Sourcefire Roundtable discussion: Harnessing the power of big data to protect your networks

Written By:
Published:
Content Copyright © 2011 Bloor. All Rights Reserved.

Last week I was asked to attend a roundtable discussion on Big Data and network security. This is not my usual area of interest but the more I thought about it the more intrigued I was. We are experiencing a phenomenal explosion in the volume of data that is being created, and as the data volume grows so the nature of that data evolves. Whereas a decade ago only a small proportion of the available data was personal or proprietary, now over 40% falls into those categories. The danger of such data is obvious. I have had a considerable sum taken from my online bank account by people who purported to be my bank and knew all of the details that should have been used to protect me, so I am very aware of this threat.

The Big Data story is intimately linked to rise of the Internet, and it is via the Internet that we leave the digital trail that describes increasing aspects of our personal and business life. Unfortunately most of us are rather lulled into feeling that we are safe in cyber space. We see ourselves as just a small cog operating in a big complex, and that we are fairly anonymous, so we should have nothing to fear. The truth is very far from this benign image that we hold. Sourcefire research indicates that there were nearly 300 million new pieces of malware were created last year, and that nearly 75% of them were attacks only seen on a single system.

So our thoughts at the roundtable were to gain a balanced perspective between the huge potential benefit that Big Data raises, in understanding customer behaviour, creating new niche markets, streamlining business operations etc. and the need to recognise that the very richness of the data that affords that potential also represents too tempting a lure to the unscrupulous.

Hackers are sophisticated, and the rewards are great, and there is a lack of a basic universal framework around identity management and security to protect us. The threat comes not just from technical malcontents, but also from national governments who sanction industrial and political cyber espionage and perhaps in terms of the scale, if not the severity of the threat, to commercial enterprises who create dummy personal accounts on social media sites to seed their message in what the users assume to be an open and genuinely representative forum for the free exchange of views.

Of particular concern, we felt, was the sheer persistence of data that is lodged in the Net, and the lack of recourse that exists to those who feel that they have been misrepresented. We have all heard the tales of how a great number of generation Y kids will have to reinvent themselves in order to escape their teenage past immortalised on Facebook, and only last week there was a radio article about an individual who was falsely accused of inappropriate behaviour on a social network that had seriously damaged his business and how no one was prepared to do anything about it. This led us to explore the very real danger that the Net and the Cloud with Big Data analytics have to open us up to a very sophisticated form of long-term fraud. We are all entrusting all of our details to these big bodies. They claim that it is all secure, yet they keep slipping out snippets of information that show that they cannot resist the temptation to snoop. So far it has been fairly harmless, like telling us just how many of us use the most popular passwords, but what if someone were to exploit that trust to just go that bit further into exploiting what they know about us?

An interesting line of thought was to look at what, to one group, is surplus data that could be disposed of with relatively careless handling as being of limited worth, but which may be of great use to another group to exploit.

What we all agreed was missing was a lack of awareness at all levels, from individuals through enterprises to governments, that there is a real need to protect identity and establish credentials by both sides in all transactions. If you look at how I was impacted by fraud the callers knew exactly how my bank establishes my identity but does not allow me to do the same to them, and having established their fidelity they then control the relationship and the dialogue.

So was our view just wholly one of buyer beware? Well, actually, we felt that the tools do exist to deploy the techniques of the Big Data analytics to identify and protect with as much ability to generate fresh insight, as is true in the marketing domain. Through sentiment analysis a sense of who are likely to be seen as a target can be discerned. Using forensic analysis of digital trails the paths and behaviours of the would-be attacker can be identified. Statistical analysis can filter out the false positives, enabling the subset of the most likely attacks to be presented to the security analyst, not only reducing the volumes they have to deal with, but also providing a full range of supporting data to assist in their analysis. We felt that the threat to national security, the threat to brand value of commercial enterprises and the danger of the violation of personal identity are becoming far higher up the agenda of everyone and resources will be diverted into security.

Clearly Sourcefire are already at the forefront of thinking in this area and that is highly commendable. People will find that they can provide a valuable leg up to overcome the perceived barriers to knowing where to start on what, at first sight, appears a challenge of unprecedented scale and complexity. I found the afternoon very challenging and thought provoking, an interesting time awaits us all!