In 2015, more than 700 million records were breached, according to security researchers at Gemalto. Combine this with a recent Juniper Research report – “Cybercrime and the Internet of Threats”, which anticipates the annual cost incurred from malicious data breaches will exceed $2 trillion in 2019; or 2.2% of the IMF’s forecast global GDP that year – and it’s clear we need to do something big to prevent cybercrime.
One of the keys to combating this lies in big data. As the amount of data we record and transfer has expanded, so have our techniques for mining that data for key insights that will give us a competitive and combative (in the case of cyber security) advantage.
However, until now those techniques have required massive investment in computational power and data scientist teams to drive the analytics. So clear insights have remained out of reach of all but the biggest companies. Hundreds or even thousands of data points simply aren’t enough to garner true analytics and trends – for that you need millions. Because of this, much of the promise of big data has so far remained unrealized.
Combining the power of data analytics, machine learning and cloud-based systems like our own MAX platform means that deep insights can be at the fingertips of even the smallest IT department or solution provider. We have encapsulated this in LOGICcards, which helps us perform analytics on the data gathered from more than 12,000 customers, 175,000 networks, 2,000,000 endpoints and 12,000,000,000 emails.
LOGICcards enables IT professionals to move beyond simply being able to look at what happened and focus on reducing reaction times (descriptive analytics), or even using past data to try and guess what might happen (predictive analytics). Instead, it enables them to focus on what is likely to happen and therefore what is the best course of action for an optimal outcome (prescriptive analytics).
Why is this so powerful in the battle against cybercrime? Simply put, the volume of data we’re analysing enables us to see patterns in areas such as attacks against organizations by any number of factors (including geographical area, size, vertical), alert our customers and advise them how to adjust our defensive strategies accordingly.
Machine learning is the cornerstone of this as it enables us to establish what a “normal” activity baseline looks like. The most important question to ask right from the start from a cyber security perspective is: “What is normal network, system, and user behaviour?” Once that is determined the algorithms then look out for anything that falls outside of this “normal”.
Machine learning can help us see the undetected, such as the information leak made possible by a stealth piece of malware that made it through the layered defences. We can see changes that indicate the possible presence of something strange and identify a problem.
Through this, and based on security posture, devices and threats, IT pros will be notified of potential security issues and compliance issues before problems arise, and they will be advised how to address them in the best way for their organization.
It doesn’t stop there. Imagine you are a large IT services provider; knowing what patch or update may break your customers’ systems before it’s applied could be a huge time saver. Alternatively, getting alerted to a change in legislation regarding an industry like healthcare that may need immediate action, could be crucial for your customers’ compliance. Machine learning can help give you the upper hand and deliver not only better security, but also consistent service. In time, the system will learn from yours and others’ actions. It will know what needs to be a priority activity – for example, three days with no backup at a customer site needs to be a top priority to fix – that’s something that can save the customer relationship if the worst should happen.
We are at the infancy of this technology, and as the algorithms used are refined and the data-sets become larger, predictions will become more accurate. Any IT pro will understand the power of taking a proactive approach to IT security, and this is the real game changer.
Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.
You can follow Ian on Twitter® at @phat_hobbit.