What top IT concerns are keeping CEOs up at night? According to dozens of reports – at the top of the list is data security. What used to be solely the security department’s problem no longer persists. Today, C-level executives are carrying more of the burden when it comes to making sure their organization's assets are protected. As such, companies are investing more in new technologies like security analytics.
They’re also investing in highly specialized personnel, but are hamstrung by the fact that the ideal candidate must be able to handle big data, information security and related technical operations. Hence, these individuals are as rare as unicorns. If you doubt it, read the following job description and tell me if you know of anyone that fits this profile:
WANTED: Security expert with extensive knowledge of attack vectors and deep understanding of advanced persistent threats. Data preparation and statistical chops required. Must have the ability to code in several programming languages and be familiar with big data frameworks, including MapReduce, Spark, Hive and Pig. Ideal candidate will have successfully detected and prevented cyberattack(s) in a Fortune 1000 organization and have criminal investigative experience (FBI or Secret Service cybersquad or equivalent). Applicants should be able to demonstrate analytical reasoning and be prepared to infiltrate the mind of a cyber terrorist.
The reality today is, most security analysts are exactly what their titles suggest, experts in security. This particular role is of critical importance to any security team, but also comes with the added pressure of knowing how to solve an organization’s security challenges.
While it would be ideal to find someone who is both a security expert, and a data science expert with coding expertise, finding a specialist who’s mastered one of these skill sets is on its own no small feat.
Today’s cyber attacks are increasing in sophistication and stealth. Malicious parties can infiltrate an organization’s network and rest undetected for weeks, months, even years, without raising a red flag. If targeted attackers have any virtues at all - patience tops the list. Because cyber criminals are willing to wait and collect sensitive information over time, rather than execute a flash attack, security analysts need to be able to identify and visualize user and activity patterns spanning longer periods of time.
Understanding what “normal patterns” look like in a simple way enables security analysts to connect the dots at a higher level in order to detect important anomalies. Without the skills and tools to transform security analysts into entry-level data scientists, this is easier said than done.
When security teams ask the right questions about big data, coupled with effective analysis, they can easily detect attack sequences and better understand the business impact on the entire organization. Security analytics tools that support these investigative workflows must deliver data science expertise and coding (MapReduce/Spark/Storm/Hive/Pig) expertise in order to be relevant against today’s modern attacks.
Teams armed with these all-encompassing tools can take their security domain expertise to the next level to analyze security incidents, detect root causes and uncover large attack vectors before high-value data can be exfiltrated. Security analysts looking to defend against modern threats through the use of big data analytics and discovery must be able to do the following:
● Ask a lot of questions and get quick responses: Security analysts must conduct security investigations based on hypothesis and suspicion. They need to be able to ask as many questions as necessary, receive fast responses and quickly pivot their investigations based on these answers.
● Derive insights on petabytes of data: Given that a typical data breach timeline is 243 days, security analysts need to detect anomalies and patterns going back as far as 12 months – which requires analyzing petabytes of data.
● Identify the sequence of an attack: Security analysts need to analyze data surrounding incidents in order to identify anomalies and patterns that are out of the norm. By factoring in IT, user and business application data as context, analysts can more accurately reach a conclusion on the impact of the security incident.
● Translate security incidents into business impact: Security analysts need a centralized view of IT, user, business application and security event data. Multi-structured data must live in a single repository, and be transformed and correlated so that the outcome of security investigations is about business impact.
While the security analyst “unicorn” described in our fabricated job description may not exist, a security analyst with deep domain expertise who’s armed with the right big data analytics tools can come close to matching the talent of this mythical creature. Bolstering a security team with a fully equipped security analyst will enable organizations to obtain a complete picture of the network, and current security risk, to more quickly detect, mitigate and respond to targeted attacks.
(About the author: Peter Schlampp is a vice president at Platfora whose focus is on big data).
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access