BI: Applying Intelligent Solutions To Advanced Threats
By Stefanie Hoffman
All you have to do is glance at the headlines to know that security threats aren’t just becoming more pervasive, they’re becoming smarter and more sophisticated. These days, cybercriminals are tailoring slippery, highly mutated attacks designed to dodge most security solutions, and sit silently undetected on users’ machines.
In recent months, the threat landscape has been graced with high-profile Advanced Persistent Threats such as banking Trojans Gauss and Tilon, as well as cyberespionage talent Flame, infused with stealth capabilities that include recording audio conversations, capturing screen shots and evading an army of security solutions.
And those are just the threats that make headlines.
Many traditional security solutions, such as antimalware, firewalls and other threat detection mechanisms do their best to detect and stave off increasingly sophisticated attacks.
But let’s face it—they’re still getting by, and by all reports, continue to rise. In other words, they’re beating us at our own game.
The solutions aren’t obvious, and often they are as complex as the threats themselves. But as attacks become more intelligent and adaptive, so too should the solutions.
That said, it’s likely not a coincidence that business analytics market grew roughly 14 percent in 2011, and is predicted to experience a CAGR of 9.8 between now and 2016, where it will top off at around $50.7 billion, according to IDC.
And some of the biggest drivers, according to the research firm, are “Compliance, security, fraud detection, and risk management requirements are driving demand for software ranging from reporting tools to analytic applications,” according to the report.
To that end, Security Information and Event Management solutions have long since attempted to leverage business intelligence by collecting and analyzing log data.
But now more than ever there’s a growing trend that leverages business intelligence for other facets of security. And here’s why: As threats become more intelligent, solutions have to follow suit. And security becomes less about point solutions, or even architecture and smart policies. It becomes about finding actionable security-oriented data that can help organizations make better decisions about their risk environment and security posture.
That in turn will help organizations make more informed infrastructure investments and cost-related decisions that can keep their most valuable assets from being compromised.
The data is often readily available. CIOs and other IT professionals easily have access to firewall and SIEM logs, IDS events, policy violations, threat incidents and activities, suspicious behaviors and event attempts at intrusion.
Yet, as is often the case with most data, it is often unorganized and incomprehensible. And all too often, pertinent or valuable data is often unrecognizable and thus dismissed along with scads of extraneous information.
If relevant data is overlooked in a business context, an organization might miss sales opportunities. Overlooked threat information can leave organizations vulnerable to malicious attacks that steal intellectual property, compromise the network and put the company’s reputation at risk.
Thus, applying business intelligence to threat data will help filter what threat information is actually relevant to an organization—what represents actual risk and what can be ignored. From there, BI also helps organizations assign value to information assets—a necessary step in creating risk-based security policies.
But more than that, business intelligence helps obtain timely information about vulnerabilities, allows security professionals to accurately assess and evaluate threats, easily detects and alerts users to anomalies or suspicious behaviors, illuminates remediation opportunities and appropriate responses.
For more news and information on how mobile BI could impact your business, visit the IBM Cognos TechTalk Intelligence Center. It’s as dynamic as the data, applications and processes it serves to advocate. We encourage you to check it out today by clicking here.