Digital Transformation
cancel
Showing results for 
Search instead for 
Did you mean: 

Slow-moving attacks are hard to detect. How can you take action before it’s too late?

HPE-SW-Guest

adversary ecosystem.JPG

By Gerben Verstraete

 

Gerben Verstraete works in the CTO office of HP Software Professional Services, focusing on BSM and the transformation of IT operations.

 

Most security tools today are still in their infancy, focused on what’s happening now while the cyber-criminals have evolved in the way they operate. Most tool sets are very good at spotting intruders trying to get through the firewall or trying to execute a cross-site script in an application. But they aren’t designed to pinpoint attacks that take place over the course of weeks or months. Detecting these slow-moving threats calls for tools that can analyze massive quantities of data and then visualize that data to reveal trends. To figure out what’s going on, you need to look at data streams and find the outliers.

 

For example, we’re working with a manufacturer on statistics and visual modeling of trends over time. First we have them establish a baseline and understand what normal traffic looks like. Then they can see where deviations are.

 

According to a recent Ponemon Institute cyber crime study, the average annual cost of a data breach in the U.S. is $11.56 million. And, the time it takes to resolve an incident has increased by 130 percent over the past four years. You need big data to uncover these attacks, because the machine data you’re dealing with is so huge you’re never going to see the patterns without it.

 

Use big data analytics to surface trends

Everybody captures tremendous amounts of machine-generated data. We know the data provides information, but we don’t know what to do with it and what we can get out of it. This is the “dark data” that enterprises are finally able to make use of thanks to big data technologies.

 

converged security approach can help. To spot intrusions, you need to continuously monitor your environment and leverage big data analytics to perform:

 

  • Statistical modeling. Use statistical equations to develop historic baselines for network, user, and system activities. Identify and isolate subtle variations in these activities that may require further investigation.
  • Sentiment analysis. Monitor the sentiment value (happiness and other emotions) of email and social media communications related to individual users. You can identify users with negative and emotional communications for closer monitoring.
  • Fraud detection. Use predictive modeling to identify high-risk users who might commit fraud.
  • Visual modeling. Rapidly identify communication channels between users or systems using visual relationship modeling.
  • Data exploration. Understand the full scope of a security breach based on data captured, through visualization and reporting.

 

By looking at data over a longer duration, e.g. months, and scanning for trends, you can identify attacks such as slow port scans and DNS attacks. In a port scan, hackers can ping ports to find out the port status and possibly find out a host’s operating system and other information that could aid in a future attack.

 

In the case of a DNS hack, intruders will first scan inside the firewall, and then extract data through false DNS creations, in small spurts. If the intruders happen upon a repository of intellectual property, they won’t extract the IP in just hours. Instead, over time they’ll extract it using different entities that they find through DNS. To security, these actions look trusted.

 

To find these insidious threats, you need to analyze terabytes of data and use visualization tools to spot the trends. You can’t see these kinds of activities from a spreadsheet. But if you put your port scan data into a Hadoop environment and use a platform such as HP Vertica to run analytics against it, you can start visualizing the trends that allow you to find DNS intrusions you’d otherwise miss.

 

Visual traffic patterns help you stay one step ahead

To help enterprises recognize threats when they visualize data, HP Labs has developed a number of patented traffic patterns. When used in conjunction with the HP HAVEn Big Data platform and integrated data visualization tools, the patterns can help you catch intruders in the act before they can jeopardize your company’s data and reputation.

 

To learn how you can put big data analytics to work in your environment, read this service brief on the HP Converged Security & Continuous Monitoring Workshop.

                                                                                                                                                                                

Gerben Verstraete works in the CTO Office with HP Software Professional Services, a role which includes defining implementation strategies for global Fortune 500 customers. Mr. Verstraete is also responsible for the go-to-market services strategies for HP’s Software services & solution portfolio inclusive of Data Center Transformation and in particular the transformation of IT Operations. He regularly leads critical client engagements acting in CIO and VP/IT strategic advisory roles.

 

Related links:

                       

  • Digital_Transformation
About the Author

HPE-SW-Guest

This account is for guest bloggers. The blog post will identify the blogger.

