1(630)802-8605 Ravi.das@bn-inc.net

Since I did not get a chance to blog the last two business days, I thought I would throw in a weekend special blog to make up for it.  This blog deals primarily with what is known as “Business Analytics”.  Specifically, it can be defined as follows:

“Business analytics (BA) refers to all the methods and techniques that are used by an organization to measure performance. Business analytics are made up of statistical methods that can be applied to a specific project, process or product. Business analytics can also be used to evaluate an entire company. Business analytics are performed in order to identify weaknesses in existing processes and highlight meaningful data that will help an organization prepare for future growth and challenges.”

(SOURCE:  https://www.techopedia.com/definition/344/business-analytics-ba).

Based from the above definition, one can see that it has a lot of commercial applications, especially in the field of market research and gauging customer responsiveness to new products and services. But believe it or not, it too has applications in the world of Cyber security.  This is the focal point of this blog.

The Wave of the Future-Security Analytics

This is the science of analyzing extremely large security datasets in real time, thus allowing for the very quick and extremely accurate revelation of the hidden trends which reside in them.

With the ability now to conduct such types of very sophisticated research, IT teams can now predict future Cyber based threats based upon these variables:

  • The timing of a Cyber based attack;
  • The specific sequences of such instances and occurrences;
  • Any discernable differences which have been gleaned from the security datasets;
  • Plotting the trends of risk and Cyber attacker behavior in real time.

Apart from this, Security Analytics can also be used by the IT staff to even find the root cause of any type or kind of security breach (or breaches) which may occur.

Also, predictive models can be created to build the profiles of future Cyber-attack vectors and comparing them to baselines of normal behavior in order to establish the appropriate risk level.

One method that is currently being used is that of Machine Learning.  This is a process where building predictive models is fully automated, and specialized mathematical algorithms are used to literally comb through all of the security datasets in order to iteratively “learn” from it.

From here, any hidden insights can be discovered, because these algorithms have not been programmed to look at a specific time period, rather they look at the entire time frame.

In fact, other threat intelligence tools can be implemented into them as well, thus providing a comprehensive view of what the threat landscape will look into the future.

Although the benefits of using Security Analytics is enormous, there is one huge potential downfall to using such a system:  It can be very expensive not only to procure, but it can quite cost prohibitive to maintain as well.

For example, large amounts of computing resources are required. This includes more memory and disk space, extra CPU processing power, etc.

Also, the attack profiles left by a Cyber attacker are very covert in nature, and thus, it may take the Machine Learning system a series of iterations in order to discover them at first.

The Four Business Use Cases of Security Analytics

There are four main areas where Security Analytics will prove to be the most useful for a business or a corporation:

  • Reduction in the Mean Time to Detect (“MTTD”) a Cyber-attack:

Security Analytics can be used to predict, under certain conditions, when an attack is imminent.  This will give the critical time needed in order for the IT staff to beef up its layers of defense.  Of course, there will always be that chance that such an attack may never even happen but undertaking this process will enforce and yield a much more proactive security mindset in the long term.

  • Greatly enhancing the level of Internal Security Monitoring:

There is a common misconception that security threats can only come from the external environment.  For example, take the case of ABC Corporation.  It has fortified its layers of security to thwart off any future Cyberattack which can from the outside.  But in doing so, the management team has neglected of what could perhaps be the weakest link in the chain:  Those security threats which can exist in the internal environment of a business or a corporation.  Security Analytics can also be used to detect and prevent these risks as well, which is also known as “Internal Security Monitoring”.  For example, the mathematical algorithms can be programmed (coupled with the usage of Penetration Testing techniques) to detect any hidden vulnerabilities from within the IT infrastructure itself, and determine which threat poses the most risk to a particular IT asset.

  • Assist in IT Asset Configuration Management:

Apart from detecting threats and risks, Security Analytics can also be used to help ascertain the most effective deployment and optimization of IT assets across a businesses’ or a corporation’s entire internal network.  For example, it can be used to help answer some of these questions:

*Which of the physical servers can be moved to the Cloud in order to streamline the flow of network traffic?

*What is the longest period of time that a business or a corporation can withstand if a     certain part of its network      went down?

*Are there any legacy IT assets which can be taken down from the internal network?

4)   The Management Team has a much better understanding of what is going on:

Many C-Level Executives often complain that they are the last ones to be kept in the loop on        what the threat landscape looks like. But, with the use of Security Analytics, this is no  longer   the case.  The management team can now be kept apprised of what is going on in real  time.  Thus, they will be able to answer these kinds of questions and more:

*What is the overall risk level that we face?

*How prone are we to a major Cyber based attack?

*How quickly can we restore operations at the back up site if the primary systems are                                     impacted by a major security breach?

*What will be the most cost-effective way to reduce our overall risk level?

Conclusions

As it has been discussed, the use of the present Security tools is simply not enough to thwart off any Cyber based attacks.  Businesses and corporations must analyze their datasets in real time in order to predict what could happen in the future.

This is where the role of Security Analytics will come into play.  But, despite the promise that it holds, experts are warning not to rely on it solely in order to fortify the defense perimeters of a business or a corporation.

This is due to two reasons:

  • The sheer volume of online IT assets is growing at an exponential rate, and the data which is needed to account for them is also evolving even quicker;
  • The Cyber hacker of today is becoming very sophisticated in terms launching covert attacks through using a Cloud Computing infrastructure.

As a result, it is predicted that the use of Artificial Intelligence, especially in the way of Neural Networks, will be needed in order to keep up with analyzing and interpreting all of these huge security datasets in real time.