The top security software vendors are trying to crack the code of accurate, trustworthy computer security analytics. We're collecting most of the data we need, but we must figure out what gives us the most accurate results -- and what data we're missing. Our early attempts at big data security analytics include companies and services that do the following:
- Monitor command-and-control centers for malicious bots and tell you when your computers connect to those sites, indicating compromise
- Monitor legitimate-appearing network traffic to flag malicious, tunneled traffic
- Track multiple advanced persistent threat gangs and their activities
- Distinguish between legitimate logins and malicious pass-the-hash attacks
- Tell whether or not a transaction using your identity or financial information is legitimate
- Identify insider data misuse
We're definitely in the early phases of big data computer security analytics, as this CSO article explains. But the foundation of future security analytics is being laid today.
For a long time we humans have been able to quickly spot signs of compromise. It's time to let the computers take over some of that task. We still need stronger basic security controls, but it's clear that big data security analytics will become an ever larger piece of the security puzzle.
Sign up for CIO Asia eNewsletters.