This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Cybersecurity experts are excited about big data because it is the “crime scene investigator” of data science. If your organization is hacked and customer information compromised, your use of big data to collect massive amounts of information on your systems, users and customers makes it possible for data analysts to provide insight into what went wrong.
But while big data can help solve the crime after it occurred, it doesn’t help prevent it in the first place. You’re still left cleaning up the mess left behind by the breach: angry customers, possible compliance issues with data privacy standards like HIPAA and PCI DSS, maybe even government fines and class-action lawsuits.
This is where big data fails to meet its big promise: when it is employed aftera data breach happens. As the old saying goes, “Hindsight is the best sight.” Big data, when utilized after a cyberattack, certainly gives you that. However, what it doesn’t give you is the ability to realize that a breach is happening, or is about to happen, and stop it before massive damage is done. Because of this, big data, when used in a vacuum, will not secure your systems, your business, or any of your sensitive information.
Big data cheerleaders will say you can use this hindsight to fix the problems that let the hacker into your system in the first place. After all, since you know what went wrong, you can patch your system so that it doesn’t happen again, right?
While that may be true – you may be able to prevent that specific problem from happening again – cybersecurity simply doesn’t work that way. The threat landscape is dynamic, with new technologies, and thus, new vulnerabilities, emerging every day.
Additionally, hackers are like any other criminal: They are savvy, adaptable, and know how to play on human nature. They’re always going to find your weaknesses – and your biggest weakness is your own people, your trusted employees. Most hackers don’t break into systems through the back door. They get their hands on legitimate login credentials and, essentially, walk right in the front door.
So, in most cases, big data analytics will reveal hackers accessed your system by logging into Server X using an employee password they stole through a social engineering scheme, such as phishing email. (Or, worse yet, the credentials may have been handed to them by a malicious insider.)
With this new insight, you may decide to provide training for your employees on cyber security best practices, such as how to spot a phishing email and the dangers of clicking on suspicious links. Employee cybersecurity training is essential, and it will help keep your systems safer, but it’s not a panacea.
Humans are fallible. They make mistakes when they are tired, distracted, or in a hurry to get something done. Additionally, no amount of training will stop a malicious insider – a disgruntled employee, ex-employee, or contractor who is determined to strike back at the company or make a quick buck selling confidential data on the Dark Net.
Thankfully, there is a solution: machine learning, a cutting-edge technology, built upon mathematical algorithms that learn and update in real-time, that enable computers to learn without being explicitly programmed. This is the same technology that powers self-driving cars, and it is the single most powerful weapon we have against hackers.
Machine learning provides the protection that big data analytics lack. Instead of figuring out why a breach happened after the fact, machine learning can identify a data breach as it’s happening, or about to happen, and trigger a system alert to shut the breach down before any real damage is done.
Machine learning technology not only makes sense of big data; it can analyze it and extract insight from it far more quickly than a human or even a team of humans ever could. Because of its predictive capabilities, it can be proactive instead of reactive. In real time, machine learning technology can flag a hacker who is using stolen credentials and stop them from getting into your system.
This technology is not baked into the network - but rather baked into the application/data. This cognitive defense shield is surveilling every login to an application and watches every move the human using the login ID makes within the application to confirm that the 'behavior' of this login session for this userid is within the normal parameters or baseline behavior for that userid.
For example, the algorithms may notice an employee’s credentials are being used from an offsite location, that the employee is attempting to access a part of the system they do not need to perform their job, or that a login attempt is occurring in the middle of the night. Because the machine learning technology has analyzed the employee’s normal computer usage and established a baseline pattern, it can recognize that a particular login attempt is not normal and potentially dangerous, and it will lock that user out until your IT staff can investigate the situation.
Machine learning gives you immediate, critical, actionable insight into your user data; it provides you with the real-time protection that big data analytics cannot. Machine learning is the best way to secure your systems because it is constantly learning what is normal and what is not, and it can act on this information right away, before a hacker gets into your system and steals hundreds or thousands of records.
The technology is here now, already deployed, already catching criminals stealing sensitive data and delivering early alerts on data breaches and privacy violations. This cyber security technology is the future of high-performance solutions that protect the data. So, if big data is a crime scene investigator, you could say that machine learning is a cop on the beat: protecting your system against cybercriminals, enforcing the law, and stopping crimes in progress.
Varughese is President of Cognetyx (www.cognetyx.com), the world’s first “Ambient Cognitive Cyber Surveillance” to help safeguard data. Cognetyx uses advanced machine-learning artificial intelligence to detect rogue and malicious users.