The focus is shifting and expanding, with respect to cyberthreat awareness and analysis. The more threat data you have to funnel into today’s filtering technologies, the better, because that provides more meaningful correlations of events that can help to find the needles in the massive threat event haystack. But event correlation is only a subset of what has to happen to improve our odds in dealing with threats, especially advanced persistent threats (APTs). Correlation, also referred to as data distilling, puts pieces together — x alert plus y alert in z order plus # occurrences, etc. With well-defined data fields and rules it is very effective, but it has to know exactly what to look for.
The expanded view needs to be broader and situational. It needs to incorporate conceptual awareness. It’s not a great example, but here goes… When arriving home from work recently (very late, of course), through the window I could see smoke in the kitchen. Instead of panic and a 911 call, I smiled. My brain instantaneously put all the data points together — smoke, company coming over that night, bag of apples on the table that morning, plus prior history. My wife’s famous apple pie had bubbled over in the oven (again). When put into context, I knew it was a very good thing.
Areas of contextual awareness related to cyberthreats could include intelligence on:
- Who might target you and their plans
- What’s normal and not in your environment
- Your implementation of new systems, Websites, domains, applications
- Product introductions
- Other breaches in your industry, community
Big-data technologies are going to play a huge role in going beyond (but not totally replacing) the human involvement that is the contextual factor. Linkages will be made by data mining and applying advanced analytics to the mountains of unstructured data. To beat the attackers, you need to think like one and find their anomalous patterns. If you think only like a victim, expect to be in clean-up mode (like my wife with her apple pie).
John Steckbeck is an Enterprise Strategist on Dell’s Large Enterprise marketing team, and is based out of Round Rock, TX. He has more than 25 years of experience in tech and is a subject matter expert on security and efficient IT.