Using big data analytics to secure the enterprise

Big data analytics is a definite must have for enterprise corporations that want to protect their resources from today’s more complex attacks, according to the a security solutions manager at Cisco  Systems Inc.

As attackers continue to up their game and employ more sophisticated methods, companies need to “make big data part of their technical security strategy,” Pablo Salaza, manager of Cisco’s (NASDAQ: CSCO) security posture assessment team, wrote in a recent blog.

He cited a recent report from the Breach Level Index, a centralized global database of data breaches, which indicates that from July to September this year, an average of 23 data records were lost or stolen every second. That’s close to two million records every day.

“Given this stark reality, we can no longer rely on traditional means of threat detection,” wrote Salazar. “Technically advanced attackers often leave behind clue-based evidence of their activities, but uncovering them usually involves filtering through mountains of logs and telemetry. The application of big data analytics to this problem has become a necessity.”

To address this situation, Cisco has made available an open source security analytics framework called OpenSOC.

The OpenSOC framework helps organizations fold in big data into the security strategy by providing a “platform for the application of anomaly detection and incident forensics to the data loss problem,” according to Salazar.

OpenSOC integrates elements of the Hadoop ecosystems such as Storm, Kafka and Elastisearch, he said. It serves as a scalable platform for adding capabilities like full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search and telemetry aggregation so that security analysts can detect and respond faster to advanced threats.

Salazar said that during a breach, security analysts need to take the following steps:

  1. Review reports from a security incident and event manager (SIEM) and run batch queries on other telemetry sources for additional context
  2. Research external threat intelligence sources to uncover proactive warnings to potential attacks
  3. Research a network forensics tool with full packet capture and historical records in order to determine context

Using traditional techniques, searching and analyzing data can take anywhere from a few minutes to several hours. The longer it takes the more potential there is for greater damage.

OpenSOC was designed as a single tool that will help analysts sift through the unstructured data in a focused manner without wasting precious time, according to Salazar.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now