups, network flow and port and protocol usage. The outcome of this analysis could reveal precisely which web servers are infected with malware, identify suspicious domain names, pinpoint leaked documents and deliver intelligence on data access patterns.
The ultimate goals of a security strategy are to keep assets safe and better predict and prevent attacks.
- Stop more threats faster to reduce the cost, duration and severity of attacks. Strengthen brand reputation and client loyalty and protect stakeholders.
- Scale security policies across traditional and big data environments. Create sophisticated security analytics faster and automatically analyze new data sources and update business policies in real time.
- Focus on the greatest risk. Uncover unknown threats and shift resources as required. Understand false positives, remove blind spots and track effectiveness of security policies.
Check out the IBM Security Intelligence Extension website and read this new ebook from IBM: "Empower security analysts with big data analytics."