Comments
harishrahman

 

The info you have shared is wonderful and it is very much beneficial for people like me who are always looking to update themselves

Jim Libersky

Gerben,

That is great but you did not include one important aspect. REAL TIME at the EDGE.  The intelligence has to be at the Edge of networks or aggregation points/entrance and exit points.  Using Cloud based analytic services are subject to Man-In-The- Middle and time will not cut it. Inspection, Analytics, and reaction will have to be in the microsecs range.

 

Barrier1 does that 

 

Jim Libersky

Barrier1

763-230-1041


HPSW-Guest wrote:

adversary ecosystem.JPG

By Gerben Verstraete

 

Gerben Verstraete works in the CTO office of HP Software Professional Services, focusing on BSM and the transformation of IT operations.

 

Most security tools today are still in their infancy, focused on what’s happening now while the cyber-criminals have evolved in the way they operate. Most tool sets are very good at spotting intruders trying to get through the firewall or trying to execute a cross-site script in an application. But they aren’t designed to pinpoint attacks that take place over the course of weeks or months. Detecting these slow-moving threats calls for tools that can analyze massive quantities of data and then visualize that data to reveal trends. To figure out what’s going on, you need to look at data streams and find the outliers.

 

For example, we’re working with a manufacturer on statistics and visual modeling of trends over time. First we have them establish a baseline and understand what normal traffic looks like. Then they can see where deviations are.

 

According to a recent Ponemon Institute cyber crime study, the average annual cost of a data breach in the U.S. is $11.56 million. And, the time it takes to resolve an incident has increased by 130 percent over the past four years. You need big data to uncover these attacks, because the machine data you’re dealing with is so huge you’re never going to see the patterns without it.

 

Use big data analytics to surface trends

Everybody captures tremendous amounts of machine-generated data. We know the data provides information, but we don’t know what to do with it and what we can get out of it. This is the “dark data” that enterprises are finally able to make use of thanks to big data technologies.

 

converged security approach can help. To spot intrusions, you need to continuously monitor your environment and leverage big data analytics to perform:

 

  • Statistical modeling. Use statistical equations to develop historic baselines for network, user, and system activities. Identify and isolate subtle variations in these activities that may require further investigation.
  • Sentiment analysis. Monitor the sentiment value (happiness and other emotions) of email and social media communications related to individual users. You can identify users with negative and emotional communications for closer monitoring.
  • Fraud detection. Use predictive modeling to identify high-risk users who might commit fraud.
  • Visual modeling. Rapidly identify communication channels between users or systems using visual relationship modeling.
  • Data exploration. Understand the full scope of a security breach based on data captured, through visualization and reporting.

 

By looking at data over a longer duration, e.g. months, and scanning for trends, you can identify attacks such as slow port scans and DNS attacks. In a port scan, hackers can ping ports to find out the port status and possibly find out a host’s operating system and other information that could aid in a future attack.

 

In the case of a DNS hack, intruders will first scan inside the firewall, and then extract data through false DNS creations, in small spurts. If the intruders happen upon a repository of intellectual property, they won’t extract the IP in just hours. Instead, over time they’ll extract it using different entities that they find through DNS. To security, these actions look trusted.

 

To find these insidious threats, you need to analyze terabytes of data and use visualization tools to spot the trends. You can’t see these kinds of activities from a spreadsheet. But if you put your port scan data into a Hadoop environment and use a platform such as HP Vertica to run analytics against it, you can start visualizing the trends that allow you to find DNS intrusions you’d otherwise miss.

 

Visual traffic patterns help you stay one step ahead

To help enterprises recognize threats when they visualize data, HP Labs has developed a number of patented traffic patterns. When used in conjunction with the HP HAVEn Big Data platform and integrated data visualization tools, the patterns can help you catch intruders in the act before they can jeopardize your company’s data and reputation.

 

To learn how you can put big data analytics to work in your environment, read this service brief on the HP Converged Security & Continuous Monitoring Workshop.

                                                                                                                                                                                

Gerben Verstraete works in the CTO Office with HP Software Professional Services, a role which includes defining implementation strategies for global Fortune 500 customers. Mr. Verstraete is also responsible for the go-to-market services strategies for HP’s Software services & solution portfolio inclusive of Data Center Transformation and in particular the transformation of IT Operations. He regularly leads critical client engagements acting in CIO and VP/IT strategic advisory roles.

 

Related links:

                       


 

Labels
Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all