Originally published by DataQuest
It would not be an over statement to say that widespread cyber attacks crippling global businesses has become the new normal. The speed and scale of the recent ransomware attacks and cyber-security breaches have taught us one important lesson. Threat detection and mitigation will be the key to SOC (security operations center) teams. But how do we get there is the moot question? Before throwing up possible answers to this question, it is pertinent to look at the crux of the problem – why have enterprises been unable to combat the breaches?
The deluge of data and enterprises’ move to leverage Big Data technologies to store and analyze data for insights also brings in lot of risk. With the huge amount of data flowing in from multiple sources like sensors (as part of IoT systems), digital footprint, attackers can stay under the radar and remain undetected. More data, more risk, it is as simple as that. As businesses embark on the path of improved customer experience via product innovation, the rate and volume of the streaming data means they are unable to piece it all together.
Existing solutions to fight cyber attacks are also inherently complicated. Consider this, enterprises count on security information and event management (SIEM) software, search and log management systems, forensics and threat intel platforms endpoint management software. But this leads to a siloed view with the cumbersome requirement of mechanical monitoring of multiple dashboards. In such a scenario, it becomes nearly impossible to detect any breaches that are becoming more complex by the day. Cyber criminals are aware of this siloed approach and thus they can remain under the alert detection algorithm.
Massively scalable platforms are the need of the hour as the volume of traffic increases to unprecedented levels coupled with IoT led and diversity of devices on a network. The humongous volume of network data that enterprises need to process putting pressure on software products that use a traditional rules-based approach. Enter the next generation of SIEMs run on big data architectures and built ground-up.
Clearly, SOCs need a unified or single real time view considering the data deluge that needs to be processed and analyzed. So then, what are the answers to this question? Open source, community-oriented approach built upon proven scalable technologies is the answer. Such technologies will provide not only scale but also enable enterprises to solve their cyber security challenges effectively. Machine learning, automation and real time enrichment of all data would be the key components of such technologies that can be scalable in response to modern day cyber attacks. In such a scenario, enterprises can analyze threats faster, capture data at lower costs and fight emerging cyber security challenges at scale.
Another approach being propagated is do-it-yourself where-in one writes their own programs to analyze data. But a community that works together to fight the cyber attacks is always a better option. One such effort is being made by the Apache Software Foundation, that is working on Apache Metron, a big data cyber security application framework that enables a single view of diverse, streaming security data at scale to aid security operations centers in rapidly detecting and responding to threats. Then there is also the open source ELK stack by Elastic.
To conclude, technologies tools of yesterday will not help us combat the rampant cyber security challenges of today. As cyber crime evolves from simple phishing and email scams to sophisticated extortion rings, open source technologies that promote community driven approach will be the way forward. More importantly, a Big Data driven approach is of paramount importance.