My friend Aamir Lakhani, AKA Dr. Chaos, posted this blog recently on his website, www.drchaos.com. The topic is on combining big data analytics with software-defined networking in order to build anomaly-based detection and mitigation systems for internal networks.
In the blog, he discusses the reasons why traditional security doesn't work and why innovations are necessary. He argues that in cases where attacks cyber leverage legitimate applications, protocols and user credentials to gain unauthorized access, traditional security protections prove useless.
However, using advanced analytics, along with modern security tools, security teams can identify anomalous behavior even if the attacker has valid credentials. The key is establishing baselines and running a sophisticated analysis of large data sets.
As he points out, "Data science experts will tell you that no matter how often an abnormal behavior occurs -- whether it's one hundred times or just once -- it's still abnormal behavior and can be categorized once a baseline is established."
It's a fantastic read and very provocative. It ties back into our firmly held belief at RiskIQ that innovative detection methods are going to be the best defense for organizations, their brands, and their customers in the modern world. RiskIQ also leverages large data sets and data analytics as inputs into our technology to manage external threats. It is a key factor in ensuring we provide accurate and timely data, which we strongly believe can make the difference in protecting an enterprise profile online.
Aamir Lakhani is a leading security architect. He is responsible for providing IT security solutions to major commercial and federal enterprise organizations.
Lakhani leads projects that implement security postures for Fortune 500 companies, healthcare providers, educational institutions, and financial, media and government organizations. Lakhani has designed offensive counter defense measures for defense and intelligence agencies and has assisted organizations in defending themselves from active strike-back attacks perpetrated by underground cyber groups. Lakhani is considered an industry leader in support of detailed architectural engagements and projects on topics related to cyber defense, mobile application threats, malware, Advanced Persistent Threat (APT) research and Dark Security. Lakhani is the author or contributor of several books and has appeared on National Public Radio as an expert on Cyber Security.