Cybersecurity: Employ cyber threat analysis to counter and mitigate more attacks

Business and Technology Writer

Intelligence analysis solutions equip organizations with capabilities that help uncover hidden insights and patterns to create a more resilient network against threats, and mitigate the threats that break through. Being able to analyze additional data sources, like HR data or public data, against your network data can connect seemingly unrelated events to provide crucial clues that help stop bad actors from stealing data. The cyber landscape gets more complicated, and potentially more threatening, every single day. Attackers are finding new ways to exploit software and identify ways to exploit and bypass your perimeter, allowing them to access and steal data and even trigger full-on failures within a target organization's system.

Recent analysis by Recorded Future, a threat-intelligence company, shows that approximately 20 new cybervulnerabilities are released and reported daily. For business and IT leaders, however, data analytics and intelligence analysis tools help combat those threats. Here are a few key ways organizations can leverage data to prevent the next big breach.

Data analytics: Leveraging the cybersecurity advantage

Even as hackers' methods evolve, the ability to uncover hidden insights in data that will help you seek, identify and respond to cybersecurity threats and vulnerabilities is a powerful advantage. The following examples show how:

  • Cyber threat analysis puts a lens on all vulnerable devices, all the time. Timing and quick responses make a substantial difference when it comes to limiting damage from a cyberattack. Historically, IT has faced a security challenge when processing an endless stream of data logs from firewall-access requests. That overload was further compounded by the advent of multidevice users in the mobile era. Today, human-led analysis capabilities as well as data analytics help to tackle the pileup. For example, applying visual analysis across a variety of data sets to uncover patterns and connections, consolidating duplicate entities in large datasets, using unstructured text capabilities to find information buried in documents, linking external data sets with internal data sets like system logs, to connect seemingly unrelated events — all help uncover patterns and anomalies buried within the ever-increasing surge of records. That kind of 360-degree, real-time view is critical to countering a threat and mitigating a breach.
  • analysis and data analytics can flag unusual file and email access patterns. Organizations' cyber defenses should not just address system break-in attempts; they should also address what happens when an attacker gets through and operates from the inside. After penetrating a data perimeter through a side door, often via malware affecting legitimate users, cybercriminals begin to move around an organization's system. At some point, however, they'll move in such a way that differs from the long-term patterns of the employee they're imitating. Often referred to as user-behavior analytics, the search for unusual patterns in the flow of communication and access is a deep-level approach to cybersecurity.
  • Data analytics can see the smallest leaks. Not all attackers work alike. Bots, for example, can take over large quantities of computers and use them as a network to overwhelm a target with requests, but they can also work in smaller numbers and in different ways. One is to access and then park inside a system, collecting keystroke data and sending it to a hacker's server for later use. They can also microsteal information with occasional, infrequent and randomized requests to the infected part of a company's infrastructure. They can even infect systems and mine Bitcoins. This is the kind of passive activity that won't leave the same kind of trail that user-access behavior and file movement history do. With data analytics, however, even the hardest-to-detect patterns can be uncovered, including energy-use anomalies and the modest, infrequent communications with a particular server over time that can indicate bot-related data theft.
  • Minimizing false positives means more attention to real threats. One way to miss an incoming attacker is to spend too much time on unusual system activity that's actually benign. Using a combination of human-led multidimensional analysis and data analytics not only finds anomalies; it can assign all flagged events a priority score. System-defense teams are then able to react to events that need immediate investigation first, keeping track of all activity but never wasting time and attention on an employee's legitimate but anomalous activity.

The market for applying data analytics to cyberattack scenarios is burgeoning. Experts at IDC expect big data and analytics to become a $125-billion industry in 2015, according to CSO. That's good news for organizations; an influx of resources creates fertile ground for innovation.

As attackers become increasingly sophisticated at breaking into protected data, cybersecurity growth is accelerating. Business leaders and IT teams will continue to look to data analytics advances to keep them on the cutting edge, affording them new ways to keep up with those 20 new vulnerabilities per day.

Stay ahead of cybersecurity threats