Sophisticated cyberattacks are on the rise. And cybersecurity professionals are in demand. There’s a real shortage of talent in both the public and private sector, with a recent Booz Allen report recommending an increase in skills to protect government networks. Likewise, new IDC research sponsored by SAS recommends integrating analytics into the core of your cyber detection efforts.
How is your business tackling this problem from both the human and technology sides? Do you have people and processes in place to protect your assets and your reputation? What's your strategy to detect intrusions in real time?
The way I see it, cybersecurity requires the ability to store tremendous amounts of data, apply advanced analytics to determine when threats are happening in real time, and then immediately take action to take those activities offline.
Let’s look more closely at the problem – and the solution.
Today’s cyber criminals can gain access to your entire network from any single computer or entry point on the network. They can even come in through a contractor who has connected temporarily to your network or through a remotely managed system on the network.
Then, once they’re inside your network, the hackers quietly and methodically work their way through your systems – often for months – before their presence is even detected.
This isn’t a farfetched scenario taking place at some dodgy company in the bad part of town. It’s happening today on the networks of your favorite brands in almost every industry.
The solution is no longer a matter of identifying weak entry points, reinforcing security at the perimeter and stopping the cyber criminals before they get in. You have to assume they're already there.
But how can you find them hiding away in your network? And how can you stop them? You have to analyze the network traffic, compare it to normal traffic patterns and investigate any anomalies. That sounds simple enough, right? Just look for anything out of the ordinary.
The problem is that even an average sized company today sees 100,000 network transactions PER SECOND. Most companies aren't set up to monitor that much traffic, let alone store and analyze it all in real time.
But now you can. With low cost storage options like Hadoop, storing that much data is within reach. And with event stream processing, analyzing all of your network activity on the fly – not after the fact – is possible too. Finally, with in-memory and visual analytics capabilities, you can see the unusual network patterns and react immediately. Of course, the system also sends out alerts and connects with your existing perimeter defense systems to notify security experts immediately.
You can learn more about the evolving nature of cyber threats in this interview with Security Intelligence expert Stu Bradley.