The Ponemon Institute has released the Big Data Cybersecurity Analytics Research Report and it shows that traditional layered security systems are failing to protect “from the 1000 arrows” fired – some get through.
Ponemon’s study covered 592 IT security practitioners that had already built some form of big data analytics – so its results are skewed to that extent.
“The data pouring into enterprise environments holds valuable information that can be used to identify and mitigate threats, but in many cases, it is simply too overwhelming to extrapolate anything useful from,” said Dr Larry Ponemon, chairman, and founder of the institute. “Not only does this first-of-its-kind report show that organisations know they have the information needed to stand up against advanced threats, but it also reveals that when data is used in conjunction with the right analytic tools that it can be used to reduce risk across their organisations.”
It found that organisations using analytics to identify departures from known good behaviour are 2.25 times more likely to identify a security incident within hours or minutes. Those using Apache Hadoop found significant advantages to analysing cyber security incidents.
- 72% said big data analytics played an important role in detecting advanced cyber threats;
- 72% said it is impossible to get ahead of advanced threats using big data analytics with traditional technologies; and
- 65% said big data analytics are essential to creating and ensuring strong cyber security postures.
Heavy users of big data analytics have a higher level of confidence in their ability to detect cyber incidents than light users. On 11 common cyber threats, the biggest gaps concern the organisation’s ability to detect advanced malware/ransomware, compromised devices (e.g., credential theft), zero-day attacks and malicious insiders. The smallest gaps concern denial of services, web-based attacks and spear phishing/social engineering.